Using Anti-Spam and Mail

Introduction to Anti-Spam and Mail Security

The relentless and unprecedented growth in unwanted email now poses an unexpected security threat to the network. As the amount of resources (disk space, network bandwidth, CPU) devoted to handling unsolicited emails increases from year to year, employees waste more and more time sorting through unsolicited bulk email commonly known as spam. Anti-SpamClosed Check Point Software Blade on a Security Gateway that provides comprehensive protection for email inspection. Synonym: Anti-Spam & Email Security. Acronyms: AS, ASPAM. and Mail provides network administrators with an easy and central way to eliminate most of the spam reaching their networks.

Mail Security Overview

Anti-Spam

The Anti-Spam functionality employs unique licensed technology. Unlike many Anti-Spam applications that rely on searching for keywords and a lexical analysis of the content of an email message, Check Point Anti-Spam identifies spam by analyzing known and emerging distribution patterns. By avoiding a search for key words and phrases that might classify a legitimate email as spam and instead focusing on other message characteristics, this solution offers a high spam detection rate with a low number of false positives.

To preserve personal privacy and business confidentiality, only select characteristics are extracted from the message envelope, headers, and body (no reference to actual content or attachments are included). Hashed values of these message characteristics are sent to a Detection Center for pattern analysis. The Detection Center identifies spam outbreaks in any language, message format, or encoding type. Responses are returned to the enterprise gateway within 300 milliseconds.

Once identified, the network of spam generating machines is blacklisted. If the network changes its behavior, it is removed from the black list.

Adaptive Continuous Download

To prevent delays, Adaptive Continuous Download starts delivering the email to the recipient while Anti-Spam scanning is still in progress. If the email is designated as Spam, it is flagged as spam before it is completely transferred to the recipient. Both the SMTP and POP3 protocols support Adaptive Continuous Download for the entire email message.

Configuring Anti-Spam

Configuring a Content Anti-Spam Policy

Configuring an IP Reputation Policy

This window enables IP reputation, an Anti-Spam mechanism that checks the IP address of the message sender (contained in the opening SYN packet) against a dynamic database of suspect IP addresses. If, according to the IP reputation service, the originating network has a reputation for sending spam, then the spam session is blocked at connect time. This way, the IP reputation feature creates a list of trusted email sources.

Configuring a Block List

You can configure a list of email sources to block according to the sender's name, domain name, or IP address.

Configuring Anti-Spam SMTP

SMTP traffic can be scanned according to direction or IP addresses.

Configuring Anti-Spam POP3

Configuring Network Exceptions

An Anti-Spam policy can be enforced on all email traffic or only on traffic that was not deliberately excluded from the policy.

Configuring an Allow List

You can configure a list of allowed email sources according to the sender's name and name, or according to the IP address.

Selecting a Customized Server

You can select an alternative Detection Center for Anti-Spam analysis.

Bridge Mode and Anti-Spam

If an UTM-1 appliance is configured to run in bridge modeClosed Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology., Anti-Spam is supported providing that:

  • The bridge interface has an IP address

  • The bridge interface has a default gateway

Configuring a Disclaimer

You can create your own custom disclaimer notice.

Anti-Spam Logging and Monitoring

Anti-Spam logging and monitoring options are available in the Logs & Monitor view in SmartConsole.

Logs derived from Anti-Spam scanning are sent to Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server., and show in the Logs & Monitor > Logs view. In the Logs & Monitor view, you can see detailed views and reports of the Anti-Spam activity, customize these views and reports, or generate new ones (see Threat Analysis in the Logs & Monitor View).