The Jez McKinley Wiki

No

 Name
 Purpose

1

 friends list (white list)
 Customer can specify own list of companies to be excluded from spam checking (but not from virus checking etc)

2

 closed relay host
 As Mailwall Remote servers are the only ones that are supposed to deliver mail to the customer, traffic can be denied from any other hosts - this is because many servers are broken into only to send spam from them, so if it is not necessary for customer’s servers to be visible to everyone, they should not be.

3

 HTML parser
 The content analyser accurately reads HTML content, extracting text, images etc

4

 HTML stripper
 As many spammers try to obscure real message with unnecessary or meaningless HTML tags, the HTML stripper automatically removes all of them to read the basic text behind

5

 SPAM dictionary
 looks for most common words typically included in junk mail – Nigerian scams, Viagra advertising and so on

6

 hyperlink dictionary
 While certain keywords are perfectly OK to be included in the message itself, they are highly suspicious if they form a part of a hyperlink given in the message body - for example while word "adult" on its own in the message body does not justify blocking it, it is a different story if it appears as part of a hyperlink - for example message "come to my web site http://www.mega-adult.com" is highly suspicious

7

 reverse site lexical content analysis
 As many spammers are wary of lexical analysers, many "viagra" or adult spam do not include any suspect words in the message itself - instead - the message itself is a rich HTML content displaying some web site, or it invites to visit a web site, for example "hi this is Sandy, come see me web site at http://195.72.34.123". While such messages require user to click on a link, they frequently pass most of spam scanners as there is nothing suspicious in what the user sees when they receive the message …. until they click on the link!

8

 regular expression engine
 Considerable number of spammers try to avoid lexical filters by trying to spell words incorrectly or replace characters in order to bypass lexical scanners, for example word viagra can be spelled V1agr@, v.i.@gra and so on.  The regular expression filter looks at mathematical keyword matrix and so will intercept such tricks

9

 spam type classification
 Mailwall Remote can distinguish between various types of spam: viagra, adult, mortgages and so on – and these can be labelled automatically.

10

 Reverse domain lookup
 Domain of the sender can be checked for a valid MX record or the system can check if the record exists

11

 ImageTrap?
 ImageTrap? scans image attachments - it uses Omniquad ImageBank? system to classify images as pornography, adult, jokes, nudity, advertising and neutral content (neutral content is everything else that is not a concern in e-mail content screening - for example portraits, landscapes, technical and so on). Omniquad ImageTrap? guarantees 99% accuracy in image content classification

12

 IP geo-location
 Mail coming from some countries is much more likely to be spam than others.  For example, a considerable proportion of spam comes from China.  While these are not automatically blocked it causes the filter to be extra diligent when classifying the message content 

13

 third party real-time black hole lists
 Mailwall Remote queries IP address of each message against spammer IP listing web sites (black holes).  The number of black holes used can be unlimited but in real life varies from 4 to 12 and is changed often by Mailwall Remote operations staff according to our own criteria.  Any customer can additionally add their own preferred black lists

14

 weight system
 Each aspect of a message may increase the likelihood of it being spam (some elements more than others). Appropriate weight is therefore given to keywords, hyperlinks, OCR, source country and so on

15

 customer's managed blocked IP addresses
 Customer can prevent any IP address from sending them mail – note that Omniquad SPAM complaint service is a much more efficient way of dealing with unwanted messages

16

 customer's managed blocked domains or senders
 Customer can prevent any domains or sender from sending them mail - note that Omniquad SPAM complaint service is a much more efficient way of dealing with unwanted messages

17

 Customer’s managed keywords
 Customer can enter own keywords to block - note that Omniquad SPAM complaint service is a much more efficient way of dealing with unwanted messages

18

 Omniquad spam complaint service
 Special spam complaint address is given to each customer (for example spam@omniquad.com) - customer's users can simply forward any spam that slips through the service to this complaint address - dedicated spam filtering staff in one of Omniquad Operation Centers will automatically add sender's IP information to Omniquad black hole plus report the spammer to their ISP.   Depending on spam type, new classification can be made by Omniquad and information on detection added to Omniquad filters

19

 deletion, rejection, quarantine or tagging
 Spam can be deleted, rejected, quarantined or tagged.  If a message is tagged, its subject is simply changed for example a message with subject "Buy it now" has it changed to "[SPAM] Buy it now".  So users immediately see spam in their email address list and can configure their own outlook preferences to put all SPAM in their spam-trash folder. Tagging spam is a good solution to effective filtering yet nothing is blocked, but as such it may not be the suitable option for all customers.

20

 Fraudulent Mail Detection System (optional)
 UK-first – and to our knowledge - only -  anti-fraud detection system. FMDS looks at messages from PayPal? and major UK high street banks and checks if any hyperlink in these messages points elsewhere than what it says on the hyperlink itself - it is therefore capable of detecting scam attempts of extracting credit card details from banking customers (http://news.bbc.co.uk/1/hi/business/3217485.stm, http://news.bbc.co.uk/1/hi/business/3214751.stm, http://news.bbc.co.uk/1/hi/business/3211635.stm). The system then sets a warning flag so the message can be checked by our fraud staff, or the message can be automatically tagged with a warning to the end user.  Note this is a new system - it is not guaranteed to pick up 100% fraud attempts but it will detect a significant proportion that would not be otherwise picked up by any anti-spam system.  The scam attempts are highly dangerous as they look just as legitimate bank e-mail but have disastrous consequences to the end user.  FMDS is offered as a separate add-on due to Omniquad staff overheads required to provide this service.

21

 Header Analysis
 Many specialized header analysis will be done.  (For example, check for empty subject, unusual sender address (more digits, punctuations), etc)

I hope this helps?

Main

PMWikiAvailableActions