Email Anti-Spam Security Solution
- ✓email quarantine
- ✓blacklist filtering
- ✓R-DNS/PTR checking
- ✓SPF checking
Anti-Spam Offers in Detail
Email Protection
To protect our email inboxes, we offer you the option of booking an additional anti-spam solution from Sophos. We rely on the UTM Email Protection solution in combination with our firewall cluster. The Sophos Anti-Spam solution offers numerous protection functions. We have summarized the main functions for you at a glance.
Email quarantine
If an e-mail is not clearly identified as spam, the mail gateway quarantines the e-mail. This means that the e-mail will not be delivered directly to the recipient, but will remain in a kind of buffer for 7 days. Here you have to actively release the email so that it is delivered to the mailbox.
The antispam solution sends a quarantine report twice a day. This contains a list of quarantined emails, information about the cause of the quarantine and an individual link to release the emails from quarantine. In case of frequent false positives or quarantined emails that have valid content but are detected as spam by the solution, you can contact our customer support for further analysis.
Email Word Filter (Expression Filter)
Since it is becoming increasingly difficult to distinguish spam e-mails from real valid e-mails, it is possible to configure a word filter via our support. Thereby frequently used text modules, single words or word groups can be filtered by the Anti-Spam Gateway. E-mails that are conspicuous due to the word filter are not rejected directly, but quarantined as a precaution. This ensures that important e-mails are not rejected across the board due to the occurrence of certain words.
The word filter is particularly effective for spam e-mails that are sent by valid senders and always have consistent content, such as pill advertisements.
RBL Blacklist Filterung
RBL (Realtime Blackhole Lists) filtering is the filtering of spam mails based on the sender IP address. IP addresses that frequently send spam mails are usually quickly listed on an IP blacklist. Blacklist operators usually provide these IP lists free of charge in order to be able to check the reputation of IP addresses in the course of an anti-spam procedure. The following blacklists are used in our anti-spam solution:
- Barracuda Blacklist
- Spamcop
- Spamhouse
- Senderscore
If the IP address of the sender e-mail is listed on one of the anti-spam blacklists, our anti-spam gateway will reject the e-mail directly, with a corresponding response to the e-mail sender.
R-DNS / PTR Prüfung
Every IP address on the Internet can be supplemented with a so-called PTR / R-DNS entry. This is the resolution of a domain name from an IP address back to a specific domain. Mail servers on the Internet must set an R-DNS / PTR entry for every IP address used to send e-mails in order to ensure valid e-mail transmission. Therefore, a server that does not have an R-DNS / PTR entry for the IP addresses is not a valid e-mail sender for our anti-spam check.
E-mail senders or e-mails from e-mail servers without a valid PTR / R-DNS entry are therefore rejected directly and not quarantined. The sender also receives information that no valid R-DNS / PTR entry is set.
Sandstorm Protection
To protect against ransomware and virus threats, Sophos Sandstorm Protection is also licensed. The way a Sandstorm Protection solution works is that it analyzes the suspicious email attachment in a secured environment. Suspicious attachments can be .zip, .exe or .tar files. These are executed in a Sandstorm environment and checked in the course of a behavior analysis. URLs are also called and checked to see if there is an attempt to execute external malicious code.
If the behavior of the file attachments / URLs is abnormal, the email is quarantined or rejected directly. Emails that have shown anomalies when executed in the Sandstorm environment are specially marked in a quarantine report.