SMI! uses the best currently available anti-spam technology in the world. “The best” means a solution which has:
- great efficiency (97%-98%),
- quikest respond to new outbreaks (real-time),
- fully automated (no configuration needed),
- well known (+350 000 of SMI! customers, +35 mln of RPD™ users),
- deterministic (not heuristic, no guesswork)
- and minimal false positives rate (less than 1 on 27 000).
Detection inside SMI! is based on the bulk nature of spam – not content resemblance. SPAM to be economically effective must be sent in bulk. Used by SMI! patented technology every second analyse more than 30 mln of real mailboxes and sends to Detection Centres statistical information about e-mail traffic trends. Then, at customer's site or at our Managed Service Centres, every received message is compared to collected hashes of bulk messages (we collect just cryptographic hashes of every part of message with no ability to restore message content).
Our competitors use poor methods such as:
Heuristic analysis and/or Bayesian filters – it can be tricked, it is language dependent, it produces high level of false positives level – we do not use heuristic and Bayesian filters as default.
Network of honey pots etc. – they create a lot of dummy mailboxes and wait for incoming mail. Then, they creates samples of spam based on message content. They use a lot of trademarks and proudly sounds names (like “genetic networks”, “probe networks” etc.) but in fact they create tokens from sample messages then they search the same tokens in tested mail and they weight every found token. This solution provides a lot of false positives, it targets only about 80% of spam and ignores originally solicited messages (30% of spam).
Periodic updates – the best competitors updates their solution every 5 minutes. We use real-time queries with no lag for updates. It means that we detects and block spam in the first few minutes of an outbreak.
Complicated configuration – they sometimes have thousands of configurable parameters requiring a lot of administration time. SMI! automatically detects spam without requiring manual adjustment of filtering rules.
Lexical analysis - it requires a lot of human activity to create, manage and update dictonaries.
SMI! uses following SPAM detection techniques:
To provide minimal false positives we use deterministic only techniques filtering mail traffic.
- SMTPGuard™
- Real-time Pattern Detection™ by Commtouch™
- Identity Spoofing
- RBL - Real-time Blackhole List servers
- SURBL – to block phishing
- DNS – multilevel Domain Name Search
- SPF – Sender Policy Framework
- Greylisting
- Recipients Verification
- Sender Verification
- Attachments Filters
- E-mail Addresses White & Black Lists
- IP White & Black Lists
Following techniques may be also used by an administrator:
- Date & Time Classification
- Content Checking
Handling NDR Notifications
Mail servers are usually configured to generate Non-Delivery Report (NDR) notifications and address them back to the senders. These NDRs notify the senders that the original messages were not delivered to the targeted recipients. Within the body of the notification, mail servers often specify the reason for non-delivery along with additional identifying data from the original email. This additional data might include the message-headers and may even include the entire original message as one or more nested MIME parts.
To prevent recipients from receiving these falsely-directed NDR notifications (termed “bad NDR notifications), SMI! uses an additional feature for the detection engine known as
NDR2. The detection engine will classify any “bad” NDR notification as Spam. This will prevent mass-volumes of redundant and annoying notifications from being forwarded to the Inboxes of already-abused recipients. Nonetheless, this functionality if not managed correctly may also prevent “good” NDR notifications along with the “bad” ones and is therefore, disabled by default.
