Does Your Email Reputation System Have a Bad Rep?

Written by CipherTrust

Continued from page 1

Two prominent examples of bonded programs are IronPort’s Bonded Sender Program and and Habeas’ Sender Warranted Email programs. These programs allow email marketers to secure bonds to certify that their email adheres to guidelines onrepparttar basis of privacy, mailing practices and issue resolution. ISPs and other mail servers can then query Bonded Sender when scanning incoming messages and handle them accordingly. However, this “pay-to-play” model is fundamentally flawed, as it gives spammersrepparttar 109518 ability to simply “buy” their way ontorepparttar 109519 list by securing a bond as a legitimate sender, regardless of whether they’re actually legitimate or not. Whilerepparttar 109520 cost ofrepparttar 109521 bond may be prohibitive to some senders,repparttar 109522 benefits far outweighrepparttar 109523 costs to most spammers, asrepparttar 109524 only wayrepparttar 109525 bond will be debited is if Bonded Sender receives complaints about a specific account sending spam. And really, when wasrepparttar 109526 last time you or anyone you know reported receiving spam? Would you even know where to report it? In reality, spammers are paying IronPort forrepparttar 109527 right to clog your inbox.

TrustedSource is CipherTrust’s adaptive, real-time email reputation system that provides information on email sender behavior. Who sends spam? Who polices their outbound email well? TrustedSource knows. By constantly observing and analyzing email traffic acrossrepparttar 109528 Internet, CipherTrust identifiesrepparttar 109529 "good guys.” TrustedSource provides constant updates on sender status to improve spam-fighting accuracy and allows IronMail,repparttar 109530 secure email gateway, to achieverepparttar 109531 highest level of accuracy in determining good email from bad.

TrustedSource servers provide data to IronMail by contributing negative values to IronMail’s Spam Profiler (SP) algorithm for messages sent from senders that are deemed reputable. Every message that passes through IronMail is checked againstrepparttar 109532 TrustedSource list and based onrepparttar 109533 reply, IronMail will make a decision about whether to reducerepparttar 109534 overall SP spam score for that message and improve its chances of not being classified as spam.

What constitutes “good behavior” Spammer behavior changes constantly so no definitive answer is available. However,repparttar 109535 following practices are considered “best practices” for email senders:

  • Comply withrepparttar 109536 proper RFC protocols for email.
  • Do not attempt to obscure content or messages in emails.
  • Do not send email to unverified or nonexistent email addresses.
  • Post privacy policies where they can be read and understood, prior to submission of a request.
  • Offer opportunities for users to opt-out of programs.
Adopting a reputation-based anti-spam system alone has not proven effective to stop spam. However, by combining reputation-based systems such as CipherTrust’s TrustedSource with other methods of spam control technologies such as SIDF, SPF, Bayesian Filters, Blacklists, Whitelists, Anomaly Detection, and Spam Signatures, IronMail has achieved industry-leading success.

CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, “No Phishing: Protecting Employees from E-mail Fraud” or by visiting

E-mail Security Governance: E-mail Encryption and Authentication as a Business Enabler

Written by CipherTrust

Continued from page 1

Asrepparttar complexity increases, so doesrepparttar 109517 probability that not all e-mail containing PHI will be encrypted. Doctors, who are always pressed for time, may not takerepparttar 109518 extra few minutes required to encrypt an e-mail. The clerk handling outbound messages for a nurse may not understand which information requires encryption and which does not. Furthermore, many healthcare administration workers have not been trained onrepparttar 109519 identification of PHI and subsequent proper handling.

The uncertainties and potential liabilities have led some organizations to go so far as to outlaw all PHI in e-mail. Instead of solvingrepparttar 109520 problem, however, these decisions generally force employees to find alternative, and usually insecure, methods of transmitting PHI via e-mail in order to accomplish their jobs. This leaves organizations vulnerable to lawsuits based, at best, on non-compliance with HIPAA and, at worst, exposed PHI. The liability is tremendous – leading many insurance providers to be extremely hesitant to provide coverage inrepparttar 109521 IT space unless sound security practices and compliance can be proven.

The same problems arise with client-based encryption technologies that requirerepparttar 109522 user to be trained or to take extra time to accomplish his or her task. The effect is an increase in likelihood that PHI will be transmitted through an insecure channel as rushed or untrained employees break policies set up to protect information.

Another issue faced by organizations is a lack of technological standards. Some organizations may be employing technologies such as S/MIME or PGP encryption, while others utilize secure connection technologies such as TLS or HTTPS. The effect is that any two organizations, each complying with HIPAA regulations in their own way, may be unable to communicate electronically due to a lack of standardization withinrepparttar 109523 industry.

The solution to each of these issues is to moverepparttar 109524 encryption responsibility fromrepparttar 109525 individual user to a specialized server, and to utilize a system that can select from a number of encryption technologies depending onrepparttar 109526 recipient’s technological capabilities. The server should be capable of applying encryption policies based on heuristics determined byrepparttar 109527 security officer, administrator, or business rules. Individual users should be able to specify that a message be encrypted, butrepparttar 109528 encryption should automatically be applied where appropriate regardless of user involvement.

Beyond encryption issues, CE's need to maintain system integrity, and availability of information. At all times,repparttar 109529 network should not be at risk of downtime due to hacking attempts, Denial of Service (DOS) attacks, spam attacks, phishing, social engineering, or viruses.

E-mail Security Issues for Graham-Leach-Bliley Act

The Graham-Leach-Bliley Act (GLBA) was signed by Bill Clinton in 1999 and made fully effective on July 1, 2001. GLBA requires financial institutions, partners and contractors to protect consumer’s private financial information. It is similar in purpose torepparttar 109530 HIPAA regulations governingrepparttar 109531 use and transmission of information inrepparttar 109532 healthcare industry. It also imposes many ofrepparttar 109533 same challenges onrepparttar 109534 financial industry as those faced byrepparttar 109535 healthcare industry.

As with organizations affected by HIPAA and Sarbanes-Oxley regulations, financial institutions are faced withrepparttar 109536 need to protect confidential data, comply with regulations, keeprepparttar 109537 network operational and secure, and operate on a budget. The consequences of a failure to perform in any of these areas could result in imprisonment of company officers and fines. It could also have devastating effects onrepparttar 109538 business itself – potentially causing existing and potential customers to lose faith inrepparttar 109539 company’s ability to service their financial needs.

As with healthcare organizations and corporate entities,repparttar 109540 need to establish centralized policy-based governance overrepparttar 109541 transmission, encryption, and archival of sensitive information requires a secure server-based solution. The solution should be capable of interfacing with all of an organization’s business partners regardless ofrepparttar 109542 partner’s technological capabilities, and it should be transparent torepparttar 109543 user in order to maximizerepparttar 109544 efficiency and utility of e-mail and encourage adoption of acceptable means of corporate communication.


The trend is clearly inrepparttar 109545 direction of more complex security regulations and an increasing concern by consumers and investors over an organization’s ability to protect privileged information. Fortunately, this increasing awareness ofrepparttar 109546 general public and government agencies has coincided with a rapid development ofrepparttar 109547 technologies required to meet these demands. CipherTrust has ledrepparttar 109548 e-mail security industry in developing comprehensive solutions to e-mail borne threats such as spam, hackers, phishing, DOS attacks and more.

CipherTrust’s IronMail providesrepparttar 109549 first true balance of security and usability that will enable businesses to protectrepparttar 109550 confidentiality and integrity of information as required while ensuring that employees can continue to use e-mail easily as a central communication medium. IronMail enables e-mail security governance with ease, solving a problem that has plaguedrepparttar 109551 industry for 15 years.

Others merely claim it. IronMail does it. We invite you to try it. Click here to schedule a FREE online demonstration of IronMail.

CipherTrust manufacturesrepparttar 109552 leading Enterprise E-mail Security appliance, IronMail. To learn more about how IronMail can help your organization filter spam, block attacks, and prevent fraud, download our white paper, "Controlling Spam: The IronMail Way."

Stay up to date on all E-mail security issues by signing up forrepparttar 109553 IronMail Insider Newsletter.

CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, “Securing the E-mail Boundary: An overview of IronMail” or by visiting

    <Back to Page 1 © 2005
Terms of Use