Innovation from Leader in Messaging Security

Connection Control features several proprietary technologies working together to help IronMail provide fastest throughput in industry:

• Dynamic Connection Rejection – Limits number of messages that reach IronMail and rejects resources available to offending IP address.
• Rejection Intervals – By relying on data gathered by IronMail Global Network, CipherTrust research has determined optimal intervals to reject and allow connections.
• Anomaly Detection Engine – Examines and controls overall traffic flow for IronMail to identify threats.
• Threat Response Updates – IronMail Global Network comprises over 2500 IronMail units in field. The system provides data and updates to IronMail units as needed.
• TrustedSource™ - CipherTrust’s reputation service maintains data on millions of e-mail senders globally and provides real-time information to IronMail appliances about a sender’s e-mail sending behavior.

Proven in Field

Currently in use at enterprises such as Cox Communications, Inc. (NYSE: COX), Connection Control dynamically rejects upwards of 50 percent of connection attempts from known spammers with dramatic results. But don’t just take our word for it. Franklin Warlick, Cox Communications’ messaging systems administrator, saw instant results when he installed Connection Control on Cox’s IronMail units, which protect approximately 60,000 inboxes. “CipherTrust’s Connection Control saved us valuable time and resources when we really needed them. This new technology in IronMail allows us to laser in on worst offenders, and reject their spamming attempts at network edge. With Connection Control, Cox Communications was able to reject 90,000 spam messages an hour immediately, giving us great bang for buck from a product that already paid for itself many times over.”

Take Next Step

Learn more about how IronMail helps organizations stop spam flood and fight back against spammers by visiting www.ciphertrust.com or requesting CipherTrust’s free whitepaper, “Stopping Spam Flood with IronMail Connection Control.”

Bayesian Filters

Named after Thomas Bayes, an English mathematician, Bayesian Logic is used in decision making and inferential statistics. Bayesian Filers maintain a database of known spam and ham, or legitimate e-mail. Once database is large enough, system ranks words according to probability they will appear in a spam message.

Words more likely to appear in spam are given a high score (between 51 and 100), and words likely to appear in legitimate e-mail are given a low score (between 1 and 50). For example, words “free” and “sex” generally have values between 95 and 98, whereas words “emphasis” or “disadvantage” may have a score between 1 and 4.

Commonly used words such as “the” and “that”, and words new to Bayesian filters are given a neutral score between 40 and 50 and would not be used in system’s algorithm.

When system receives an e-mail, it breaks message down into tokens, or words with values assigned to them. The system utilizes tokens with scores on high and low end of range and develops a score for e-mail as a whole. If e-mail has more spam tokens than ham tokens, e-mail will have a high spam score. The e-mail administrator determines a threshold score system uses to allow e-mail to pass through to users.

Bayesian filters are effective at filtering spam and minimizing false positives. Because they adapt and learn based on user feedback, Bayesian Filers produce better results as they are used within an organization over time.

Bayesian filters are not, however, foolproof. Spammers have learned which words Bayesian Filters consider spammy and have developed ways to insert non-spammy words into e-mails to lower message’s overall spam score. By adding in paragraphs of text from novels or news stories, spammers can dilute effects of high-ranking words. Text insertion has also caused normally legitimate words that are found in novels or news stories to have an inflated spam score. This may potentially render Bayesian filters less effective over time.

Another approach spammers use to fool Bayesian filters is to create less spammy e-mails. For example, a spammer may send an e-mail containing only phrase, “Here’s link…”. This approach can neutralize spam score and entice users to click on a link to a Web site containing spammer’s message. To block this type of spam, filter would have to be designed to follow link and scan content of Web site users are asked to visit. This type of filtering is not currently employed by Bayesian filters because it would be prohibitively expensive in terms of server resources and could potentially be used as a method of launching denial of service attacks against commercial servers.

As with all single-method spam filtering methodologies, Bayesian filters are effective against certain techniques spammers use to fool spam filters, but are not a magic bullet to solving spam problem. Bayesian filters are most effective when combined with other methods of spam detection.

The Solution

When used alone, each anti-spam technique has been systematically overcome by spammers. Grandiose plans to rid world of spam, such as like charging a penny for each e-mail received or forcing servers to solve mathematical problems before delivering e-mail, have been proposed with few results. These schemes are not realistic and would require a large percentage of population to adopt same spam eradication method in order to be effective.

Working alone, each individual spam-blocking technique works with varying degrees of effectiveness and is susceptible to a certain number of false positives. Fortunately, solution is already at hand. IronMail®, secure e-mail gateway appliance from CipherTrust®, provides a highly accurate solution by correlating results of single-detection techniques with its industry-leading correlation engine, Spam Profiler™.

Learn more about stopping spam by requesting CipherTrust’s free whitepaper, “Controlling Spam: The IronMail Way”.

The core of IronMail’s spam capabilities, Spam Profiler analyzes, inspects and scores e-mail on over one thousand different message characteristics. Each method is weighed based on historical accuracy rates and analysis by CipherTrust’s experienced research team.

Optimizing Spam Profiler requires precise calibration and testing thousands of combinations of values associated with various message characteristics. To automate this process, CipherTrust developed Genetic Optimization™, an advanced analysis technique that replicates cutting-edge DNA matching models. Genetic Optimization identifies best possible combination of values for all characteristics examined by Spam Profiler and automatically tunes IronMail appliance, reducing administrator intervention and assuring optimum protection against spam and spam-born threats.

Take The Next Step

Learn more about how IronMail can secure enterprise e-mail systems by visiting www.ciphertrust.com or requesting CipherTrust’s free whitepaper, “Controlling Spam: The IronMail Way”. This resource will provide information you need to make an informed decision about eliminating spam and securing your e-mail systems.