Email Protection Administrator Guide
Email Filtering Policies
November 2012
Proprietary: Not for use or disclosure outside McAfee without written permission
3
Types of Inbound Email Filtering
Email Protection can filter both inbound and outbound email. Inbound filtering that is
available to be configured is as follows:
•
Anti-Spam Filtering
•
Real-time Blackhole List
•
Anti-Virus Filter
•
Content Filtering and ClickProtect
•
Attachment Filtering
•
Multi-Level Allow and Deny Lists
Anti-Spam Filtering
Spam is usually defined as unsolicited (and usually unwanted) and commercial email sent
to a large number of addresses. However, what one recipient may consider as spam,
another recipient would consider as legitimate email.
In addition, spam has become a tool of hackers and
electronic terrorists
who deliberately
attempt to gather proprietary information from computer systems and/or attempt to cause
harm to a company’s email system. Typically, these types of spammers deliberately use
naming standards, hijacked
From:
addresses, scrambled content, etc., to bypass spam
filters such as blacklists and keyword lists.
Using Stacked Classification Framework
®
, Email Protection provides the most
comprehensive and effective spam-blocking product on the market today—blocking 98%
of spam and providing an industry-leading low false positive rate (legitimate email
marked as spam).
The Stacked Classification Framework aggregates the most effective spam filters and
techniques in the industry into a spam likelihood. As appropriate, email is assigned a
high
or
medium
likelihood of being spam. A separate email action can be assigned to each
likelihood.
The spam classification techniques include the following:
Spam FilterType
Description
IP Reputation
Connection Manager
This filter operates at the front of the Stacked Classification
Framework. It rates the reputation of every incoming email, based
on IP reputation data collected by your Email Protection provider
on an on-going basis. Connections are dropped for all messages
which originate from IP addresses that are determined to carry a
reputation for sending spam.
Bayesian Statistical
Filtering
Statistical algorithms built by your Email Protection provider
identify and quantify the possibility that an email is spam based on
how often elements in that email have appeared in identified spam
emails.