Support User Manuals

ZyXEL Communications ZyWALL5UTM 4.0 Network Router User Manual

Open as PDF

of 803

ZyWALL 5/35/70 Series User’s Guide

263 Chapter 15 Anti-Spam

15.1.1.1 SpamBulk Engine

The e-mail fingerprint ID that the ZyWALL generates and sends to the anti-spam external

database only includes the parts of the e-mail that are the most difficult for spammers (senders

of spam) to change or fake. The anti-spam external database maintains a database of e-mail

fingerprint IDs. The anti-spam external database SpamBulk engine then queries the database

in analyzing later e-mails.

The SpamBulk Engine also uses Bayesian statistical analysis to detect whether an e-mail is

fundamentally the same as a known spam message in spite of a spammer’s attempt to disguise

it.

15.1.1.2 SpamRepute Engine

The SpamRepute engine calculates the reputation of the sender (whether or not most people

want to receive the e-mail from this sender).

The SpamRepute engine checks proprietary and third-party databases of known spammer

email addresses, domains and IP addresses. The SpamRepute engine also uses Bayesian

statistical analysis to detect whether an e-mail is sent from a known in spite of a spammer’s

attempt to disguise the sender’s identity. The anti-spam external database combines all of this

data into a SpamRepute Index for calculating the reputation of the sender in order to guard

against foreign language spam, fraud and phishing.

15.1.1.3 SpamContent Engine

The SpamContent engine examines the e-mail’s content to decide if it would generally be

considered offensive. The vocabulary design, format and layout are considered as part of

thousands of checks on message attributes that include the following.

•To Field

• Subject Field

• Header Fields

• Email Format, Design, and Layout

• Vocabulary, Word Formatting and Word Patterns

• Foreign Language Detection

• SMTP Envelope Content and Analysis

• Country Trace

• Image Layout Classification

• Hyperlink Analysis and Comparison

• Contact Verification

The SpamContent engine parses words into pieces to detect similar vocabulary even if the

words do not match exactly. The anti-spam external database also performs Bayesian

statistical analysis on the e-mail’s content. The engine uses artificial intelligence technology to

'learn' over time, as spam changes.

previous next