ZyWALL 5/35/70 Series User’s Guide
Chapter 15 Anti-Spam 264
15.1.1.4 SpamTricks Engine
The SpamTricks engine checks for the tactics that spammers use to minimize the expense of
sending lots of e-mail and tactics that they use to bypass spam filters.
Use of relays, image-only e-mails, manipulation of mail formats and HTML obfuscation are
common tricks for which the SpamTricks engine checks. The SpamTricks engine also checks
for “phishing” (see
Section 15.1.3 on page 264 for more on phishing).
15.1.2 Spam Threshold
You can configure the threshold for what spam score is classified as spam. The ZyWALL
considers any e-mail with a spam score higher than the spam threshold to be spam. Any e-mail
with a score less than or equal to the spam threshold is treated as legitimate. The following is
an example of the ZyWALL checking e-mail with the external database.
Figure 124 Anti-spam External Database Example
1 E-mail comes into the ZyWALL from an e-mail server (A in the figure).
2 The ZyWALL calculates a digest of the e-mail and sends it to the anti-spam external
database.
3 The anti-spam external database calculates a spam score for the e-mail and sends the
score back to the ZyWALL.
4 The ZyWALL forwards the e-mail if the spam score is at or below the ZyWALL’s spam
threshold. If the spam score is higher than the spam threshold, the ZyWALL takes the
action that you configured for dealing with spam.
15.1.3 Phishing
Phishing is a scam where fraudsters send e-mail claiming to be from a well-known enterprise
in an attempt to steal private information. For example, the e-mail might appear to be from a
bank, online payment service, or even a government agency. It generally tells you to click a
link and update your identity information in order for the business or organization to verify
your account. The link directs you to a phony website that mimics the business or
organization’s website. The fraudsters then use your personal information to pretend to be you
and commit crimes like running up bills in your name (identity theft).
