ZyXEL ZyWALL 5 User Guide - Page 314
What You Need to Know About Antispam
View all ZyXEL ZyWALL 5 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 314 highlights
Chapter 16 Anti-Spam Screens 16.1.2 What You Need to Know About Antispam MIME Headers MIME (Multipurpose Internet Mail Extensions) allows varied media types to be used in email. MIME headers describe an e-mail's content encoding and type. For example, it may show which program generated the e-mail and what type of text is used in the e-mail body. Here are some examples of MIME headers: • X-Priority: 3 (Normal) • X-MSMail-Priority: Normal In an MIME header, the part that comes before the colon (:) is the header. The part that comes after the colon is the value. Spam often has blank header values or comments in them that are part of an attempt to bypass spam filters. Whitelist Configure whitelist entries to identify legitimate e-mail. The whitelist entries have the ZyWALL classify any e-mail that is from a specified sender or uses a specified MIME header or MIME header value as being legitimate. The anti-spam feature checks an e-mail against the whitelist entries before doing any other anti-spam checking. If the e-mail matches a whitelist entry, the ZyWALL classifies the e-mail as legitimate and does not perform any more antispam checking on that individual e-mail. A properly configured whitelist helps keep important e-mail from being incorrectly classified as spam. The whitelist can also increases the ZyWALL's anti-spam speed and efficiency by not having the ZyWALL perform the full antispam checking process on legitimate e-mail. Blacklist Configure blacklist entries to identify spam. The blacklist entries have the ZyWALL classify any e-mail that is from a specified sender or uses a specified MIME header or MIME header value as being spam. If an e-mail does not match any of the whitelist entries, the ZyWALL checks it against the blacklist entries. The ZyWALL classifies an e-mail that matches a blacklist entry as spam and immediately takes the action that you configured for dealing with spam. The ZyWALL does not perform any more anti-spam checking on that individual e-mail. A properly configured blacklist helps catch spam e-mail and increases the ZyWALL's antispam speed and efficiency. Anti-Spam External Database If an e-mail does not match any of the whitelist or blacklist entries, the ZyWALL calculates a digest (fingerprint ID) of the e-mail and sends it to the anti-spam external database. The antispam external database checks the digest against (more than a million) known spam patterns. The anti-spam external database then uses a proprietary Bayesian3 statistical formula to combine the results into one score of how likely the e-mail is to be spam and sends it to the ZyWALL. The possible range for the spam score is 0~100. The closer the score is to 100, the more likely the e-mail is to be spam. You must subscribe to and activate the anti-spam external database service in order to use it (see Section on page 314 for details). 3. Bayesian analysis interprets probabilities as degrees of belief rather than as proportions, frequencies and such. Bayesian analysis frequently uses Bayes' theorem, hence the name. 314 ZyWALL 5/35/70 Series User's Guide