SMI! uses currently the best available anti-spam technology in the world. “The best” means a solution which has:
- great efficiency (97%-98%),
- quickest response to new outbreaks (real-time),
- fully automatic (no configuration needed),
- well known (+350 000 of SMI! customers, +35 mln of RPD™ users),
- deterministic (not heuristic, no guesswork)
- and with minimal false positives rate (less than 1 on 27 000).
Detection inside SMI! is based on the bulk nature of the spam – not the content resemblance. SPAM in order to be economically effective must be send in bulk.Patented technology used by SMI! analyses more than 30 mln of real mailboxes every second and sends statistical information about e-mail traffic trends to the Detection Centres. Then, at customer's site or at our Managed Service Centres, every received message is compared to the collected hashes of bulk messages (we collect just cryptographic hashes of every part of message with no ability to restore message content).
Our competitors use inefective methods such as:
Heuristic analysis and/or Bayesian filters – it can be tricked, it is language dependent, it produces high level of false positives level – we do not use heuristic and Bayesian filters as default.
Network of honey pots etc. – they create a lot of dummy mailboxes and wait for incoming mail. Then, they creates samples of spam based on message content. They use a lot of trademarks and proudly sounding names (like “genetic networks”, “probe networks” etc.) but in fact they create tokens from sample messages. Later they search for the same tokens in tested mail and they weight every token that has been found. This solution provides a lot of false positives, targets only about 80% of spam and ignores originally solicited messages (30% of spam).
Periodic updates – Even our best competitors updates their solution only every 5 minutes. We use real-time queries with no lag for updates. It means that we detects and block spam in the first few minutes of the outbreak.
Complicated configuration – Sometimes there are thousands of configurable parameters requiring a lot of administration time. SMI! automatically detects spam without requiring manual adjustment of filtering rules.
Lexical analysis - it requires a lot of human activity to create, manage and update dictonaries.
SMI! uses the following SPAM detection techniques:
To provide minimal false positives we use only deterministic techniques to filter mail traffic.
- SMTPGuard™
- Real-time Pattern Detection™ by Commtouch™
- Identity Spoofing
- RBL - Real-time Blackhole List servers
- SURBL – to block phishing
- DNS – multilevel Domain Name Search
- SPF – Sender Policy Framework
- Greylisting
- Recipients Verification
- Sender Verification
- Attachments Filters
- E-mail Addresses White & Black Lists
- IP White & Black Lists
Following techniques may also by used by an administrator:
- Date & Time Classification
- Content Checking
Handling NDR Notifications
Mail servers are usually configured to generate Non-Delivery Report (NDR) notifications and address them back to the senders. These NDRs notify the senders that the original messages were not delivered to the targeted recipients. Within the body of the notification, mail servers often specify the reason for non-delivery along with additional identifying data from the original email. This additional data might include the message-headers and may even include the entire original message as one or more nested MIME parts.
To prevent recipients from receiving these falsely-directed NDR notifications (termed “bad NDR notifications), SMI! uses an additional feature for the detection engine known as
NDR2. The detection engine will classify any “bad” NDR notification as Spam. This guarantees that mass-volumes of redundant and annoying notifications are not forwarded to the Inboxes of already-abused recipients. Nonetheless, if not managed correctly this functionality may also block “good” NDR notifications along with the “bad” ones and is therefore, disabled by default.
