For G Suite.
What are the spam check features does Email Security has?
The Spam Check feature of HDE One Service performs the verification (So called “reputation verification”) to determine the mail sender so as not to receive suspicious mail likely to be a SPAM.
The details of the SPAM countermeasure features are separated as follows;
All of these are the features to determine at the SMTP session level whether to receive it or not.
1. Examination of the sender domain and the A/MX record
The domain designated by “MAIL FROM” (=Mail Envelope “From” domain) is examined and if it does not have A record /MX record, the mail should be rejected.
(It will not receive the mail and return the SMTP error to the access source server)
In this way, you are able to reject the reception of the mails sent from Spammers with a fictitious domain which has no A record nor MX record.
The SPAM countermeasure using taRgrey ( S25R + greylisting + tarpitting )
Each feature’s description is as follows;
What is S25R？
Most of the allowable mails are sent through ISP (Internet Service Provider) or mail relay server of the organization.
On the other hand, it has been proved that most of the spams are sent directly from the end-user’s PC which has got BOT-infected by being connected with end-user network such as the ADSL and the cable network.
This feature to determine such access source patterns is called S25R.
What is greylisting?
This is a feature;
When receiving the mail from the access source for the first time, it returns the received mail to the access source server with the resend request and then grants the communication permission only to the mail resent without any problem.
From this step onward, the access source which passed the examination will be no longer the examination target and the mail sent from the source will become receivable.
This feature works effectively because it uses the characteristics that the spammers use their own SMTP servers intending to do the efficient batch-mail-delivery processing so this system ignores the resend request.
What is tarpitting?
This is a feature;
To intentionally deferral the response to the mail for a several seconds when receiving the mail from the access source for the first time.
Since spammers use their own SMTP servers intending only to do the efficient batch-mail-delivery processing, they cannot wait for the deferral time and take a rush action to disconnect the connection.
What is taRgrey?
This is the feature mixing up the 3 features as mentioned above;
- When the access source is determined suspicious (S25R)
- Perform the tarpitting
- Afterword, register the successfully resent ones to the whitelist automatically (greylisting).
3. Mail Size (when using G Suite)
Reject the reception of the mail sized over 25MB.
*It accords to the size restriction for the inbound /outbound mails designated in G Suite.
4. Extension (when using G Suite)
The mails with the extension such as
ade, adp, bat, chm, cmd, com, cpl, exe, hta, ins, isp, js, jse, lib, mde, msc, msp, mst, pif, scr, sct, shb, sys, vb, vbe, vbs, vxd, wsc, wsf, wsh
should be rejected to receive.
*It accords with the inbound/outbound file types (extensions) which are not allowed by G Suite
If the sent mail matches with this SPAM check target definition, the error mail should be returned to the sender.
Besides, the log data of being rejected by HDE One Service should be recorded on the sender’s mail server log registry.