Beefing Up E-Mail Security


IronPort launches new technology to assess trustworthiness of embedded links


In an effort to get tougher on spam and phishing attacks, e-mail security vendor IronPort Systems has launched a new capability that enables its appliances to assess the trustworthiness of Web links embedded in e-mails.
The vendor&'s new Web Reputation technology, rolled out this month, aims to increase the antispam functionality of its e-mail security appliances and is supported by its SenderBase Network security database.

Assessing the reputation of the e-mail sender is not enough to block spam and phishing attacks, which are becoming increasingly complex, said Pat Peterson, vice president of technology at IronPort, San Bruno, Calif.

That&'s why IronPort now is tracking URLs within the content of the e-mail and placing a reputation score on the URLs based on criteria such as the length of time they have been registered or the country the site is hosted in. Messages that contain suspicious Web links are filtered out, helping to block spam, phishing attacks, URL-based viruses and spyware spread through e-mail that can look identical to legitimate messages but instead contain malicious URL links.

While IronPort is not the only vendor to use reputation data filtering, its database for analyzing and scoring incoming e-mails&' IP addresses is one of the largest on the market, said Jay Gregg, practice manager at Accudata Systems, a solution provider in Houston. SenderBase filters out so much spam at the perimeter that customers initially don&'t think it&'s working because they no longer see as much spam on a quarantine list, he said.

“It&'s a testament to its accuracy,” Gregg said.

IronPort claims SenderBase is populated with data from more than 100,000 participating organizations that track spammers and identify bad URLs.

Dale Mitchell, general manager at Cincinnati-based solution provider Data Processing Sciences, estimated that SenderBase filters out between 88 percent and 92 percent of spam. In one instance, a customers found out that its own IP address was being blocked by SenderBase because the customer had a virus on its network and didn&'t know it, he said.