subscribe: Daily Newsletter

 

Sender Genotype identifies botnet behaviour to filter spam messages

0 comments

Sophos, has announced that its Email Security and Control enterprise
solution will now include Sender Genotype, a next-generation reputation
filtering technology designed to automatically identify and block spam
messages from botnets.

Unlike traditional reputation filters, which rely on profiling and blocking
known spam senders, Sender Genotype effectively identifies suspicious
behaviour from IP addresses which have not yet established a negative
reputation, and immediately blocks them from connecting to the email systems
of Sophos customers.
Based on data collected in the first half of 2008, SophosLabs estimates that
botnets generate 90% of all spam worldwide. This issue is compounded by the
fact that spambot networks are usually online for only a matter of minutes,
sending targeted messages in low traffic volumes, often using dynamically
assigned IP addresses – tactics designed to help spam messages bypass
traditional reputation filtering solutions.
Sophos Sender Genotype overcomes these weak spots by monitoring connection
requests to the email gateway and rejecting those that show evidence of
botnet connections.  Even new or unknown senders that have never before sent
spam messages, such as zombie machines that have been newly recruited to
botnets, can be blocked using this new technology.
"Sender Genotype technology offers a great advantage over spammers," says
Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
"Traditional filtering methods rely on comparing every email against
information harvested from previous spam.  This is not only process heavy
and inefficient but can be unreliable when brand new spam campaigns are
launched.  Sender Genotype looks at the genetic profile of spam emails,
allowing instant recognition and automatic blocking."
In addition to the development of Sender Genotype to counter the ever-rising
tide of spam, Sophos has recently added Sophos eXtensible Lists (SXL) to its
Email Security and Control portfolio.  SXL is an online look-up system that
dramatically accelerates the distribution of anti-spam intelligence, moving
away from traditional scheduled updates to a real-time system that
facilitates quicker responses to new and emerging spam campaigns.
Sender Genotype is a free upgrade option for existing and prospective
customers of Sophos Email Appliances and PureMessage for Unix.