ZyWALL 5/35/70 Series User’s Guide

CH A P T E R 15

Anti-Spam

This chapter covers how to use the ZyWALL’s anti-spam feature to deal with junk e-mail (spam).

15.1 Anti-Spam Overview

The ZyWALL’s anti-spam feature identifies unsolicited commercial or junk e-mail (spam). You can set the ZyWALL to mark or discard spam. The ZyWALL can use an anti-spam external database to help identify spam. Use the whitelist to identify legitimate e-mail. Use the blacklist to identify spam e-mail.

15.1.1 Anti-Spam External Database

If an e-mail does not match any of the whitelist or blacklist entries, the ZyWALL calculates a digest (fingerprint ID) of the e-mail and sends it to the anti-spam external database. The anti- spam external database checks the digest against (more than a million) known spam patterns. The anti-spam external database uses the following spam detection engines in checking each e-mail.

SpamBulk: This engine identifies e-mail that has been sent in bulk or is similar to e-mail that is sent in bulk.

SpamRepute: This engine checks to see if most people want the e-mail.

SpamContent: This engine checks to see if the message would generally be considered offensive.

SpamTricks: This engine checks to see if the e-mail is formatted to be economical for spammers or to circumvent anti-spam rules.

The anti-spam external database then uses a proprietary Bayesian1 statistical formula to combine the results into one score of how likely the e-mail is to be spam and sends it to the ZyWALL. The possible range for the spam score is 0~100. The closer the score is to 100, the more likely the e-mail is to be spam. You must subscribe to and activate the anti-spam external database service in order to use it (see Section 15.1.7 on page 266 for details).

1.Bayesian analysis interprets probabilities as degrees of belief rather than as proportions, frequencies and such. Bayesian analysis frequently uses Bayes' theorem, hence the name.

Chapter 15 Anti-Spam

262