ZyXEL Communications ZyWALL5UTM 4.0 15.1.1.1 SpamBulk Engine, 15.1.1.2 SpamRepute Engine, 15.1.1.3 SpamContent Engine

ZyWALL 5/35/70 Series User’s Guide

15.1.1.1 SpamBulk Engine

The e-mail fingerprint ID that the ZyWALL generates and sends to the anti-spam external database only includes the parts of the e-mail that are the most difficult for spammers (senders of spam) to change or fake. The anti-spam external database maintains a database of e-mail fingerprint IDs. The anti-spam external database SpamBulk engine then queries the database in analyzing later e-mails.

The SpamBulk Engine also uses Bayesian statistical analysis to detect whether an e-mail is fundamentally the same as a known spam message in spite of a spammer’s attempt to disguise it.

15.1.1.2 SpamRepute Engine

The SpamRepute engine calculates the reputation of the sender (whether or not most people want to receive the e-mail from this sender).

The SpamRepute engine checks proprietary and third-party databases of known spammer email addresses, domains and IP addresses. The SpamRepute engine also uses Bayesian statistical analysis to detect whether an e-mail is sent from a known in spite of a spammer’s attempt to disguise the sender’s identity. The anti-spam external database combines all of this data into a SpamRepute Index for calculating the reputation of the sender in order to guard against foreign language spam, fraud and phishing.

15.1.1.3 SpamContent Engine

The SpamContent engine examines the e-mail’s content to decide if it would generally be considered offensive. The vocabulary design, format and layout are considered as part of thousands of checks on message attributes that include the following.

•To Field

•Subject Field

•Header Fields

•Email Format, Design, and Layout

•Vocabulary, Word Formatting and Word Patterns

•Foreign Language Detection

•SMTP Envelope Content and Analysis

•Country Trace

•Image Layout Classification

•Hyperlink Analysis and Comparison

•Contact Verification

The SpamContent engine parses words into pieces to detect similar vocabulary even if the words do not match exactly. The anti-spam external database also performs Bayesian statistical analysis on the e-mail’s content. The engine uses artificial intelligence technology to 'learn' over time, as spam changes.