ZyWALL 5/35/70 Series User’s Guide

15.1.1.4 SpamTricks Engine

The SpamTricks engine checks for the tactics that spammers use to minimize the expense of sending lots of e-mail and tactics that they use to bypass spam filters.

Use of relays, image-only e-mails, manipulation of mail formats and HTML obfuscation are common tricks for which the SpamTricks engine checks. The SpamTricks engine also checks for “phishing” (see Section 15.1.3 on page 264 for more on phishing).

15.1.2 Spam Threshold

You can configure the threshold for what spam score is classified as spam. The ZyWALL considers any e-mail with a spam score higher than the spam threshold to be spam. Any e-mail with a score less than or equal to the spam threshold is treated as legitimate. The following is an example of the ZyWALL checking e-mail with the external database.

Figure 124 Anti-spam External Database Example

1E-mail comes into the ZyWALL from an e-mail server (A in the figure).

2The ZyWALL calculates a digest of the e-mail and sends it to the anti-spam external database.

3The anti-spam external database calculates a spam score for the e-mail and sends the score back to the ZyWALL.

4The ZyWALL forwards the e-mail if the spam score is at or below the ZyWALL’s spam threshold. If the spam score is higher than the spam threshold, the ZyWALL takes the action that you configured for dealing with spam.

15.1.3Phishing

Phishing is a scam where fraudsters send e-mail claiming to be from a well-known enterprise in an attempt to steal private information. For example, the e-mail might appear to be from a bank, online payment service, or even a government agency. It generally tells you to click a link and update your identity information in order for the business or organization to verify your account. The link directs you to a phony website that mimics the business or organization’s website. The fraudsters then use your personal information to pretend to be you and commit crimes like running up bills in your name (identity theft).

Chapter 15 Anti-Spam

264