Wow. How much? Email me off line-- (I've manually added you to my list
already.)
----- Original Message -----
From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, June 20, 2005 1:25 AM
Subject: [isalist] Re: OT: Attn Thor
http://www.ISAserver.org
I pay Spamarrest for my solution now, as it was the best thing I couldfind
for HoG at the time. It's not like it is my corporate domain oranything--
if your service can do that at 99%, then right on- I'd rather pay you than some stranger anyway. Can you provide a solution on an email-by-email basis, or does it have to be the entire domain?
While my pricing and configuration is based on per domain, it can be done on an individual e-mail address basis by having all of the incoming forwarded to an address on my service which you would then retrieve e-mail from. Of course, that could then be configured to forward all to a separate address somewhere (or even configured as an alias for a separate address) in which that address would only accept e-mail from the address on my server. (Whew, almost ran out of breath.)
For AV/Malicious content scanning, it works like this: A) Message and attachments are scanned by 3 different AV scanners. If a virus is found, the message is quarantined, appropriate notice(s) are sent, and it is then auto deleted after 5 days. B) If no (suspected)virus is found then the attachments are compared to a list of banned attachments. If a banned attachment is found, appropriate notice is sent and message is auto deleted after 5 days. C) If no banned attachment, the message is checked for 12 different vulnerabilities. If one is found the message is quarantined, an appropriate notice is sent, and the message is auto deleted after 5 days. The reason for the quarantine for 5 days is for a few different reasons. One is as an example 2 major airlines that send out reservation notices had vulnerabilities in the message. One of the airlines has stepped up to the plate and fixed it. The other refuses to acknowledge the problem. Additionally, some times you just have to get a message with a banned attachment. What I tell my customers is when they receive their notice about a problem message, they can follow the instructions to request to have the message reviewed and requeued for delivery. If we get a number of repeat or similar requests, we investigate as to the source of the issue and how to resolve it.
For spam filtering, it works like this: There are currently 6 types of tests run against each message: 1) Sender based. These are tests such as does sending domain (domain portion of the from address) exist, accept e-mail to postmaster and abuse, coming from listed server for domain, accept e-mail to from address and so forth. 2) DNS based tests such as is the HELO/EHOL, PTR, MX and A record checks. 3) 25 RBL/DNSBL type tests. 4) Message formatting tests. 5) SPAM signature based tests. 6) Filter tests such as looking for certain characters, groups of characters, words or groups of words in certain places. 7) Combo tests which add or remove weight depending upon groups of tests previously failed/passed. All of these tests are weighted and contribute to a final weight of the message. The action based on the weight is then taken according to configuration. We have base actions, and also per domain actions and even per user actions. Generally speaking, we PASS, HOLD or DELETE. We can also COPY TO, modify the subject, send to a sub mail box (such as a spam mail box instead of the main,) redirect or attach it to a warning message. Messages held are generally reviewed daily unless there is a problem occurring or when configuration changes are made whereby we review hourly at first and work back towards normal reviews. Additionally, when new clients are added, we at first hold more and only delete the most blatant spam and review every 2 hours until we can adjust our filters and configuration for them. Why, because no 2 clients are like. While a school wants clean e-mail, the HR dept of a major employer wants and needs those e-mails about the latest sexual harassment laws.
John T eServices For You