Can you imagine what life would be like if we didn’t have anti-spam and anti-virus protection on our email servers and gateways? Users would be so flooded with spam, phishing attempts and malware that they’d have to scroll through many pages of email messages before finding a message that’s legitimate. A good anti-spam/anti-virus mail server or gateway will filter out the vast majority of this nonsense so that the end user can focus on his job.
Most mail servers have some form of built-in spam protection, however, administrators are often faced with these challenges
Not enough security features on the mail server to catch many of today’s evolving threats
The need for an extra layer of defense between the mail server and the internet
Lack of reporting features, which can be used to assess the effectiveness of your email security solution
Cumbersome configuration & confusing settings
SecurityGateway was created to address these issues. Many small-to-medium businesses trust SecurityGateway to protect their inbound and outbound email from spam, phishing attempts, and malware.
The following is a brief presentation that describes SecurityGateway’s features.
Ever wonder why so much spam exists today? By some estimates, more than 100 billion spam messages are sent every day. This represents around 85 percent of global daily email traffic. Some of the most common types of spam messages include financial scams, phishing attempts, ransomware, and botnet malware. In this article, we focus primarily on botnets.
Spam is big business. The barriers to entry are low and the payoffs are high. If a spammer sends out 50,000 spam messages, but only a handful of users click on a link in one of these messages, the spammer’s efforts will likely have paid off.
A single spammer may not have the resources to send out a large-scale spam attack, however, a spammer’s job is made much easier by the use of botnets – networks of hundreds or even thousands of malware-infected computers (known as spambots) that can be remotely controlled over the internet. Similar to legitimate cloud services such as Amazon’s AWS, a botnet-for-hire provides individuals with ample cloud-based resources to carry out large-scale spam campaigns with very little effort.
According to Spamhaus, the top five countries with the most spambots are India, Vietnam, China, Iran, and Brazil. As of May 23, 2016, India had close to 2 million spambots!
The botnet-for-hire industry is a growing industry that makes it easy for anyone to send out thousands of spam messages using the botnet as the attack vector.
In addition to sending out spam, botnets can be used to launch DDoS attacks by flooding a company with thousands of connections over a short period of time – in an effort to try to shut down a company’s network or to damage its reputation.
User education is likely the most important factor in preventing a computer from becoming a spambot. The following are a few guidelines that every email user should know by now.
Never open an email from an unknown source.
Never open an attachment from an unknown source.
Even if the sender appears to be someone you know, always verify – because spammers often forge the sender’s address.
Use anti-virus software on your local computer.
Learn how to recognize phishing
Messages that contain threats to shut your account down
Requests for personal information such as passwords or Social Security numbers
Words like “Urgent” – portraying a false sense of urgency
Forged email addresses
Poor writing or bad grammar
Don’t give your email address to sites you don’t trust.
Don’t post your email address to public websites or forums.
Understand that reputable businesses will never ask for personal information via email.
The information provided above applies primarily to end users, but what actions can be taken by the mail server administrator to detect and prevent spambot activity? While MDaemon has many spam-fighting features, MDaemon 16 includes tools to detect spambot activity and block it from further communication with your server. This new feature is called Spambot Detection. Spambot Detection tracks the IP addresses that every return-path value (sender) uses over a period of time. If the same return-path is used by multiple IP addresses (more than can be expected from users switching between their computers and mobile devices) in a given timeframe, then it’s possible that this activity is being generated by a spambot. Of course, it’s also possible that this activity is completely legitimate. However, in some cases, tests have shown that this can be an effective tool at detecting a distributed spambot network as long as the same return-path is used in the spam messages. If a spambot is detected the connection is dropped and the return-path value is optionally blacklisted for a designated period of time. You can also optionally blacklist all known spambot IPs for a designated period of time.
As with most MDaemon security features, various settings allow you to bypass Spambot Detection for mail from trusted sources. You can exempt specific IPs, senders, and recipients from Spambot Detection using the White list feature, and exempt connections from authenticated sessions or trusted IPs. Click on the Advanced buttons to view a list of return-paths or IPs that are currently blocked. If a return-path or IP is blocked by mistake, you can easily remove it from the list.
We demonstrate how to configure Spambot Detection in this tutorial video.
Spammers are always coming up with new ways to spam users. That’s why user education and a properly configured mail server are equally important in the war against spam.
For spammers, the barriers to entry are very low and the potential payoffs are very high relative to the small amounts of effort required to send out lots of spam. Spammers typically look for the “low hanging fruit” of an email system, such as mail servers that are not configured to prevent relaying, or accounts with weak passwords. If a hacker manages to guess an account’s password, he can use that account to send out large amounts of unsolicited spam email messages. This can result in your server winding up on a blacklist. Additionally, if large amounts of spam are sent out before the issue is corrected, your business can suffer lost trust and a reduction in revenue.
MDaemon’s Account Hijack Detection feature can be used to disable the account once a specified number of messages have been sent from an authenticated session within a given period of time. But it would be better to not even let a hacker get that far. Having strong passwords that are difficult to guess would help prevent an account from being hijacked in the first place.
Today, we focus on the issue of weak passwords and how to thwart hackers by implementing strong password policies. These settings are located in MDaemon under the Accounts | Account Settings configuration screen. In today’s video tutorial, we demonstrate how to require strong passwords, how to force accounts with a weak password to change their password, and how to send a Weak Passwords report to a designated email address.
Email is one of the most valuable intellectual property assets a company can have. Protect your email by enacting strong security and password policies & keep the hackers out.
MDaemon’s built-in spam filter includes a feature known as Bayesian Learning. Bayesian Learning allows MDaemon to “learn” what types of messages are spam and what types are not spam. This allows the spam filter to become more accurate over time.
It is important for users to properly train the Bayes system so that messages are correctly flagged as spam or non-spam. We do not recommend blacklisting the sender of spam messages because this does not help the Bayes engine learn from the message, and thus, has no effect on reducing spam. The easiest way to train the Bayes engine is for users to use the thumbs-up and thumbs-down icons in WorldClient (MDaemon’s webmail client) to feed the Bayes engine samples of spam and non-spam. The more spam and non-spam samples you feed to the Bayes engine, the more accurate the spam filter will become over time, thus, it is very important for users to use the thumbs-down icon on every spam message – whether it arrives in your Inbox or in your Junk Email folder. Likewise, for every false-positive (legitimate, non-spam message that is flagged as spam), you can use the thumbs-up icon to flag the message as non-spam.
As we discussed in an earlier post, messages that users may receive in response to messages they never actually sent (due to their email addressed having been forged in a spam message’s return-path) are known as backscatter. In that post, we discussed what backscatter is and explained how to enable Backscatter Protection in MDaemon.
In today’s video tutorial, I show you how to enable Backscatter Protection in SecurityGateway.
Do you have questions or comments? Let us know via the Comments section below, or if you need support or further assistance, several options are available for you via our Support page.
Are you receiving a lot of inbound email to MDaemon or SecurityGateway from a particular country?
Does your company do business with this country?
Do your email users only need to send and receive email within your own country?
If you run a small business and all of your clients and suppliers are local, then chances are you’re not going to be sending email to certain countries across the globe. Depending on the type of business, companies may want to block all incoming connections from these countries. This is especially useful because a lot of international email traffic contains spam, malware, phishing attempts, and viruses. Taking the time to deal with these types of messages can lead to lost productivity.
There’s an easy way to block these connections. In this video, I show you how to block mail by originating country using the DNS-BL features in MDaemon and SecurityGateway.
We’ve added our recent DMARC webinar to our YouTube channel. DMARC (Domain-based Message Authentication, Reporting and Conformance) is an anti-spoofing technology that makes it possible for domain owners to use the Domain Name System (DNS) to inform receiving servers of their DMARC policy, which is how they want those servers to handle email messages that claim to be sent from their domain but cannot be authenticated as having actually come from it. In this webinar, we’ll introduce you to DMARC, describe its purposes and goals, and explain how it works. Then, we’ll show you how to configure MDaemon to use DMARC to verify incoming messages.
This webinar focuses specifically on MDaemon’s implementation of DMARC, however, for a more technical and comprehensive overview of DMARC, and as a prerequisite for this webinar, we recommend viewing the Video Training series located at www.dmarc.org.
If you work in real estate, you are not likely to receive email with pharmaceutical-related content, and if you work in the medical field, you’re not likely to receive email about stock tips or account-related notifications from PayPal. With SecurityGateway, you can create content filter rules to filter out messages that contain words that are not relevant to your business. You can filter based on the sender, recipient, IP address, message subject, message body, or any header found within the message. I’ll show you how in the following brief tutorial video.
SecurityGateway is a software-based email gateway/firewall that can be installed in front of any Exchange or other SMTP mail server, allowing you to block malicious content, such as spam, viruses, malware, and phishing attempts, before it reaches your mail server. You can learn more about SecurityGateway here.
In addition to its built-in spam filter, MDaemon includes many other security features that can be used to fight spam. In this webinar, we take you through an in-depth explanation of MDaemon’s spam-fighting features, and discuss recommended settings for best results.
SecurityGateway and MDaemon both feature Bayesian learning, which allows administrators (or users, when authorized) to feed samples of spam and non-spam email messages to designated public folders. By default, when 200 samples of spam and 200 samples of non-spam have been placed in these folders, the Bayesian learning process will process these folders and feed their contents to a database of what are known as tokens – snippets of spam-like and ham-like (non-spam) content, basically. We all know that we humans are not infallible – people make mistakes, so it’s possible for messages to be fed to the wrong folders. When this happens, users may begin to receive more false-negatives (spam that was not caught by the spam filter) or you may accumulate a number of false positives (legitimate email messages that were flagged as spam by the spam filter). When this happens, it may be necessary to rebuild the Bayesian database. You may recall that I posted a blog entry awhile back on how to rebuild the Bayesian database for MDaemon. You can read that post here. For SecurityGateway, the concepts are the same, but the navigation and file locations are different. The following tutorial video explains how to rebuild the Bayesian database in SecurityGateway.