SPAM Filtering Options in Trend Worry-Free Business Security

Body:

 

With the release of Trends WFBS 5.0 (formerly known as CS and CSM Security) Trend have upgraded the Antispam components in a number of ways. For some this is causing some confusion. Hopefully I can help resolve that.

When you purchase WFBS Advanced over Standard, you get support for Exchange Server. This is the typical choice for Small Business Server owners who use Exchange for their mail. The WFBS Standard suite has no support for Exchange Server and therefore a lot of what is below does not apply.

So what do you get?

WFBS Standard includes a client agent (CSA) that installs on the desktop PC’s. People that deploy WFBS Standard normally will not have an in-house Exchange server and their mail is often hosted on a POP3 mail server with your ISP. To protect them from SPAM you can enable the inbuilt protection that is part of the CSA installed on each PC.  The screenshot below shows how to configure this agent.

image

 

WFBS Advanced on the other hand has several layers of Antispam that can be used to help thwart the spam from getting into the users inbox.  This assumes that your mail is hosted on an in-house Exchange server such as Small Business Server 2003. The Antispam features include the following…

ERS – Email Reputation Services – This is a cool feature that is built into the Messaging Agent (MSA) for WFBS. You can see in the screen below that I’ve got this enabled and you can also see it has a Standard and Advanced option (now isn’t that confusing!!!).  What this is is effectively the ability of the Trend MSA to look at the source IP address that the incoming email connection is coming from and then decide based on rules if it should even allow the connection to take place. It does this by a lookup of a Trend maintained Email Reputation database that tracks known spammers. If the address is on the list then it drops the connection altogether therefore preventing the email from getting in at all.  If your address is not on the list then the email comes in and proceeds to the next level of SPAM filtering called Content Scanning.  The Standard and Advanced ERS lists are cool too. You can see I’ve configured for Advanced and there is a web based control panel if you need to tweak it for yourself. The Standard list contains all KNOWN spammers whereas the Advanced list contains the newest potential spammers. Trend monitor these newer spammers IP’s to determine if they are indeed sending out SPAM or if in fact they are a legitimate business doing a mail out to their customer base. Consequently you may find your mail coming into your organisation from one of the people on the dynamic list delayed by up to 4 hours whilst Trend evaluate if they are spammers or not.  I understand that if you are verified as a spammer then you get moved to the known spammers list.

image

 

Content Scanning – Ok – so after the inbound mail gets past ERS, it’s in your mail system and then can be content scanned using the Trend Antispam scanning engine.  If it’s found to be spam then it’s placed in your SPAM Mail folder (dependant on your configuration of Trend).  Here the user can retrieve it and look at it and deal with it as they see fit.

image

 

IMHS – Interscan Messaging Hosted Security – is another option that you may choose to use in conjunction with the above two. This is a hosted solution that filters your mail before it gets to your Exchange Server. To configure this you will need to change your DNS MX Records to point to Trends Mail servers and then configure your server to only receive mail from the Trend servers.  I’ve been using this service for nearly 12 months now and I’ve found a dramatic drop in the amount of SPAM that I get through to my inbox. These days I get almost zero SPAM in my inbox.  You can see from the pie chart below that 81% of my inbound mail in the last week is being blocked BEFORE it even evaluates it as SPAM. A further 4% is then checked and declared as SPAM.  That means overall my Internet connection and my mail system is having to deal with 85% LESS email than before.  Here in Australia where we pay per megabyte for Internet usage, this type of things translates to real business benefits.  The 81% that has been blocked below is using Trends Hosted ERS service which they themselves use in front of their own mail servers.  Therefore if you look at this article in whole, you could block 81% of your SPAM traffic using nothing more than the ERS service mentioned above.  As for the mail marked as SPAM by the IMHS – it goes into a queue and I get a daily report of what is in the queue – I can then use the web based console to review and release the mail if I want to.

image

 

So – what do I use?  For my main system (SBSfaq.com) I use the IMHS to filter all mail before it hits my SBS server – that keeps my Internet connection clear of the garbage that normally would slow me down.  For other systems of mine (i.e. my test systems) that are exposed to the Internet, I use the ERS and Content Scanning facilities.

 

I’ll be updating my Trend Guide for CSM to WFBS 5.0 shortly – it will be available for purchase via www.sbsfaq.com and available free to subscribers.

Category: TrendMicro
Published: 16/07/2008 11:52 AM

Leave a Reply

Your email address will not be published. Required fields are marked *