Skip to content. | Skip to navigation

You are here: Home » ICIT » Help Docs » Mailguard (2009) » MailHurdle attack prevention
Document Actions

MailHurdle attack prevention

Details of proactive Mailguard defenses

In addition to standard reactive measures, Mailguard now incorporates a set of features referred to as "MailHurdle" to help prevent attacks. These features are: sender pattern recognition and suspect attachment quarantine.

 

Sender pattern recognition

Unique patterns of mail routing between sender and recipient are recorded by MailHurdle. On the very first time an email is sent using a new combination, the email is deferred with a standard SMTP code informing the sending server to try again later. The sender need not take any action- nearly all legitimate email servers will retry within one hour. There are rare instances of servers which do not retry, but it is a standard part of any email server to try resending a message many times before warning the sender.

Mail Hurdle remembers these patterns so that subsequent emails are no longer deferred and are accepted. Mail Hurdle does not use the "From:" address to determine sender, and is able to recognize multiple mail servers in a specific domain as part of these patterns.

Most spammers will not retry, and are usually sending via an unfamiliar domain so this is an effective measure for proaction. Emails from regular correspondents and their normal domains will be in the remembered patterns and be accepted without delay.

 

Suspect attachment quarantine

New virus attacks will typically be variations of existing virus types. By quarantining email having attachments that have closely matching signatures to known viruses, Mailguard gains precious time to update viral signatures and prevent a new attack before it spreads.

Suspect attachments will be quarantined for eight hours. By itself this is not much time, but it may be helpful in blunting an outbreak.

Some attachment file types are considered so widely exploitable they are always quarantined as suspect. Mailguard categorically holds these filetypes pending rescan for later:

.scr
.pif
.com
.exe
.vbs
.bat
.cmd
.dll
.cpl

 

 

« May 2013 »
May
MonTueWedThuFriSatSun
12345
6789101112
13141516171819
20212223242526
2728293031
Go to full calendar…