MailHurdle attack prevention
Details of proactive Mailguard defenses
In addition to standard reactive measures, Mailguard now incorporates a set of features referred to as "MailHurdle" to help prevent attacks. These features are: sender pattern recognition and suspect attachment quarantine.
Sender pattern recognition
Unique patterns of mail routing between sender and recipient are recorded by MailHurdle. On the very first time an email is sent using a new combination, the email is deferred with a standard SMTP code informing the sending server to try again later. The sender need not take any action- nearly all legitimate email servers will retry within one hour. There are rare instances of servers which do not retry, but it is a standard part of any email server to try resending a message many times before warning the sender.
Mail Hurdle remembers these patterns so that subsequent emails are no longer deferred and are accepted. Mail Hurdle does not use the "From:" address to determine sender, and is able to recognize multiple mail servers in a specific domain as part of these patterns.
Most spammers will not retry, and are usually sending via an unfamiliar domain so this is an effective measure for proaction. Emails from regular correspondents and their normal domains will be in the remembered patterns and be accepted without delay.
Suspect attachment quarantine
New virus attacks will typically be variations of existing virus types. By quarantining email having attachments that have closely matching signatures to known viruses, Mailguard gains precious time to update viral signatures and prevent a new attack before it spreads.
Suspect attachments will be quarantined for eight hours. By itself this is not much time, but it may be helpful in blunting an outbreak.
Some attachment file types are considered so widely exploitable they are always quarantined as suspect. Mailguard categorically holds these filetypes pending rescan for later: