Today's spammers are more clever than ever, so today's reputation systems must be equally sophisticated. An effective reputation system must be dynamic, comprehensive, precise and based on actual enterprise mail traffic in order to keep the spammers from gaining any advantage.
To that end, Secure Computing developed TrustedSourceT, the most precise and comprehensive reputation system available. TrustedSourceT keeps enterprises ahead of the spammers in the ongoing battle for the inbox by leveraging intelligence on e-mail senders and the types of e-mail they are sending from over 4,000 sensors located in over 40 countries worldwide. Secure Computing sees more email sent to enterprises and governments than any other messaging security vendor. What this means is that TrustedSourceT has more intelligence driving superior accuracy when creating a reputation score.
How Does TrustedSourceT Work?
By combining years of industry-leading research with the unmatched capabilities of IronMail's Message Profiler, Secure Computing has made some ground-breaking discoveries about the e-mail sending behavior of IP addresses. TrustedSourceT analyzes billions of messages per month from Secure Computing's global enterprise network of over 4,000 sensors located in enterprises and government institutions. This allows TrustedSourceT to score IP addresses anywhere on the spectrum of good to bad, depending on both sender history and message characteristics. TrustedSourceT does not simply lump reputation scores into 10 - 20 buckets. This methodology is fraught with inaccuracies. Rather each senders are graded on very granular scores allowing surgical precision in determining whether a sender is bad, suspicious, or good.
Network Effect Working for You
TrustedSourceT is the first and only reputation system to combine traffic data, whitelists, blacklists and network characteristics with the unparalleled strength of Secure Computing's global network of over 1600 companies (over 1/3 of the Fortune 500) and over 4000 total deployments. The result is the most complete reputation system in the industry and the ability to score all 4.2 billion IP addresses across the Internet.
TrustedSourceT created a profile view of all senders' behavior based on criteria such as:
When the sender is seen for the first time
How much e-mail the sender is responsible for
Does the sender both send and receive e-mail, or just send e-mails
Is the behavior seen bursty in nature, or more of a continuous pattern
TrustedSourceT then utilizes this profile to watch for deviations from expected behavior for any given sender. Secure Computing IronMail appliances report back to TrustedSourceT on all mail flow they are seeing giving TrustedSourceT a real-time view of worldwide mail traffic. Any deviations from predicted behavior are picked up by TrustedSourceT and if a new reputation score is derived for a given sender, that new score is immediately available to all IronMail units in the field.
Stop Zombies and Hackers
Rather than give the benefit of the doubt to unknown or unfamiliar senders, TrustedSourceT takes a "guilty until proven innocent" approach to reputation scoring. By examining the frequency with which we have seen e-mail activity from a particular IP address and the quality of the sent messages (via IronMail's Message Profiler), TrustedSourceT assigns the address a probability of being a spammer or zombie machine that has been taken over by hackers and used to send spam, viruses or other unwanted messages.
Based on information gathered from IronMail units in the field, Secure Computing identified approximately 50 million IP addresses that send approximately 70% of all e-mail on a daily or nearly daily basis. The other 30% comes from IP addresses that have not been previously encountered, and of those messages, over 95% are spam, viruses or other undesirable messages, leading Secure Computing researchers to the conclusion that IP addresses that are encountered for the first time are more than likely zombie machines. Secure Computing typically identifies over 170,000 new zombies a day using this principle.
Constant Feedback
The more unwanted messages IronMail units encounter, the better they get at detecting and stopping them. TrustedSourceT provides real-time intelligence on sender status to IronMail units in the field. based on continuous feedback from those units on the types of email they are seeing, who the senders are, Message Profiler scores of all inbound email, etc. , Creating a cycle of feedback benefits all parties involved (except the spammers) and allows IronMail to achieve the highest level of accuracy in distinguishing the good e-mail from the bad. By tracking sender behavior over time, Secure Computing's database of sender reputation is constantly growing and being refined.
TrustedSource PortalT
This is a free online resource that provides precise information about e-mail sender reputation by domain and IP address. Located at www.TrustedSource.org, the TrustedSource PortalT is the only website in the world that provides administrators a view into current and historical reputation and sending patterns of the senders, as well as analytical information such as country of origin, network ownership, and hosts for known senders within each domain. Additionally, the TrustedSource PortalT provide a snapshot of global e-mail trends, including a map illustrating country of origin for e-mail attacks, graphs displaying overall e-mail and spam volume trends, Secure Computing's ZombieMeter, and a snapshot view of e-mail authentication deployments across the internet.
