From eScan Wiki
||· eScan · MailScan · Technologies||· Technical Info · Security Awareness · User Guides|
|Domain & IP Reputation Check Technology||
Individuals and organizations often use e-mail as their mode of correspondence. However, of late, most people have started complaining about their inboxes being flooded with unsolicited bulk e-mails or spam e-mails. Spam e-mails often contain links to malicious Web sites, such as phishing Web sites and may contain virus and other malware.
It is therefore imperative for users to determine whether the e-mail that they have received is authentic and from a trusted source. The reputation of the sender depends on criteria, such as the number of invalid e-mail addresses to which the sender is sending mails, the number of spam complaints made about the sender, and the IP address of the sender. This concept is called IP-based sender reputation and it is used to determine the reputation of an IP address based on what it has sent out in the past.
This approach has its own share of disadvantages. If an organization uses a marketing service for marketing its products, it may share its IP reputation with other organizations that use the same service provider. So, if one of the organizations is involved in spamming, all other organizations will have the same IP reputation. Moreover, if an organization changes its IP address, its IP reputation will depend on the reputation of the new IP. But, if the organization uses an actual domain name instead of an IP address, its reputation will be independent of the computer or location. This concept is called domain-based sender reputation.
However, most organizations use both IP-based and domain-based sender reputation. Therefore, eScan uses the DIRC technology to block spam e-mails.
How DIRC Works?
eScan’s DIRC technology verifies the credibility of Web domains by tracking suspicious activities happening on their Web pages. ISPs usually follow authentication standards such as Sender Policy Framework (SPF), Sender ID, and DomainKeys and Domain Key Identified Mail (DKIM). DIRC also verifies the integrity of the IP addresses by comparing them with a list of known e-mail senders (Real-time Blacklist Servers [RBL servers] and Auto-Spam Whitelist) and by using a dynamic service that assesses the reputation of e-mail senders on a real-time basis. If the e-mail fails to conform to any one of the criteria, DIRC tags it as [SPAM] and takes the appropriate action on it.
Benefits of DIRC
The following are some of the benefits of the DIRC technology:
In this chapter, you learnt about the DIRC technology and how eScan uses it to block spam e-mails.