Spam (also known as unsolicited bulk email, junk mail, or unsolicited commercial email) is the practice of sending unwanted email messages frequently with commercial content, in large quantities to an indiscriminate set of recipients. Some spam can also include malware (malicious software) or viruses that are loaded onto your computer without your knowledge and run against your wishes.
This article shows the methods that UCT have put in place to try and combat this scourge.
Phase 1: Inbound Lockout |
Spoof attempts are blocked, i.e. where legitimate UCT email addresses are impersonated by non-UCT users. In this way, if a spammer falsifies their sending address to masquerade as an internal domain address, the email will be rejected. |
Phase 2 and 3. Blocked Senders |
This phase restricts messages to or from specific email addresses or domains. |
Phase 4 and 5: Permitted Senders |
All spam checks (reputation-based and content-based), except anti-virus checks, are bypassed. If an email address or domain is in both the Permitted Senders and Block Senders phases, the Blocked Senders phase will be applied first and the email will be rejected. |
Phase 6: Auto Allow |
When an internal user sends an outbound email, the system captures the recipient's email address and adds it to a database known as Auto Allow. When the same recipient sends an inbound email to a UCT user, the recipient's email address is checked against the Auto Allow database and if a match is found, the inbound email will be allowed through without applying additional spam reputation checks and content checks - similar to a Permitted Sender - although virus checks are still applied. |
Phase 7: IP Reputation Checks |
Real-time Blackhole List (RBL), which contains the IP addresses of known malware senders is applied. Other IP reputation check functions as a global network outbreak detection system, both known and unknown. This reputation service temporarily defers connections if they are suspected to have a bad reputation. |
Phase 8: Greylisting |
Compliance checks are applied to the sender's mail server for all connections not previously seen by the system. It returns a busy signal, which prompts the sending server to retry the email delivery after 1 minute. If the sender's mail server retries the connection, the email is processed. If the email is not retried within 12 hours, the email connection is dropped and rejected. |
Phase 9: Recipient Validation |
Prevent inbound emails with invalid recipient addresses. |
Phase 10: Emails moved to the scanners |
|
Phase 11: Attachment scanning | Attachment Policies are configured to look for certain attachment types and sizes. UCT blocks a number of attachments that are considered dangerous as they may contain malicious content such as viruses etc. |