Highly Accurate Sender Reputation Data to Improve Email Security

Cloudmark Sender Intelligence (CSI) is a comprehensive sender monitoring and analysis system that delivers timely and accurate reputation and categorization for different senders. CSI combines real-time data from Cloudmark's Global Threat Network system as well as service providers own environment to create the industry's most comprehensive sender reputation service. The Global Threat Network monitors traffic from all Cloudmark Authority installations worldwide, representing over 15% of all internet email traffic.

The data collected from the Cloudmark Global Threat Network consist of user feedback reports, honeypot reports, real-time IP volume statistics, and real-time fingerprint volume statistics. Supplementing the data received from the Global Threat Network system and the service provider environment, Cloudmark’s Security Operations Center (SOC) performs expert analysis and provides additional monitoring and intelligence. Cloudmark Sender Intelligence data can be integrated into network perimeter devices, such as edge mail transfer agents (MTAs), to protect critical messaging infrastructure against spam, phishing, zombies, and today's advanced converged threats. The frequency of updates and the granularity of the data allows for greater flexibility in policy management, contributing to greater accuracy.

Sophisticated Data Analysis Engine

Cloudmark Sender Intelligence analyzes traffic patterns, feedback, and fingerprint correlation statistics to establish and adjust sender reputation scores in near real time. In addition, CSI leverages a variety of proprietary sender identification systems and third-party data, to provide additional classifications of senders beyond reputation. Examples of Cloudmark's sender identification systems include Newsletter Sender Logic, which identifies newsletter senders, Mail Forwarders Identification, which identifies public mail forwarders, Dynamic Space Analysis, which verifies that an IP is contained within a service provider's dynamic IP address range, and Local Volumetric Analysis, which determines customer specific recommended rate limits for individual IP addresses.

Faster and More Accurate Sender Categorization

Most sender reputation services rely primarily on global traffic pattern statistics. While this can be an effective approach for establishing a reputation, it's a reactive approach that introduces latency during which environments are vulnerable to new spam-senders. As attackers grow their botnets and use ever more sophisticated mechanisms to 'fly under the radar' with each spam source by sending very limited numbers of messages from each zombie host, global traffic pattern analysis alone is no longer sufficient.

By combining fingerprint correlation statistics, a data source unique to Cloudmark, along with feedback statistics from users and honeypots, Cloudmark can more rapidly identify spamming senders, as well as good senders, closing the vulnerability gap. This can happen well before any meaningful global traffic pattern statistics emerge. By analyzing the correlation of multiple fingerprints in different messages, both spam and legitimate, CSI proactively and reliably detects suspicious activity during the zero-hour attack phase.

Additionally, utilizing actual traffic data from individual service providers, CSI can establish specific expected traffic pattern for each service provider and detect anomalous behavior both earlier and more accurately than competing solutions. As new traffic pattern statistics are received at Cloudmark, the traffic patterns continue to be updated to ensure the most accurate reputations are derived.