• Advanced Message Fingerprinting
• Cloudmark Sender Intelligence
• Cloudmark ActiveFilter Technology
• Independent Trials

Cloudmark ActiveFilter™ Technology

Removing the Speed Advantage from the Spam Equation

Imagine having the power to use present information to make better decisions in the past. This is not a myth, but the latest advancement in spam protection. Cloudmark's breakthrough ActiveFilter technology leverages the most up-to-date data on new threats to filter messages that have been scanned minutes or even hours ago.

Cloudmark's ActiveFilter technology enables service providers act upon false negatives after messages have been delivered. How is this possible? ActiveFilter takes advantage of the unique capability of Cloudmark's Advanced Message Fingerprinting™ algorithms to reduce each message to a small set of fingerprints that doesn't change over time. It keeps a cache of these fingerprints along with other data as each message is scanned. When new fingerprints are identified as spam or virus by the Cloudmark Global Threat Network™, ActiveFilter checks to see if any messages in the cache include these "spammy" fingerprints. If it does, then ActiveFilter notifies the service provider and applications that use ActiveFilter to take action on these recently-discovered threats.

How ActiveFilter Works

Unlike other security technologies that release a new rule or processing logic against a new threat and then has to re-scan all the messages, Cloudmark simply changes the classification of an existing fingerprint from legitimate to spam or virus. Since service providers only need to take targeted action on individual messages that have changed classification, there's little impact on resources.

Cloudmark's ActiveFilter technology can be used for a number of compelling applications:

Inbound Mail Filtering:

• ActiveFilter for Mail Stores: ActiveFilter moves or deletes stored spam messages in a completely transparent manner. Users who have not logged in since the spam arrived will never see the spam.
• Cloudmark Gateway can apply real-time policy decisions to messages that ActiveFilter discovers to be spam. For example, if a particular IP address continues to send messages that have been identified as spam by ActiveFilter, service providers may decide to throttle that IP address or block it completely.

Outbound Mail Filtering:

• Using ActiveFilter, service providers can impose stricter rate limits on IPs connecting to the service provider's webmail platform based the discovery that messages being sent from those IPs turned out to be spam — even after they were sent.
• ActiveFilter can uncover compromised accounts that are sending spam through an authenticated outbound channel such as webmail or authenticated SMTP.

Social Network Threat Protection:

• ActiveFilter can be used to stop "sleeper account" spam, a common tactic whereby spammers create many legitimate accounts and generate friend requests to build up a large social circle. Then, at a later date, the attacker modifies their profile to add the spam call to action and waits for visitors to fall victim to the attack. ActiveFilter enables the identification of all sleeper accounts once the first account is discovered, minimizing the impact of the attack.
• ActiveFilter increases filtering effectiveness by caching the fingerprints with database entries for the content that was scanned and immediately taking action on that content once its fingerprint is discovered to be spam.

Mobile Network Threat Protection:

• Mobile operators can use ActiveFilter to identify and track external parties sending to their networks via ESMEs or point codes on the International SS7 network.
• ActiveFilter can also identify handsets that may have been compromised by a bot or are being mis-used by their owner to send spam — even if the messages were not immediately caught by existing protections.