Cloudmark Sender Intelligence
Highly Accurate Sender Reputation Data to Improve E-Mail Security
Cloudmark Sender Intelligence™ (CSI) is a comprehensive global sender monitoring and analysis system that delivers timely and accurate reputation on good, bad, and suspect senders. CSI uses real-time data from Cloudmark's Global Threat Network™ system to create the industry's most comprehensive sender reputation service. Cloudmark Sender Intelligence data can be integrated into network perimeter devices, such as edge mail transfer agents (MTAs) to protect valuable messaging infrastructure against spam, phishing, zombies, botnets, and today's advanced converged threats. Additionally, CSI provides significant additive security coverage to existing DNSBLs. What's more, the use of good-sender data reduces potential false positives when combined with a traditional DNSBL.
Features and Benefits
Comprehensive, Real-time Data Sources
Cloudmark constructs extremely accurate sender profiles based on a variety of data sources, including:
| Data Source | Description |
|---|---|
Traffic Pattern Statistics | Cloudmark Authority® is installed in more than 100 major ISPs and 35,000 enterprises globally. These installations report statistics on messages received, including how many messages from each IP address were categorized as spam or legitimate. The vast distribution of this data enables global identification of spam sources. |
Trusted End-User and Honeypot Feedback | Cloudmark's Global Threat Network (GTN) consists of more than 700 million end users and millions of automated honeypot sources. With every report, CSI tracks the source IP addresses to adjust reputation scores. Data from the GTN enables Cloudmark Sender Intelligence to not only track high-volume attacks but also low-volume distributed threats that trickle messages out from multiple source IP addresses. |
Fingerprint Correlation Statistics | As messages are scanned by Cloudmark Authority or Cloudmark Desktop, fingerprints are generated that represent unique aspects of the message. By analyzing the occurrence of fingerprints in messages sent from a given IP address, CSI can accurately identify senders whose content is suspicious even before a message is identified as spam. |
Third-Party Data | This data includes external sources (including Cloudmark partners) and publicly-available data such as whether or not the sender is known to be an email forwarder, part of a service provider's dynamic IP range, etc. |
These innovative and broad data sources give CSI greater breadth of coverage than traditional sender reputation solutions.
Sophisticated Data Analysis Engine
Cloudmark Sender Intelligence analyzes traffic pattern, feedback, and fingerprint correlation statistics to establish and adjust sender reputation scores in near real time. In addition, CSI leverages a variety of proprietary sender identification systems and third-party data, to provide additional classifications of senders beyond reputation. Examples of Cloudmark's sender identification systems include Newsletter Sender Logic, which identifies newsletter senders, Mail Forwarders Identification, which identifies public mail forwarders, and Dynamic Space Analysis, which verifies that an IP is contained within a service provider's dynamic IP address range.
The Cloudmark Advantage
Faster and More Accurate Sender Categorization
Most sender reputation services rely primarily on traffic pattern statistics. While this can be an effective approach for establishing a reputation, it's a reactive approach that introduces latency during which environments are vulnerable to new spam-senders. As attackers grow their botnets and use dynamic IPs to generate spam, traffic pattern analysis alone is no longer sufficient.
On the other hand, by combining fingerprint correlation statistics, a data source unique to Cloudmark, along with feedback statistics from users and honeypots, Cloudmark can more rapidly identify spamming senders as well as good senders and close the vulnerability gap. This can happen well before any meaningful traffic pattern statistics emerge. By analyzing the correlation of multiple fingerprints in different messages, both spam and legitimate, CSI proactively and reliably detects suspicious activity during the zero-hour attack phase.
Cloudmark's unique Advanced Message Fingerprinting™ algorithms allow message verdicts to be rendered retroactively without the need to rescan the message. This means Cloudmark can correctly adjust a sender's reputation as fingerprints associated with messages sent in the past by a sender are discovered to be spam — without requiring any new spam indicators or information. For example, during the initial burst of a spam attack, 10,000 messages were detected from a particular sender and only 50 percent were identified as spam — so the sender's reputation would be determined based on a spam ratio of 50 percent. However, if minutes later, Cloudmark detects all the messages to be spam, the sender's reputation gets recalculated based on a spam ratio of 100 percent even if the sender does not send anymore messages. Feedback from end users and honeypots also has similar effects on the reputation score, but their impact will not be as quick as fingerprint analysis.
Dynamically Updated Protection
Cloudmark Sender Intelligence updates its data in real time and customers receive updates within minutes. This is a significant improvement over traditional DNSBLs that typically update every 30 minutes. It's also an improvement over existing query-based reputation services because the data can reside within the customer's environment and can keep up with the high-performance requirements of service providers.
To learn more about Cloudmark, email us at sales@cloudmark.com.
For customer support issues, please go to Cloudmark Support.