Patrol SPAM Filter
spam for Exchange and Lotus Domino
Patrol Spam Filter works with Exchange and Lotus Domino and uses a
multi-layered anti-spam approach to effectively detect spam messages,
analyzing headers, content and third party lists. Spam messages can be
forwarded to a junk mail folder, quarantined or deleted and can include
a header or tag. Quarantined mails can be viewed from the program or
via the web. Policy Patrol includes an advanced challenge/response
system and allows users to update white lists and black lists via
public folders and mailboxes.
Version 4 now includes many new features including Sender Policy
Framework, public folder management, move to junk mail folder and
improved anti-spam challenge/response. What else is new in version 4?
By blocking unwanted mails, Policy Patrol Spam Filter for Exchange and
Lotus Domino reduces network traffic, saves bandwidth and improves
employee productivity. Policy Patrol ships with a default configuration
that will start blocking spam within seconds after installation. Policy
Patrol is used by companies such as USA.net, Nissan, Daewoo, Targus,
Canadian Pacific Railway, Lotto, Fujitsu Services (Central Government
customer) and many more.
Patrol uses a multi-layered approach to block and filter spam messages,
utilizing a combination of different anti-spam techniques:
Real-time black lists (RBL)
Spam URL Realtime Block Lists
Block IP addresses
Check language character
White lists and black lists
Sender Policy Framework (SPF)
Spam message management
Patrol can reject, delete, quarantine, redirect and add a tag to spam
messages. In addition it can forward the message to the user's junk
Quarantine, delete, add tag or header
Forward to user's junk mail
Exchange Server 2003
Anti spam reports
Regular anti-spam updates
Policy Patrol uses Bayesian filtering to statistically analyze email
content in order to determine whether the message is legitimate or
spam. By comparing the contents of an email message with words in a
legitimate and spam database, Policy Patrol calculates the probability
that a message is spam. Policy Patrol includes automatic email learning
to keep the filters up to date.
black lists (RBL)
By using real-time black lists Policy Patrol can stop spam from even
entering your mail server, thus saving the bandwidth for downloading
the messages. However, you can also decide to accept the messages and
quarantine, add a tag or header, or delete the mails in Policy Patrol
(with the possibility to undelete). Each list can be handled
differently by Policy Patrol, for instance you can reject all messages
from known spammers lists, but quarantine messages from an open relay
list (these lists are more likely to contain false positives since some
genuine customers might not be aware that their mail server is being
used for relaying).
URL Realtime Block Lists (SURBL)
As opposed to RBL lists that include
sender IP addresses and domains, SURBL lists are used to check URLs
contained in the body of email messages. Even if spammers try to bypass
existing heuristic and Bayesian filters by replacing text with images
or including minimal text, they will still need to include a URL to be
contacted on. Therefore checking the URLs against a list of known spam
domains provides an important additional layer of protection and can be
successful where other filtering methods fail. SURBL lists require zero
administration, are constantly updated and fine-tuned and most of them
are free to use. SURBL Lists also provide specific protection against
the growing problem of phishing since they include domains of known
Policy Patrol analyzes message headers
for spam characteristics using a sophisticated weighting system. Each
spam characteristic is given a score according to the certainty with
which it indicates spam. When the total score reaches the message
threshold, the message is considered as spam. New spam characteristics
are automatically added when they become available (see regular
Policy Patrol offers sophisticated
keyword filtering using case sensitivity and word scores, allowing you
to combine word scores found in the subject and body of a message to
trigger a rule. Furthermore Policy Patrol includes word pattern
matching enabling the program to find variations of words with one
single regular expression. The product ships with sample anti-spam
filters with frequently used spam words and phrases (including regular
expressions) which can be used to block unwanted messages. Since Policy
Patrol removes all HTML tags before checking the email text, the
product is capable of successfully stopping spammers who try to
circumvent spam filters by placing HTML comment tags within the text.
Policy Patrol can also be configured to specifically check the HTML
code, which can be useful for checking links and/or scripts.
Policy Patrol can be configured to
block certain IP addresses or IP address ranges known to be spam
language character sets
Policy Patrol can block mails that use
certain character sets, for instance Chinese or Korean character sets.
lists and black lists
Policy Patrol allows you to create your
own white lists and black lists and can also automatically add email
addresses to these lists. This allows you to for instance create a
white list for all email addresses that your users send messages to.
Addresses can also be added from selected quarantined items, allowing
you to for instance add the sender of a quarantined newsletter to a
white list in order to let the message through next time. It is also
possible to create a public folder where users can drag and drop spam
or legitimate messages to. Policy Patrol will update the white/black
lists and Bayesian databases accordingly.
Policy Patrol includes an advanced
anti-spam challenge/response system, allowing you to configure when a
challenge/response request should be sent. For instance if the sender
is not in a white list, or only if there is reason to suspect spam. The
sender will be able to verify the message through a website, upon which
the message will automatically be delivered.
Policy Patrol is one of the few
products that can stop NDR spam attacks. An NDR (Non Delivery Report)
spam attack is when a spammer sends a large number of mails to a fake
email address at your company with the intended spam victim as the
sender. The result is that your mail server will send a non-deliverable
report to the sender, i.e. the spam victim, with the original spam
Policy Patrol can prevent this by performing recipient verification. If
the recipient is not found in the Active Directory/Exchange 5.5 or
Lotus Domino directory, the message is rejected (i.e. not downloaded),
therefore saving bandwidth. Legitimate emails that have been mistakenly
addressed will still generate an NDR, however this NDR will not be sent
by your mail server but by the sender's own mail server.
Policy Framework (SPF)
The Sender Policy Framework (SPF)
allows you to verify whether the sender is actually who they say they
are. This means that by using SPF, Policy Patrol can block spoofed
emails and thwart phishing attempts.
delete, add tag or header
Policy Patrol can reject (i.e. not
download messages that are listed on real-time black lists or do not
have valid recipients), quarantine (i.e. place spam messages on hold on
the server), delay, delete, add a custom header, or add a tag to the
subject of spam messages.
to user's junk mail folder
If you have Exchange 2000, Exchange
2003 or Exchange 5.5, Policy Patrol can automatically forward spam to
the individual user's junk mail folder. If you do not have Exchange
Server you can configure Policy Patrol to add a header to spam messages
and set up a rule in Outlook that places these messages in a 'Spam'
folder for the user to review. Policy Patrol can also forward spam
messages to a public folder.
Server 2003 anti-spam integration
Policy Patrol can apply a Spam
Confidence Level (SCL) to a message, allowing Outlook 2003 to place
messages with a certain SCL Level in a separate “spam” folder. This
feature requires Exchange Server 2003 or Windows Small Business Server
Spam messages on hold can be monitored
from the Policy Patrol Administration console (locally and remotely) or
from a web browser (Policy Patrol Web Manager). For every message,
Policy Patrol displays an anti-spam report that shows the results of
each anti-spam check performed (including words and their score if
appropriate). This allows you to adjust your filters and conditions
accordingly. By setting user permissions, administrators can allow
certain users to perform actions for selected folders, such as viewing,
deleting or delivering messages.
Policy Patrol includes several
anti-spam reports providing an overview of the number of spam messages
received, the top spam domains, spam senders and spam receivers, DNSBL
and SURBL lists results and much more. Anti-spam reports can be auto
generated and emailed.
Policy Patrol includes a POP3
downloader that allows you to download POP3 emails and forward these to
Exchange Server. Policy Patrol will also check these emails for spam.
Policy Patrol includes a default
configuration that stops spam right out of the box. Regular anti-spam
updates are made available to maintenance holders.
Policy Patrol can be configured
remotely by installing the Policy Patrol Administration console on a
remote machine and connecting to the Policy Patrol installation. If you
have more than one installation of Policy Patrol, you can administer
all installations from the same Administration console.
To use Policy Patrol you require the
Windows 2000 Professional or (Advanced) Server, Windows XP Professional
or Windows Server 2003.
Microsoft Exchange Server 2003, Exchange Server 2000 or Exchange Server
5.5 (or Windows Small Business Server), Lotus Domino or other mail
Microsoft .NET Framework 1.1 (if you do not have this installed the
Policy Patrol installation will download this for you).
Download a 30 day evaluation version of Policy
Patrol Enterprise and try it for yourself. Works with Exchange Server
or Lotus Domino Server.