PracticalHost EnsureMail and Exchange 2016 feature a seven layer spam & virus protection with the following details:
EMAIL SPAM FILTERING
Spam doesn't just distract your employees; it can also expose your systems to malware and phishing attacks. We estimate that over 95% of all email traffic is spam. Businesses lose millions of dollars in productivity and additional infrastructure expenses due to spam. To make matters worse, organizations that maintain in-house email servers are fighting a losing battle, because spammer tactics constantly change. To defeat spam, you must stay one step ahead of the evolving threat
At PracticalHost, we continuously update the spam filtering system we use for our EnsureMail and Exchange in a multi-layered process and as a result, eliminating 98% of spam—with near zero false positives.
LAYER 1: THE GATEWAY SCAN
As soon as an email arrives, our gateway servers try to match the sending IP address to an aggregated blacklist compiled from multiple spammer tracking systems. The servers analyze the email message in comparison to other arriving mail. If a large number of emails arrive simultaneously from a single IP, or are addressed to users that do not exist in our system, it could signify a spam attack, and the servers block the offending email. If the sending address is from a domain in our system but the mailbox does not exist, the servers block the email.
LAYER 2: CLOUDMARK® SCAN
We scan all email with Cloudmark's industry-leading spam detection software. Cloudmark uses Advanced Message Fingerprinting™ to detect viruses, spam, and phishing. Advanced Message Fingerprinting uses algorithms that detect spam across all languages and character formats. These algorithms update every 60 seconds based on worldwide feedback loops and the latest spam tactics.
LAYER 3: THE MESSAGE SNIFFER SCAN
We scan email with Message Sniffer from ARM Research Labs. Message Sniffer relies on pattern recognition and machine learning technology to detect spam and malware. It searches the entire message for spam and malware features, including unusual headers, message source behaviors, structural artifacts, obfuscation techniques, binary and image signatures, email and URL targets, unusual code fragments, and even coding styles.
EMAIL VIRUS PROTECTION
About 2% of all incoming emails contain viruses—and our systems block more than 10,000 virus-infected emails every day. During new virus outbreaks, our systems are capable of blocking over 1 million messages per day. PracticalHost Email includes multi-stage, server-level virus detection. Our virus scanning system can handle spikes for long periods of time, processing every email without causing delays.
Our anti-virus system scans all inbound and outbound emails using a 4-stage process:
Stage1: Restricted Attachments
First we scan messages for dangerous types of file attachments. Dangerous files can execute code, which can be used by hackers to spread viruses or damage your computer. Restricted file types include, but are not limited to, program files (.exe, .com), script files (.bas, .vbs, .js), and shortcuts to files (.lnk, .pif). When an email containing a restricted file attachment is detected, the system rejects the email and the sender receives a "bounced" email notification.
Stage 2: Normalization
This stage of the email anti-virus process searches for formatting vulnerabilities that can hide viruses from scanners. If the system finds any vulnerability, it corrects the formatting of the message so that it can be thoroughly scanned (this is called "normalizing" the message). Normalization protects against known Microsoft® Outlook® security threats.
Stage 3: Decompression
Many of today's viruses use compression as a way to sneak past virus scanners, sometimes even compressing themselves several layers deep. If the email contains any compressed attachments such as .zip files, the system temporarily unzips them to scan them for viruses. If an attachment (such as a password-protected .zip file) cannot be decompressed, our system scans the original file for virus signatures that occur within compressed attachments
Stage 4: Virus Scan
After the first 3 steps are complete, an email anti-virus scanner processes the email and its uncompressed attachments. This provides maximum protection against new virus threats. Our system automatically updates virus definitions hourly, giving customers protection from new viruses within minutes. Compare that to most desktop and server AV programs, which check for new virus signatures once per day.