Monday, August 13, 2007

TrendMicro ERS - Email Reputation Services

ERS is the first line of defense in mail system that allow stopping SPAM before it can flood your network, overload mail gateway security, and burden system resources.

The ERS family includes TrendMicro ERS Standard and Advanced. The Advanced combines the services of Standard Reputation database with dynamic real-time anti-spam technology.

ERS Standard is DNS query-based service. When an incomming mail message is received from an unknown host, ERS query the standard reputation database server. If the host is listed in the standard reputation database, you chooses the appropriate action to be taken with that email.

ERS Advanced is a dynamic real-time solution that identifies and stops sources of SPAM while they are in the process of sending millions of messages. The TrendMicro team continuoulsy monitorsnetwork end traffic patterns and immediately updates the reputationdatabase as new SPAM sources emerge, often within minutes of the first sign of trouble. ERS Advanced is a DNS query-based service like ERS Standard, but they use a distinct database who have distinct entries and there is no overlap if the IP address.

How ERS Work

The actual implementation of ERS involves up to two DNS look-ups per IP address. The Standard ERS query are the first one. Any positive answer from this database should result in your mail server returning a '550' error, or rejection of the requested connection.

For the Advanced ERS, if the first query to standard ARE database does not return a positive answer then a second query is made to the dynamic reputation database. A positive answer from this database should result in your mail server returning a '450' error, or temporary failure of the requested connection. Listing is this database are occasionally legitimate mail servers that have compriomised hosts behind them that are temporarily sending SPAM. If the connection request is from a legitimate mail server it will re-queue and try again later, causing a delay in mail delivery until the listing expires but not blocking the mail.

posted by Hervé SCHLECHT @ 9:23 PM