Using Email Reputation Parent topic

Trend Micro maintains a list of IP addresses belonging to known spam senders in a central database. Email reputation filters spam by blocking the IP addresses stored in this database.

Preparing Your Message Transfer Agent for Use With Email Reputation Services Parent topic

Configure your MTA to perform the appropriate DNS queries for the type of Email Reputation to which you subscribed.
  • Standard: Blocks connections with a 550 level error code (“connection refused”). The MTA returns this error code to the server initiating the connection because the IP address is in the Standard Reputation database as a known spammer.
  • Advanced: Configure the MTA to make two DNS queries. If the MTA does not receive a response from the first query to the standard reputation database, it makes a second query to the dynamic reputation database. The MTA should return a temporarily deny connection 450 level error code (“server temporarily unavailable, please retry”) when a response is received from this database.
Legitimate email servers with compromised hosts temporarily sending spam may be listed in the dynamic reputation database. If the connection request is from a legitimate email server, it will re-queue and try sending the message later. This process will cause a short delay in mail delivery until the listing expires but will not permanently block the email.
Some servers may have additional options for handling questionable IP connections. These options include throttling or routing messages for more detailed scanning.
You can find instructions for configuring the MTA or firewall on the Trend Micro website:
These instructions have been provided by the vendor or manufacturer of the product (MTA or firewall). Refer to your product manuals and/or technical support organization for detailed configuration and setup options.
Note
Note
Insert your Activation Code to replace the instructional text example; do not include any dashes.

Using the Email Reputation Management Console Parent topic

Log on to the Email reputation management console to access global spam information, view reports, create or manage Email reputation settings, and perform administrative tasks.
This section includes basic instructions for using the Email reputation management console. For detailed instructions on configuring the settings for each screen, see the Email reputation management console Online Help. Click the help icon in the upper right corner of any help screen to access the Online Help.

Procedure

  1. Open a web browser and type the following address:
  2. Log on using your Email reputation user name and password.
    The Smart Protection Network portal opens with the Email tab selected and the General screen displaying.
  3. Select Global Spam Statistics from the menu.
    The Global Spam Statistics screen appears.
    The Global Spam Statistics screen ranks ISPs based on the amount of spam they send. The ISP Spam list displays the total spam volume from the top 100 ISPs for a specific week. The networks that are producing the most spam are ranked at the top. The ranking of the ISPs changes on a daily basis. The ISP Spam list displays the following:

    ISP Spam List

    Column Description
    Rank This Week Displays the global rank for this week in terms of total spam volume.
    Rank Last Week Displays the global rank for the previous week in terms of total spam volume.
    ASN The Autonomous System Number (ASN) is a globally unique identifier for a group of IP networks having a single, clearly defined routing policy that is run by one or more network operators.
    ISP Name The registered name for a particular ASN. Some ISPs may have multiple ASNs and therefore appear more than once in the table.
    Spam Volume (24 hours) The estimated total spam that has been sent during the previous 24 hours. This total is updated every hour.
    Botnet Activity An indication of how active botnets are for your email servers. Botnets are groups of infected computers that are controlled by a spammer from a central location and are the largest source of spam on the Internet today. This number indicates the percentage change in the number of bots from the previous hour. To see botnet activity, you must add your email servers to the Valid Mail Servers list.
  4. Click News.
    The News screen appears displaying breaking news about new spam and new features available for Email reputation. Click the following tabs for information:
    • Spam News: Provides a brief overview and discussion of current spamming tactics and the implications for organizations. It also describes how new tactics are deployed, how they evade Trend Micro systems, and what Trend Micro is doing to respond to these new threats.
    • Release News: Provides a brief overview of new features available in Email reputation.
  5. To view reports that summarize the activity between the MTA and the Email reputation database servers, do the following:
    1. Select Report from the menu.
      A sub-menu appears.
    2. Click one of the following:

      Report Types

      Report Description
      Percentage Queries The report shows the percentage of queries that returned an IP address match, which indicates that a sender trying to establish a connection with your email server is a known spammer. The reports are based on connections, not individual spam messages.
      Queries per Hour The report shows how many times your email server queried the reputation database.
      Queries per Day The report shows how many times per day your email server queried the reputation database.
      Botnet Report The report provides a quick summary of the last seven days of spam activity originating from the servers that you listed as valid mail servers. If there was any spam activity in the last seven days for any of the IP addresses that you specified, a red robot icon appears.
  6. To manage protection provided by Email reputation settings:
    1. Select Policy from the menu.
      A sub-menu appears.
    2. Click one of the following:

      Policy Settings

      Policy Description
      Settings
      Configure the Approved and Blocked senders lists.
      You can define your lists by individual IP address and Classless Inter-Domain Routing (CIDR) by Country, or by ISP.
      • Approved Sender: Allows messages from the approved senders to bypass IP-level filtering. The Approved Sender lists are not applied to your MTA, but you can set up additional approved or blocked senders lists or do additional filtering at your MTA.
      • Blocked Sender: Instructs Email reputation to always block email messages from certain countries, ISPs, and IP addresses.
      New ISP Request
      Trend Micro welcomes suggestions from customers regarding other Internet Service Providers (ISPs) to be added to the service.
      Provide as much information about an ISP as you can. This helps Trend Micro add the ISP to the service.
      Reputation Settings
      Configure Email reputation Standard and Advanced settings.
      Standard customers will see only the Enable Standard Settings section.
      Advanced customers will see both the Dynamic Settings and the Enable Standard Settings sections.
  7. To change your password, Activation Code, or to add your mail servers to Email reputation, click Administration from the menu.