Email Reputation Filters
Many spam proxy firewalls have a feature/technology that enables you to control whether or not an email is accepted from a sender, based on its previous activities. If the sender has sent spam like mails previously then your proxy firewall may mark the email as suspicious and further analyse the email. If it has sent spam mail in the past then it may be blocked or quarantined without further analysing the email.
Fortinet's Fortiguard Distribution Centre (FDN) provides the above functionality. End users can view the Fortiguard Distribution Network website to see the latest malware threats found. FDN's are based worldwide, and their job is to look for all types of threats, not just spam. These include viruses, spam, intrusion attacks, etc. Spam in particular is caught using various techniques such as signing up to many different website's and services like dating website's. These website's usually pass on registered email addresses on. Over time the registered fake account setup by the FDN is target by many spammers. Now the FDN can identify the culprits. This is one basic technique. From this research FDN's update their signatures and send to their Fortinet appliances worldwide for latest security updates. Mcafee's Global Threat Intelligence reputation service is similar to that of Fortinet's FDN. Websense and Message lab in particular also have a very strong network to update their reputation databases as well.
These worldwide networks and centre's setup by vendors such as Fortinet, Secure, Websense and Message Labs monitor the reputation of URL's, IP addresses, domains, individual email accounts and so on, ensuring if they do something bad they would get a bad score, and if they started behaving as expected these sources would start building a good reputation again. This information is passed on to end users worldwide. This information is then used to identify spam, viruses and other threats.
