Services

MailRoute Technology

Overview

Redundant, Distributed, Reliable

MailRoute's distributed network of data centers at the "edge" of the Internet allows us to provide a 99.999% message filtering availability guarantee. In addition, by dynamically routing incoming and outgoing email to the optimal network location, we can provide our filtering services with a virtually undetectable latency time - most messages are processed in under one second.

Architecture

The "Edge"

Unlike in-house solutions which require you to install, manage and maintain hardware and/or software, the MailRoute system operates on the "edge" of the Internet, outside your corporate network. MailRoute filters your email traffic before it enters your network, reducing network and server load, lowering management issues, and providing a highly effective level of protection.

How it Works

Implement any or all MailRoute services by simply adjusting the MX ("mail exchange") record of your DNS servers. When an email is sent to your company, the MailRoute DNS servers analyze the health and performance of the MailRoute network and reply with the optimal choice. The email enters the MailRoute network and is analyzed, processed and passed along to its ultimate destination - typically in under one second.

Managed Service

The Managed Service Advantage

The most effective email protection sits outside a company's network and acts as a frontline defense. Positioned between the Internet and your email server, this solution is designed to block spam and viruses before the threats reach you. The expertise of a managed service provides a pro-active, dynamic defense against spammers' constantly shifting strategies.

A managed service provides the following important benefits:

Virus and spam filtering happen before the traffic reaches your network: the "bad stuff" never even reaches your network or servers. This has the effect of:

reducing bandwidth
lowering mailserver CPU and memory resource needs
no viruses reach your mail server
software downtime doesn't result in viruses or spam sneaking through

You never fall behind in virus spam filtering updates.
A risk-free implementation.
Your email server is unaffected - you don't have to configure or change your software or hardware.
Very low entry cost:

no initial allocation or ongoing commitment of IT resources
no hardware or software to purchase
no upfront costs

No single point of failure
Disaster Recovery is included - if your email server is down, we'll queue up your mail until it's back and running
Ongoing development of new features
The service never becomes obsolete

Email Spam Protection

Overview

MailRoute's spam-filtering service passes all email through a multi-layered spam filtering system that identifies up to 96% of inbound spam. This processing takes place outside your network, reducing your traffic and email server processing loads. Since email is blocked at the Internet gateway, users no longer have to sort through and delete spam email in their inboxes. MailRoute acheives an extremely low false-positive rate - 1 in 250,000 messages.

How It Works

Since MailRoute is a fully managed service, implementation of the Anti-Spam service requires only that you sign up with MailRoute and then make a simple change to the DNS records for your domain. There is no interruption in your email services during the implementation period. There is no software or hardware required.

Once the DNS change is made, email will start flowing through the MailRoute network where each message is inspected by our multi-layered spam filters. Clean email is delivered to your email server, and spam is tagged or quarantined, depending on your preferences. Spam is no longer stored on your corporate network.

Features

Multi-Layered Protection: Multiple spam-fighting technologies catch up to 96% of spam.

GreyListing to block spam 'bots and zombies
Blacklists of known spammers.
Spam fingerprint databases.
Lexical analysis to identify common spam words or phrases.
Bayesian filtering.
Distributed traffic pattern analysis identifies new spam.
White and Blacklists let you adjust scores, depending on the sender.

Multiple spam processing options give you flexibility.

Quarantine: spam is stored in the MailRoute SpamStore® for seven days, and is accessible via a web-based interface.
Subject line rewriting: prepending of a word or phrase and the SpamScore® into the message's Subject line.
Custom header lines are added to each message so you can select your own criteria for filtering.

Customizable on a per-user or per-domain basis. Each user may have their own individual settings for sensitivity and processing.
Domain-wide or individual white and blacklists let you block or allow specific addresses.
Compatible with all email systems - regardless of platform or underlying operating system.
Implementation takes only minutes and is risk-free.
99.999% uptime guarantee.

Benefits

Risk-free implementaion. Filtering and blocking begin once you make the DNS change.
Increased employee productivity. No more daily deletions of unwanted email.
Reduced risk from valuable, critical mail messages being missed or overlooked due to a high volume of spam.
Reduced company liability from offensive emails.
Increased server and network efficiency. Unwanted content is removed before it reaches your network.
Solution does not require you to update servers or desktops.
Frees up valuable IT resources.
Requires no hardware or software.

Email Virus Protection

Overview

MailRoute's virus-filtering service passes all email through multiple anti-virus engines. This process provides redundancy and ensures that only clean email is delivered through to the corporate mail server. Since each engine is updated every 10 minutes, recognition of fast moving viruses is optimized.

How It Works

Since MailRoute is a fully managed service, implementation of the Anti-Virus solution requires only that you sign up with MailRoute and then make a simple change to the DNS records for your domain. There is no interruption in your email services during the implementation period. There is no software or hardware required.

Once the DNS change is made, email starts flowing through the MailRoute network where each message is inspected by multiple anti-virus engines

MailRoute partners with the leading virus-protection companies. Since our solution uses multiple partners, we are able to deploy the most effective virus scan to counteract fast moving viruses and we can optimize across the updates provided by the leading companies.

All types of messages are recursively decoded and scanned.

Features

Multiple anti-virus engines protect your email.
Updates occur every 10 minutes, 24 hours a day.
Infected email is detected and destroyed before it reaches your network.
No hardware or software is required.
Implementation takes only minutes and is risk-free.
99.999% uptime guarantee.

Benefits

MailRoute's anti-virus engines are always up-to-date.
Solution does not require you to update servers or desktops.
Multiple scanners provide additional redundancy, so you don't fail to catch a new virus.
Rapid, seamless implementation activates protection in minutes.
Frees up valuable IT resources.
Since email viruses do not reach your network or your server, your security is increased.
Reduced load on servers, particularly during heavy virus outbreaks.

MailRoute GreyListing Service

MailRoute's GreyListing service is a unique service available to all MailRoute customers at no additional charge as an integral part of the standard spam filtering service.

We have found that GreyListing has proven to be very effective at reducing spam - particularly the most egregious types, including image-based spams. Some of our users have reported that the amount of spam that sneaks past MailRoute has dropped significantly, others have shown that as much as 70-90% of their spam volume is being caught by this new technique.

GreyListing relies on the fact that most spam-sending software, "bots", "zombies" and "trojan-horses" do not behave in the same way as legitimate mail servers. It requires no maintenance, and no interaction from either the sender or the recipient. It is a fully automated service. "Bots", "zombies" and "trojan horses" infect as many as 60-80% of all consumer PCs (1), and which are responsible for the transmission of as much as 50% of all spam (2).

How does it work?

GreyListing makes a sender's email server jump over a simple hurdle before MailRoute will accept it's email. The first time somebody sends you an email, we check to see if that person has emailed you before using the same email server. If not, we tell the sending server "back off and try again in a minute". Regular mail servers are used to seeing this sort of message, and for all sorts of reasons. For example, Microsoft Exchange will give this same temporary error message if it's running low on disk space, or the server is overwhelmed with mail processing.

Legitimate mail servers will take this "try again" message in stride, wait a minute or two, and then make a new connection attempt. This time the mail will come right into the MailRoute servers, where it will run through the usual gamut of email processing that checks for viruses and spam, and if clean, it will be delivered right to your mail server.

But 'bots, zombies and trojan-horses, email viruses, and much of the mass-mailing software programs used by the typical spammer are designed to simply send out as many spams as possible as quickly as possible. Not only can they not handle the error message, they also don't have the facilities to queue up and retry sending the emails. So the MailRoute GreyListing service blocks these spams and viruses outright.

Will this cause any delays?

Yes - but only the first time somebody sends you an email. Typically there is a one to two minute delay the very first time that somebody sends you an email. All subsequent times there's no delay - email passes right on through. And we've also built in a lot of smarts too - if we see a lot of legitimate mail coming from a particular mail server, we automatically allow all mail from them to come in without the delay. Our adaptations eliminate even the initial delay about 70% of the time.

This service has been up and running at MailRoute since February 2006. We do not receive complaints from our users about email delays. Let's face it - people don't expect email to be instantaneous.

But to help alleviate these delays and assuage concerns, we can implement the service with a training period of a few days to a week. During this training period, we gather information, but don't delay any mail. When the training period is over, the system starts blocking mail, but all your common email senders are probably already in the database, so they are never delayed.

What exactly is "GreyListing"?

Note: This section is adapted from the original whitepaper on greylisting by Evan Harris, 2003-08-21 (3). This whitepaper originally inspired our use of GreyListing as a method to increase our spam capture rates.

GreyListing looks at three key pieces of information:

IP address of the host trying to send email
Envelope sender address
Envelope recipient address.

The first time the MailRoute GreyListing service sees this particular "triplet" of information, it is logged into a database, and the sending mail server receives a temporary deferral error code - in other words, it is politely told to 'try again in a minute". Since Internet email transport isn't guaranteed, the possibility of temporary errors is built into the Internet specifications (4). A well-behaved email server will try again to deliver the message. When it does, we accept the message and pass it along to the rest of the MailRoute filters for further processing and delivery. We also note the successful re-delivery attempt in our database, and we never bother delaying that triplet again.

However, much spam software is not based on a legitimate email server technology. It is designed to send millions and millions of messages as quickly as possible. It never retries to send a failed message. And infected PCs, those with "bots", "zombies" and "trojan horses" on them that send out email on a spammers behalf don't either. Email from these types of senders is blocked right away.

Greylisting has shown to be quite successful in blocking fast-moving email-borne viruses too, since they do not, in general, retry deliveries.

MailRoute's adaptations to generic "greylisting"

We've made numerous adaptations to the generic type of greylisting to improve accuracy for corporate users. These include:

Training Period: We've implemented a Training Period option, which allows for the database of triplets to be prepopulated over a few days to a few weeks. This way, common triplets will already be in the database when the system goes "live", eliminating any delay for those senders.
Adaptive Delay Requirements: We vary the amount of time a server must wait before retrying by a variable amount. We can't have spammers get past us by simply sending each email twice. At the same time, we don't want to require an unacceptably long period to have to go through before an email is accepted after the first attempt (a minimum of 4 hours in the original reference implementation (5))
Static Whitelisting: Major ISPs and mail providers who are known to be "good citizens" are already whitelisted in our implementation.
Automatic Whitelisting: Based on patterns showing legitimate email traffic from servers, we automatically whitelist particular IP addresses, or even blocks of addresses to remove future delays entirely.
User Overrides: The GreyListing service can be enabled and disabled for entire domains or for individual users. An individual's settings can override the domain settings, so that it's possible to GreyList for a customer, while disabling GreyListing for a particular address or set of addresses.

Footnotes:

http://news.zdnet.com/2100-1009_22-6031108.html
http://www.pcworld.com/news/article/0,aid,121381,00.asp
http://projects.puremagic.com/greylisting/whitepaper.html - Evan Harris
ftp://ftp.rfc-editor.org/in-notes/rfc821.txt - in particular, Appendix E, the discussion of a "Transient Negative Completion reply".
Harris, ibid

Store & Forward/Disaster Recovery

Overview

MailRoute's highly redundant cloud of email processing servers can provide a backup to your internal email infrastructure. Email is a complicated service to provide, and yet it's an absolute necessity for just about all of us. If your server crashes, or if you have to take it offline for upgrade or maintenance, MailRoute will hold your email for you, until your servers are back up and running, and ready to handle taking on email delivery. This ensures that no email is bounced, and your reputation is protected.

How It Works

The Store and Forward/Disaster Recovery service is an integral part of our inbound email filtering services. Once you change your MX record to direct email to MailRoute, we filter it, and send it on it's way to your server. But if your server is down, or if you're installing a new version of the OS, or if it's overloaded and out of disk space or RAM, or even if you're having some sort of temporary internet connectivity problems, we will hold the email. We don't bounce it back to the sender - that would be embarassing, like having your phone disconnected. Instead, we queue it up, and retry your server periodically, until we detect that it's back up and receiving email. Then we feed the email at a slow pace to start, and ramp up speed if we see that your server can handle it. We'll get all your stored email to you as quickly as possible, and your email senders will never even know you were down.

Features

Fully automated. Requires no configuration or maintenance. We detect the downtime automatically, queue email, and initiate delivery when you're back up and running, with no intervention required.
MailRoute's highly available cloud network provides reliability that's incredibly difficult and expensive to create in-house.
Compatible with all email systems - regardless of platform or underlying operating system.
Implementation takes only minutes and is risk-free.
99.999% uptime guarantee.

Benefits

Risk-free implementaion. Filtering and blocking begin once you make the DNS change.
No embarassing explanations to your customers or partners about why you can't seem to keep your email server running.
Reduced risk from valuable, critical mail messages being lost due to maintenance windows, planned, or unplanned downtime.
Increased server and network efficiency.
Solution does not require you to update servers or desktops.
Frees up valuable IT resources.
Requires no hardware or software.

Outbound "SmartHost" Services

Overview

With MailRoute's outbound service, email from your users is routed to our servers for filtering before it is sent off to external users. This protects your partners and customers from receiving virus-infected emails, and makes sure that your users aren't sending out spam, whether it's inadvertent or on purpose.

If you're tired of finding yourself on blacklists, or having trouble delivering email to the intended recipients, MailRoute's outbound service can help. We'll help you set your mailserver to send all email to us first, and then we take responsibility for the delivery of the email, lightening the load on your server, isolating your server from the rest of the internet for added security, and simplifying administration and maintenance.

How It Works

Once you sign up for the Outbound filtering service, you'll simply set the MailRoute outbound servers as a "Smart Host" or "Smart Relay" in your email server, and all email will then flow from your server to ours. We check it for spam or viruses, and then deliver the final email to the recipient's mail server.

Every message is run through the same anti-virus scanners that are part of our inbound filtering service, to ensure that your users aren't sending out any virus-infected emails.

Next, each message is checked for it's spam content. Whether your worry is about users who don't understand the impact of sending email that looks like spam, or about users who might have some sort of 'bot or zombie on their computer that is sending out spam without the user's knowledge, MailRoute's filters will help find and block this, helping to preserve your domain's reputation.

A flexible and powerful policy system ensures that users don't abuse their email privileges, by limiting users to a reasonable amount of email at a time. Our standard system limits each user to 500 emails to 500 recipients, and a maximum of 500MB of data per hour. Of course, this can be adjusted for a domain, or for a user, allowing you to be sure that users live within the bounds of appropriate email use.

Features

Anti-virus filtering by the same powerful MailRoute engine that powers our inbound services.
Spam checking using the MailRoute content filters ensures users aren't sending spam.
Policy management enforces outbound email quotas, preventing user abuse, or infected computers on your network from sending out spam
No hardware or software is required.
Implementation takes only minutes and is risk-free.
99.999% uptime guarantee.

Benefits

Stop abuse of your email resources.
Improves the deliverability of your email.
Reduces load on your email servers.
Simplifies your email server configuration and reduces management requirements.
Frees up valuable IT resources.
Since your server is isolated from the rest of the internet, your security is increased.