Cisco ESA blocks SPAM using:
i) During TCP 3-way Handshake by checking the IP address with the Cisco Talos Database (www.talosintelligence.com)
--> Each and every IP address is associated with the Sender Base Reputation Score
--> SBRS( Sender Base Reputation Score) is assigned with the value -10 to +10 .
--> SBRS Value is assigned to the IP address is based upon various factors
--> You can share the information about the IP addresses to Talos database that are getting blocked/allowed by Enabling SenderBase under Security Services > Sender Base
--> ESA is only going to send the metadata information not email Information to the SenderBase
ii) By checking the content in the Email
--> If the ESA does not found the IP address as SPAM on Cisco Talos Database then it is going to check the Content of the Email.
--> ANTI-SPAM (CASE) in WorkQueue is going to check the content of the email for the SPAM.
--> Context Adaptive Security Engine is the Engine Which Performs the Content Scan of the email for the SPAM.
--> CASE Engine is going to check the content, words, Geolocation of the Sender, Attachment, File Name, File Types to classify the email as SPAM or not
0 comments:
Post a Comment