Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1565
Views
0
Helpful
1
Replies

Incoming Policy for hyperlinks

cdmccartney
Level 1
Level 1

‎01-07-2011 08:18 AM

Is it possible to setup an incoming mail policy that checks the text of a hyperlink against the actual address of the link?  For example if someone receives an email with a hyperlink and the text in the email is "click here" and the link goes to www.cisco.com then quarantine.

Labels:
0 Helpful
1 Reply 1

Christopher Smith
Level 4
Level 4

‎01-08-2011 01:18 PM

HI Craig,

This is a great question.  The IronPort appliance does actually check hyperlinks using web reputation scoring, but I don't think it goes as far as validating the address as you describe.  Currently there is not a method that will allow the appliance to validate a link. That type of functionality falls more in line with the WSA appliance.  The web reputation scoring (WBRS) more or less looks for links in email messages that have had a history of being problematic.

What is Web Reputation (WBRS)?

IronPort Web Reputation is an  innovative method that analyzes the behavior and characteristics of a  Web server, providing the latest defense in the fight against spam,  viruses, phishing, and spyware threats.

IronPort Web Reputation™  uses real-time analysis on a vast, diverse, and global dataset to detect  URLs that contain some form of malware. Web Reputation is a critical  part of IronPort’s security database, which protects customers from  blended threats – whether email or Web traffic.

Web Reputation  leverages data from IronPort’s Common Security Database (SenderBase ®  Network), the world’s largest email and Web traffic monitoring network.  tracks over 50 distinct parameters that are excellent indicators of a  URL’s reputation. Using sophisticated security modeling
and malware detection agents, IronPort evaluates these URLs based on these inputs. Some of the parameters include:

• URL categorization data

• Presence of downloadable code

• Presence of long, obfuscated End-User License Agreements (EULAs)

• Global volume and changes in volume

• Network owner information

• History of a URL

• Age of a URL

• Presence on virus / spam / spyware / phishing / pharming blacklist(s)

• URL typos of popular domains

• Domain registrar information

• IP address information

IronPort  Web Reputation differs from a traditional URL blacklist or whitelist in  that it analyzes a broad set of data and produces a highly granular  score of -10 to +10, instead of the binary “good” or “bad”  categorizations of most malware detection applications. This granular  score offers administrators increased flexibility; different security  policies can be implemented based on different Web Reputation scoring  ranges.

For further details, please read the Web Reputation whitepaper at: http://www.ironport.com/pdf/ironport_web_reputation_whitepaper.pdf

Christopher C Smith

CSE

Cisco IronPort Customer Support

0 Helpful
Customers Also Viewed These Support Documents