Especially with new technologies, our recommended default rules then change. In support, we occasionally see filter settings from long-time NoSpamProxy customers that deviate from our current recommendations to a greater or lesser extent. In this article we show you the settings that are made with a fresh NoSpamProxy 14 installation and that we consider to be the recommended minimum security. In addition, we explain some background information on individual filters and actions.
In this table you will first find an overview of the activated filters and actions of the current standard set of rules. The weighting of the filters is indicated in brackets.
Filter | Actions |
---|---|
32Guards (1) | Malware Scanner |
Spam URI Realtime Blocklists (2) | URL Safeguard |
Core Antispam Engine (1) | S/MIME and PGP check and decryption |
Reputation filter (1) | Disclaimer application |
Realtime Blocklists (2) | CxO Fraud Detection |
CSA Certified IP List (2) | 32Guards |
Greylisting |
Filter | Event |
---|---|
32Guards (1) | Malware Scanner |
Spam URI Realtime Blocklists (2) | URL Safeguard |
Core Antispam Engine (1) | S/MIME and PGP check and decryption |
Reputation filter (1) | Disclaimer application |
Realtime Blocklists (2) | CxO Fraud Detection |
CSA Certified IP List (2) | 32Guards |
Greylisting |
Tip for each update
If you want to quickly check what has changed in the standard rules after a successful update to a newer NoSpamProxy version, simply use the wizard to recreate the standard rules. You will find the corresponding button directly under the set of rules:
Clicking on “Generate default rules” opens a dialogue in which you can choose whether the new default rules should completely replace the previous set of rules or whether the new rules should simply be appended at the bottom.
For a quick comparison of the rules, we recommend the option “Append default rules to existing rules”. Now you have, for example, the rule “All other inbound emails” twice in the overview and can easily compare the configured filters and actions. It is up to you whether you continue to work with the newly created rule or adapt the existing rule.
Notes on individual filters and actions
In this section we explain individual filters and actions and provide important notes.
32Guards
32Guards is a metadata-based service in NoSpamProxy Cloud, which was first released under this name with NoSpamProxy V14. Until then, it was known as “Project Heimdall”. As an action, it was already present in version 13.0 from February 2019. Today, 32Guards is on the one hand a filter that influences the evaluation of the spam confidence level, and on the other hand an action that can directly reject threats temporarily or permanently. You can also find more information about 32Guards here. In the default ruleset, both are always activated.
Spam URI Realtime Blocklists
The Spam URI Realtime Blocklists filter has been modified slightly in recent years. By default, only the “UriBL” list is activated. Since the introduction of 32Guards, this filter has become less and less important because the URL recognition has been taken over from 32Guards and the filter results there are much better.
The “SURBL” and “Spamhaus” lists are chargeable above a certain query volume and are therefore deactivated by default. Further information on the offers can be found on the website of the respective providers.
Core Antispam Engine
This filter has been included since version 14.0.5. Based on defined criteria, it creates a fingerprint of the email to be checked and compares it with the already known fingerprints. If this is known, NoSpamProxy awards 4 SCL points. NoSpamProxy will thus already reject the email with the default settings. The filter itself has no further configuration options. The administrator can only influence the filter result by weighting with multipliers.
Reputation filter
The reputation filter performs various checks on the email envelope, the content of the email and the headers. Some of the checks also analyse DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework). Depending on the results of the individual checks, SCL points can be awarded, which are individually configurable. In this way, you can adapt the ratings to the requirements of your company. In total, the reputation filter contains 26 individual checks, each of which can be switched on and off, as well as configured. In our online documentation you will find descriptions of the reputation filter checks.
Malware Scanner
This action includes three different scan engines that can be used individually or in combination with each other. As the name suggests, the focus is on the detection of malware.
URL Safeguard
URL Safeguard was first introduced with version 13.0 and ensures that URLs in incoming emails are rewritten. This allows the gateway to re-check the original URL as soon as the recipient has clicked on it, thus significantly increasing security. However, the URL Safeguard action is only part of the system and only takes care of the actual rewriting. The configuration of the rewrite properties and conditions is described in detail here.
CxO Fraud Detection
The CxO Fraud Detection is used to detect phishing attacks where the attacker uses the name of company decision makers in the sender of the email. It compares the sender name of incoming emails with the names of company users. Fake e-mails sent to you in the name of superiors or employees are intercepted in this way.
Different variants of the sender name are included in the comparison:
Jane Doe
Doe Jane
JaneDoe
DoeJane
All company users that you want to use for CxO fraud detection must be activated for the respective company user beforehand.
Not yet updated to NoSpamProxy 14?
With the new version 14.0.5, you can benefit from improved detection quality that protects your mailboxes even better.