iKu Systemhaus AG
SPONTS
---

SMTP time response analysis

Deutsche Version

On the internet E-Mails are being sent over the SMTP protocol. SPONTS analyses the time response of the sending Server, and it can detect if it is dealing with an legitimate mail server, with special spammer software or even with a virus containing a build-in SMTP engine. SPONTS offers an accuracy rate of approximately 50-60% for spam and an accuracy rate of approximately 80-95% for viruses, on an average mailbox.

Mail Verteilung
This overview shows the amount of different mail types received by a mail server.

Here an e-mail detected by the time response analysis is not further processed by a regular filter. The x-axis shows the days in September 2004. This mail server is a primary mail server for approximately 15 mailboxes and backup mail server for approximately 200 mailboxes. In average this mail server processes about 1,400 mails a day.

Hardly any false positives

Since the introduction of this technology in the beginning of 2004, only 3 incidences occured where e-mail was send by an legitimate mail server but was falsly classified as spam or a virus. In all cases the mail servers themselves turned out to be faulty and not implemented RFC compliant. After the respective producer corrected this error no more problems occured.

Less traffic

For the time analysis only the following few SMTP commands

HELO/EHLO
MAIL FROM
RCPT TO
DATA

are sufficient. This means that it is already clear if the sending server is a legitimate mail server, before the mail body is being transfered and will result in less traffic as there is no traffic generated for spam and viruses.

Whitelisting without any problems

Because the mail envelope is completely transfered, whitelisting based on source IP, sender address or recipient is possible without any problems.

Low system load, very good scaling

The analysis itself hardly needs any computing power, so that a large amount of mail connections can be checked simultaneously. By implementing this technique the mail servers system load usually decreases by approximately 60-80%.

Slow connections are no problem

The time analysis works fine with slow internet connections, for example over a modem, mobile phone or in far-off countries.

Licensing desired

Spam is a problem regarding us all and iKu is helping to reduce the effects. This technique has been filed for a patent and can be licensed irrespective of other iKu Products. For further questions please e-mail to:


http://www.sponts.de/timing-en.jsp