Trend Micro email reputation technology validates IP
addresses by checking them against a reputation database of known
spam sources and by using a dynamic service that can assess email
sender reputation in real time. Reputation ratings are refined through
continuous analysis of the IP addresses' “behavior,” scope of activity
and prior history. Malicious emails are blocked in the cloud based
on the sender's IP address, preventing threats such as zombies or
botnets from reaching the network or the user's PC.
Email Reputation technology identifies spam based on the reputation of the
originating Mail Transport Agent (MTA). This off-loads the task from the Security
Server. With Email Reputation enabled, all inbound SMTP traffic is checked by the
IP
databases to see whether the originating IP address is clean or has been listed as
a
known spam vector.
There are two service levels for Email Reputation:
-
Standard: The Standard service uses a database that tracks the reputation of about two billion IP addresses. IP addresses that have been consistently associated with the delivery of spam messages are added to the database and rarely removed.
-
Advanced: The Advanced service level is a DNS, query-based service like the Standard service. At the core of this service is the standard reputation database, along with the dynamic reputation, real-time database that blocks messages from known and suspected sources of spam.
When an email message from a blocked or a suspected IP address
is found, Email Reputation Services (ERS) stops it before it reaches
your messaging infrastructure. If ERS blocks email messages from
an IP address you feel is safe, add that IP address to the Approved
IP Address list.