Login | Site Map |
Technology Overview
Enterprise Anti-Spam Gateway
Anti-Spam SDK
Plug-in for SpamAssassin
Zero Hour Virus Outbreak Protection SDK
GlobalView Mail Reputation Service
GlobalView Zombie Intelligence Service
DCC Licensing
GlobalView Mail Reputation brochure  
IDC Report: "Fighting in the Gray Zone" 
Check IP Reputation
Real-Time Spam Outbreak Monitor
On-demand Webinar with the Ferris Group: Understanding Mail Reputation Services
White Paper – The Impact of Messaging & Web Threats  
Subscribe to Commtouch’s Quarterly Newsletter
Watch Our Anti-Spam Video
Products  >  GlobalView Mail Reputation Service  >  How It Works
How GlobalView Mail Reputation Works
The sending SMTP host attempts to connect over port 25 to your MTA. The MTA delays the connection and queries the Commtouch GlobalView Mail Reputation service about the reputation of the source and how to handle it. The query is generated over HTTP, UDP or RBL/RBL+ protocol to a locally deployed daemon, named ctIPd. The daemon is responsible for collecting real-time and dynamically updated reputation data about the source by communicating to the Commtouch Datacenter. The dataabout the source is gathered bymonitoring its global email sending behavior andis composed of the volume of sent emails in several time frames,the spam ratio of its sent emails,a calculated risk level,computed IP class and other relevant information. Additionally, ctIPd maintains local data in severaltime-basedwindows about the all the previous times that itwas already queried about this source. All of this information is used to generatea recommended action to apply on the source. The response to the MTA ora security device querying about the source on behalf of the MTA includes the raw reputation data and the recommended action, which can be either to accept the connection, refuse with a permfail or to tempfail it as part of a throttling logic that was calculated for this source.
GlobalView Components
  • Querying Device
    Term "querying device" is used as a generic term for mail transfer agents (MTA), security appliances, networking devices, or any device that is capable of receiving email messages or monitoring SMTP traffic and generating a query to ctIPd over HTTP, UDP, or RBL/RBL+ protocols. Once a response from ctIPd is received, the querying device is responsible for applying connection management decisions and flow control actions based on ctIPd’s response.

  • ctIPd
    A daemon (ctIPd) that performs various functions, from receiving and processing incoming requests from querying devices to determining the reputation of specific sources and quickly responding to the querying devices with details on several key data types along with recommended action. Typically, ctIPd is deployed on-site in order to guarantee high performance and availability to local querying devices.

  • ctIPd Protocol
    In order to enable communication between a querying device and ctIPd, and easy integration by its OEM partners, Commtouch has developed a simple communication protocol. This protocol enables OEM partners to communicate with ctIPd and thereby to provide GlobalView reputation services to their users. Communication between ctIPd and the querying device can be accomplished over HTTP, UDP or RBL/RBL+ interfaces.

  • Commtouch Datacenter
    The Commtouch Datacenter monitors global email traffic in real-time (24*7*365) from various sources on an ongoing basis and maintains a vast database of reputation and classifications that are determined based on numerous dynamically changing parameters.
Back to Main GlobalView Product Page
Home | Contact Us | Site Map | Privacy Policy | © Copyright | Powered by Netica