About additional services, features, and anti-spam technologies

The application uses the following additional features, services, and technologies of Kaspersky for more thorough anti-spam protection of email:

• DNSBL (Domain Name System Block List). This feature retrieves information from DNSBL servers containing public lists of IP addresses used by spammers.
• SURBL (Spam URI Realtime Block List). This feature retrieves information from SURBL servers containing public lists of links leading to online resources advertised by spammers. Thus, if a message contains web addresses from that list of links, it will most likely be spam.

  During spam rating calculation, the application considers the weight assigned to each responding DNSBL and SURBL server. If the total rate of servers that responded makes more than 100, the application assigns the message the Address blacklisted status and performs the action that has been specified for this status. If the total rate of servers that responded makes less than 100, the application increases the spam rate of the message.

• KSN (Kaspersky Security Network). Infrastructure of cloud services that provides access to the Kaspersky online knowledge base containing information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the effectiveness of some protection components, and reduces the risk of false positives.

  KSN is disabled by default. To start using KSN, you have to accept the KSN Statement that governs the procedure for collecting information from the computer running Kaspersky Security.

• Enforced Anti-Spam Updates Service. The service providing quick updates to the Anti-Spam database. If the Enforced Anti-Spam Updates Service is enabled, the application will keep contacting the servers of Kaspersky and updating the Anti-Spam database as soon as new spam descriptions become available on Kaspersky servers. This approach helps improve the efficiency of Anti-Spam against new emerging spam.

  To ensure proper functioning of the Enforced Anti-Spam Updates Service the following conditions are required:

  • a constant Internet connection of the computer that hosts the Security Server
  • regular updates of the Anti-Spam database (recommended frequency: every five minutes).
• Reputation Filtering. A cloud-enabled reputation filtering service of additional message scanning that moves messages requiring additional scanning to a special temporary storage area named Quarantine. During the specified period (50 minutes), the application scans the message again using additional information received from Kaspersky servers (for example, from KSN). If the application has not marked the message as spam during this time, it allows the message to reach the recipient. Reputation Filtering increases the accuracy of spam detection and reduces the probability of Anti-Spam false positives.

  To be able to use Reputation Filtering, you have to confirm your participation in the Kaspersky Security Network (KSN) and accept a special KSN Statement.

  Messages that have been moved to Quarantine by Reputation Filtering but have not be tagged as spam are delivered to recipients after the 50-minute period expires even if the application is closed or paused.

• Dynamic DNS client. This feature detects whether the sender IP address potentially belongs to a botnet using reverse lookup of its DNS. This functionality can be used provided that the protected SMTP server is not serving any xDSL or dial-up users.
• SPF (Sender Policy Framework) technology. A technology that checks the sender's domain for signs of spoofing. Domains use SPF to authorize certain computers to send mail on their behalf. If a message sender is not included in the list of authorized senders, its spam rating will be increased.
• DKIM (DomainKeys Identified Mail) technology. Technology enables the recipient to verify that a mail was indeed sent from the declared domain. DKIM technology is designed to combat falsified sender addresses, which are frequently used in phishing emails and spam.
• DMARC (Domain-based Message Authentication, Reporting and Conformance) technology. Technology with extended functionality, within which SPF and DKIM technologies can be used. The technology determines the policy and actions to be taken with messages based on the results of SPF and DKIM checks of the authenticity of message senders.