Block Messages Before Viruses

You need to scan incoming email for malware, such as spam and phishing and viruses. It's wrong to scan for viruses first.

That is a cycle-intensive process that requires opening up messages and assessing the contents. Scanning for malware needs to be a layered process, that checks for other things before delving into content. Eg, you should check for suspicious sender IP addresses, and suspiciously formed email headers, first.

There's a wealth of subtle, "out of band" information that can be gleaned at the connection level. The anti-spam filter should be first in a pipeline, and should be outside the organization's firewall, or in the DMZ. Increasingly, integrated email gateway security products are filtering spam and viruses, so this architectural issue is moot.

Post a comment

You must be logged in to post a comment. To comment, first join our community.