Sophos advances its proactive botnet spam defenses with Sender Genotype technology

July 28, 2008 Sophos Press Release

Sophos, the world's largest privately held security software firm­ today announced that its Sophos Email Security and Control offerings will now include Sender Genotype, a next-generation reputation filtering technology, designed to eliminate botnet spam at the IP-connection level. Unlike traditional reputation filters, which rely on prior knowledge of the sender, Sender Genotype effectively identifies aberrant behavior from IP addresses, which have not yet established a reputation and immediately blocks them from connecting to Sophos customers' mail systems.

Based on data collected in 2008, SophosLabs™ estimates that botnets generate nearly 90% of all spam worldwide. This issue is compounded by the fact that spam bots appear online for mere minutes at a time to send targeted messages, often using dynamically assigned IP addresses and low traffic volume to bypass traditional reputation filtering. Sophos Sender Genotype overcomes this inherent weakness by monitoring connection requests and rejecting those showing evidence of botnet connections. Even a new or unknown sender IP (e.g. a newly recruited bot) that has never before sent a message can be blocked using Sophos's breakthrough technology.

"With Sender Genotype, we have emboldened our preventive spam technology to render botnets - the criminal's preferred spamming tactics of the day - virtually ineffective against Sophos Email Security and Control," said Margit McGrath, Director of Product Management, Email Security and Control, at Sophos. "As a result, customers can realize an increase in system performance while doing away with processing and storing terabytes of unnecessary, potentially harmful data."

Sender Genotype is a free, seamless upgrade option for existing and prospective customers of Sophos Email Appliances and PureMessage for UNIX.

In addition to the development of Sender Genotype to counter the ever-increasing volumes of spam, Sophos recently delivered Sophos eXtensible Lists (SXL) to its Email Security and Control solutions portfolio. SXL is an online look-up system that dramatically accelerates the distribution of anti-spam intelligence, moving away from traditional scheduled updates to a real-time system that provides quicker response to new and emerging spam campaigns.