Sophos. Stamp out snowshoe spam with Delay Queue in Sophos Email Appliance 3.9

We’re pleased to announce version 3.9 of the Sophos Email Appliance (SEA). This update features Sophos Delay Queue technology – a sophisticated enhancement that increases spam detection by as much as 4% and blocks snowshoe spam.

Snowshoe spam is a type of unsolicited bulk email that spreads the load of a campaign over a large number IP addresses and domains in short busts, much like how snowshoes distribute your weight as you walk on snow.

Snowshoe spam campaigns only run for a few minutes at a time. This technique has proved to be a challenge for traditional anti-spam approaches of content analysis and IP reputation-based systems.

How Sophos Email Appliance blocks snowshoe spam

Our engineering and SophosLabs teams have developed an innovative solution to stamp out snowshoe spam that combines machine-learning technology with a Delay Queue feature.

Delay Queue finds suspicious mail, queues it, then blocks snowshoe spam when the mail is rescanned minutes later.

Here’s how it works.

When the Delay Queue feature is switched on, the SEA enters an 11-day learning routine to determine your organization’s normal email behavior. It records IP addresses to build a history database and highly-accurate queueing heuristic rules to determine suspicious mail.

The SEA then uses these rules to determine how likely a suspicious email is to be spam and moves the email to the Delay Queue. Depending on a how suspicious emails are, they are held for 5-60 minutes.

As a snowshoe spam campaign is typically over within minutes, during the time the mail spends in the Delay Queue SophosLabs will have developed the definitions required to detect any snowshoe campaign emails. When the mail is released from the Delay Queue it is rescanned and spam will be blocked.

Delay Queue already proven in the field

In April 2015, we had a restricted release of SEA which used the Delay Queue feature to great effect. The results speak for themselves:

  • Delay Queue detected 4% more spam.
  • There were zero customer complaints about delayed legitimate mail.

We expect the full roll-out to all customers to be complete by the end of July. So when your appliance updates, make sure you turn on this great new feature to stamp out snowshoe spam.

You can read the original article, here.