United States
Easy management - our secret sauce. Watch the video tour.
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
Products  

Brochures & Datasheets

Frequently Asked Questions

Network Security Education Center

Product Demos

Microsoft® Visio® Icons

White Papers

Case Studies

Network Security Glossary

Certifications

End-of-Life Policy

Frequently Asked Questions
spamBlocker with Virus Outbreak Detection

General Questions

spamBlocker Functionality

Managing spamBlocker

Licensing

Purchasing spamBlocker

Did you find what you were looking for?

Yes
No


General Questions

Q: What is spamBlocker?
A: spamBlocker is a powerful security service from WatchGuard® that utilizes industry-leading technology to identify spam and malware outbreaks in real time, and protect mail systems from this harmful and annoying traffic . Up to 97% of spam is blocked at the gateway and never reaches the internal mail server--regardless of the spam message’s language, content (including images), or format. Legitimate communications pass through while unwanted emails are stopped cold. And spamBlocker’s response times are extremely fast—outbreaks are detected and classified in a matter of minutes, protecting spamBlocker users before the outbreak reaches them.

spamBlocker includes a quarantine function, which allows the administrator to configure the system to send messages classified as harmful to quarantine. End-users and administrators alike can access the quarantine via web browser, and delete or release messages as desired.

Q: What is Virus Outbreak Detection?
A:Virus Outbreak Detection (VOD) is a technology that works on the same principle as spamBlocker, to detect outbreaks of viruses and other malware around the globe. As with spam outbreaks, virus outbreaks are detected within minutes, with the result that spamBlocker users are protected well before signature-based anti-virus systems can respond.

Q: Why do I need spamBlocker and VOD?
A: Spam accounts for nearly 70% of all email. It bogs down network traffic, spreads viruses, distributes spyware and phishing attacks, and leads unsuspecting users to malicious Web sites where further dangers await. Blocking spam, therefore, is essential for truly robust unified threat management, and spamBlocker is the best service in the industry at distinguishing legitimate communication from spam attacks in real time, blocking unwanted emails. In addition, the extra layer of protection in VOD complements WatchGuard’s application proxies, Gateway AntiVirus/IPS, and other anti-malware systems, to keep viruses, Trojan horses, bots, worms, and other malicious software out of the network.

Q: Who can use spamBlocker?
A: spamBlocker is available to customers who are using:

  • Firebox® X Peak™ appliances (all)
  • Firebox X Core™ e-Series appliances
  • Firebox X Core (pre–e-Series) that are upgraded to Fireware® Pro
  • Firebox X Edge e-Series appliances with v8.5 or later appliance software

Q: What if I have a Firebox X Core that is running the WFS operating system?
A: Core users running on the WFS operating system can upgrade to the Fireware Pro advanced appliance software and then add the spamBlocker security subscription. Otherwise, these Core users can purchase a subscription to SpamScreen. More information on SpamScreen is available at the WatchGuard Partner Web site.


spamBlocker Functionality

Q: What's unique about spamBlocker?
A: spamBlocker operates completely outside of the ongoing "arms race" between traditional anti-spam technologies and spammers. Most anti-spam products attempt to identify and stop spam based on keyword recognition, content and URL filters, and Realtime Blackhole Lists (RBLs). Spammers, however, use many tricks (images, use non-English phrases or content, etc) to avoid detection—often, all too successfully. This is why other anti-spam programs so frequently fail to stop attacks.

Unlike traditional anti-spam products, spamBlocker utilizes industry-leading RPD™ (Recurrent Pattern Detection) technology from Commtouch® that monitors the Internet for the exact propagation characteristics that spammers require—mass distribution. By using the spammers’ key weapon against them, spamBlocker stops up to 97% of spam at the gateway so that it never reaches the internal mail server. Spam is blocked regardless of the language, content including images, or format of the message.

Q: What is RPD?
A: RPD (Recurrent Pattern Detection) technology from Commtouch is at the heart of the spamBlocker subscription. It focuses on detecting patterns in spam attacks, rather than on an analysis of the contents of individual email messages. Because it is content-agnostic, it can detect spam in any language, format, or encoding method. Commtouch monitors and analyzes large volumes of Internet traffic across a global network, sampling hundreds of millions of emails a day. Through RPD technology, Commtouch identifies new spam and malware outbreaks in real-time. These new spam and malware classifications are then provided in real-time to each Firebox X running spamBlocker for up-to-the-minute spam protection.

Q: Does using spamBlocker cause system performance to degrade?
A: No. With the unique RPD technology, spamBlocker requires minimal bandwidth and CPU power because most of the processing is done outside of the Internet gateway.

Q: What are the differences between SpamScreen and spamBlocker?
A: SpamScreen is a rules-based detection system which has to be updated locally with the latest rules and weights. SpamScreen does its processing locally using network resources. Although SpamScreen is effective, it is not proactive and real time. spamBlocker, on the other hand, does not have local rules to configure or download. Most of the processing is done outside of the Internet gateway, thereby sparing local network resources for other tasks. Because of the nature of the Commtouch technology on which spamBlocker relies, real-time outbreak detection is realized – within just minutes. This provides a much higher level of protection against spam and is very effective at blocking spam and other malware such as spyware, phishing, pharming, and viruses.

Unlike spamBlocker, SpamScreen does not include quarantine functionality.


Managing spamBlocker

Q: How is spamBlocker managed?
A: On the Firebox X Core and Peak, and on Firebox X Edge appliances connected to a Core or Peak network, spamBlocker can be managed using WatchGuard System Manager (WSM). WSM is the same intuitive management interface that is used to manage all Firebox X security subscriptions, including WebBlocker and Gateway AntiVirus/Intrusion Prevention Service (Gateway AV/IPS). WSM streamlines network security for the IT expert, while providing indispensable ease of use for novice network administrators. For Firebox X Edge appliances not connected to a Core or Peak network, spamBlocker is managed through the built-in Edge Web Manager.

Q: What information is logged, displayed, and reported for spamBlocker?
A: For Core and Peak users, the Firebox System Manager spamBlocker scoring activity report is now a part of the Security Subscriptions tab, and the Commtouch reference ID and spam score for each email processed by the SMTP proxy is included with the SMTP log output. Additional debugging messages are enabled for troubleshooting spamBlocker by enabling logging for spamBlocker using Policy Manager. Edge users can find spamBlocker activity reports in the Edge Web Manager.

Additionally, Core and Peak customers can find a spam summary Historical Report for information on spamBlocker activity over time.

Q: Can spamBlocker be configured to support a High Availability pair?
A: Yes, spamBlocker will support a High Availability pair for Firebox X Core and Peak appliances. Each license will need to be configured, managed, and updated separately to ensure maximum protection.

Q: Do I have to purchase an additional spamBlocker subscription license for both appliances in the High Availability pair?
A: No. If the primary unit has active licenses for additional spamBlocker subscriptions, the standby unit will be provided with corresponding licenses for each like service. The LiveSecurity® Service subscription must be active on each device to receive these licenses.

Q: After enabling spamBlocker, various employees at my company no longer receive important periodic emails, like payroll notifications. What can I do to fix this problem?
A: There are two solutions to this issue:

  1. For every missing email from an official source, add the sender email address to the spamBlocker whitelist
  2. A false positive email message is a legitimate email that is denied as being spam. A false negative email message is a spam email that does not get correctly denied as being spam. If you find a false positive or false negative email, you can report the classification error directly to Commtouch. You must have access to the email message to submit the message. Learn how to submit a report for a false positive or false negative.

Q: Messages that I believe are spam are being delivered. What is the solution to this problem?
A: This is a more difficult problem to solve than the issue of false positives, because of the highly dynamic nature of spammers. In cases where the same spam is received for more than a few days, you can file a classification mistake report with Commtouch. When reporting false negatives, the original spam email with complete headers is required. You can also add the spam to the spamBlocker blacklist. However, this will likely not be very effective, as spammers change the sender address frequently.

Q: How can I adjust the sensitivity of spamBlocker to spam?
A: Commtouch controls the scoring parameters of the spamBlocker solution. You can decide what scoring levels are delivered. WatchGuard recommends messages scored as 'spam' are never delivered. If you find too many messages are being scored as false positives when messages scored as 'bulk' are not delivered, you can try allowing bulk-scored messages to be delivered. The only risk with this configuration is more spam may be delivered as well. Should too much spam be delivered with bulk-message delivery you can disable bulk delivery, then whitelist any messages scored as false positives.

Many users find the "tag" disposition a useful way to use or fine-tune spamBlocker. By selecting "tag," emails that are classified as spam or bulk are still passed, but with a user-configurable tag appended to the subject line. You can, in turn, use this tag to trigger a rule on your mail server or client to automatically place tagged messages in a specific folder.


Licensing

Q: How is spamBlocker delivered?
A: You purchase a license key, and activate the key on the LiveSecurity site. LiveSecurity, in turn, presents a Feature Key, which you enter in Policy Manager in WatchGuard System Manager (for Core and Peak) or through the browser-based Edge Web Manager. Your spamBlocker subscription will be enabled immediately and is ready for configuration. This process is the same for all Firebox X security subscriptions.

Q: How do I know if my spamBlocker service has expired?
A: If you make a configuration change during the expiration period, WatchGuard System Manager will notify you that the service is expired and offer to remove the service option. To renew, purchase a renewal key from your reseller and enter it into WatchGuard System Manager's License Manager.


Purchasing spamBlocker

Q: Is spamBlocker priced per user?
A: No. There's no costly per-user licensing – a single subscription provides network-wide protection for all users configured behind your Firebox X.

Q: What is included with a security subscription?
A: A 12-month subscription and subsequent yearly renewals include real-time updates from Commtouch, software updates, and documentation.

Q: Can I try spamBlocker before I buy it?
A: Yes. A 30-day trial is available for:

  • Firebox X Peak appliances
  • Firebox X Core appliances running Fireware or Fireware Pro appliance software
  • Firebox X Edge e-Series appliances running v8.5 or later appliance software

Q: How do I keep spamBlocker working after the first year?
A: To renew your spamBlocker subscription, purchase a license key, activate that key on the LiveSecurity site, and enter the resulting new Feature Key into Policy Manager (Core and Peak) or the Edge Web Manager. Your spamBlocker subscription will be extended immediately. This renewal process is the same for all WatchGuard security subscriptions.

Q: Do I have to purchase spamBlocker separately from Fireware® Pro?
A: Yes. WatchGuard security subscriptions are sold separately and are priced based on your Firebox X model.

Q: Do I have to buy a new spamBlocker license when I buy Fireware® Pro if I already have a SpamScreen subscription?
A: When you purchase a Fireware Pro upgrade, your existing SpamScreen subscription and any remaining months on that subscription will roll over and be applied to your spamBlocker subscription. Contact Customer Care for details.

Q: If I want to upgrade from one model to another model within the Firebox X Peak or Core lines, do I need to upgrade my spamBlocker license as well?
A: No, the spamBlocker license does not need to be upgraded at that time. Once you are ready to renew the spamBlocker subscription, you will need to purchase a renewal for the current model enabled on the Firebox. For example, if you upgraded from the Firebox X8500e from a Firebox X6500e, you would purchase and activate a spamBlocker renewal for a Firebox X8500e.