Threat Intelligence Services: Outbound Anti-Spam

Customer loss, operational cost overruns, brand and reputational damage through blacklists, and even potential lawsuits are just some of the possible consequences that service providers can face as a result of spam emanating from inside their network. Because the problem differs significantly from inbound spam, dealing effectively with outbound spam requires a totally different approach to ensure real protection for service providers.

The problem

Outbound spam can disrupt service provider businesses in several ways:

  • Blocked IP ranges — Spam sent from subscriber PCs can cause entire IP ranges to be blocked, including customers’ legitimate traffic, which will negatively impact customer satisfaction
  • Increased cost — The manual effort needed to remove blocked IP ranges from blacklists and handle angry customers, plus increased support infrastructure, and risk of potential litigation all increase cost
  • Persistent zombies — Blocking outbound spam is not enough. Without identifying the source, you can only treat the symptoms, allowing spammers to change tactics and continue exploiting your network
  • Ineffective solutions — Blocking port 25 or employing standard inbound anti-spam filters on outbound traffic results in high false positives and frustrated users
  • Legislation — Some governments propose legislation requiring service providers to proactively deal with compromised accounts

A unique solution

Cyren’s Outbound Anti-Spam Service is specifically designed to:

  • Detect rapidly and accurately — A small local engine runs the same patented technology used in Cyren’s GlobalView™ Cloud to analyze local traffic, blocking outbreaks as they start with almost no false positives
  • Block any type of attack — Block spam, malware or phishing in real-time
  • Block any type of attacker — Zombie computers, compromised accounts, spammer accounts, and webmail spam are all analyzed and blocked
  • Identify the source — Alerts your abuse team, providing samples of unwanted traffic

Why use Cyren’s Anti-Spam Outbound Service?

  • Increase customer satisfaction — from industryleading high spam and phishing catch rates, coupled with near-zero false positives
  • Protect your reputation — blocking outbound spam at the right time stops you from being blocked and improves your reputation with your customers, other networks, and block list providers
  • Reduce cost — eliminate the expense of resolving blocked IPs, handling angry customers, and increased hardware and support staff
  • Simple integration — industry-standard plugins make deployment easy and fast

How it works

Cyren’s email security solutions rely on patented Recurrent Pattern Detection™ (RPD) technology, which analyzes billions of messages per day to identify outbreaks the moment they occur. To provide accurate protection from lower volume local or regional outbound spam, a local instance of RPD is deployed with each Outbound Spam Engine. RPD then automatically analyzes the collected traffic to provide accurate spam and phishing classifications based on a unique global view of outbreaks.

Outbound email is scanned by the Outbound Anti-spam service engine for both global and locally recurring patterns. This allows the engine to identify spam, phishing, and emailborne malware as well as tracking each sender’s traffic statistics, such as mails per time period, or spam/ham ratio. Once a sender crosses a threshold, notification is sent along with the sender address. Samples of the blocked emails are also provided for analysis as part of the remediation process.


Cyren’s technology is easily integrated into existing platforms, minimizing costs and time-to-market. Integration options include industry plugins for: SpamAssassin, cPanel, Sendmail/Postfix, and MS Exchange, as well as a Standard RBL interface:

  • Single object integration
  • Small footprint
  • A comprehensive SDK (daemon or shared library) with multiple plugin options
Last updated: 2016