Fortinet takes a comprehensive and multi-layer approach and uses a number of filtering techniques to detect and filter spam.

1. Global filters. Through the FortiGuard distribution network, FortiGuard AntiSpam service provides two databases, namely FortiIP and FortiSig, as global filters. FortiIP is a sender IP reputation database while FortiSig is a spam signature database. These global filters are constantly updated and enable our FortiGate, FortiClient and FortiMail products to detect and filter most prevailing spam in the Internet.
   
   
2. Customized filters. Various customized spam filters are provided to compliment the Fortinet's AntiSpam solution on the service delivery units: FortiGate, FortiClient and FortiMail. These customized filters range from banned words filters, local white and black lists of sender email address, heuristic rules, to highly sophisticated techniques such as Bayesian training in FortiMail. See the documentation of respective products for more information.
   
   
3. Dedicated service team. To complete Fortinet's AntiSpam solution and provide our customer with best in class AntiSpam service, our dedicated service team of engineers and analysts is committed to respond to and resolve any false positive report and other issues in 24 hours, monitor and analyze latest spam techniques, continuously update FortiIP and FortiSig databases, and research and design new spam filters.
   
   

FortiGuard AntiSpam Service filters include FortiIP and FortiSig database. FortiIP is a sender IP reputation database, and FortiSig is a spam signature database containing three types of signatures: FortiSig1, FortiSig2 and FortiSig3.

•   FortiIP - sender IP reputation database.

  Most of spam is presently sent from mis-configured or virus-infected hosts. FortiGuard AntiSpam Service maintains a global IP reputation database where the reputation of each IP is built and maintained based on tens of properties of this IP address gathered from various sources. The properties of an IP address include its whois information, geographical location, its service provider, whether it is an open relay or hijacked host, etc. One of the key properties used to maintain the reputation is the email volume from this sender as gathered from our FortiGuard service network. By comparing a sender's recent email volume with its historical pattern, FortiGuard AntiSpam Service updates each IP's reputation in real-time and provides a highly effective sender IP address filter.

•   FortiSig1 - spamvertised URLs.

  About 90% of spam has one or more URLs in the message body. These URLs link one to spammers' website promoting their products and services. In the phishing spam, these URLs direct one to a fake bank or other financial institution's website preying for private financial information. FortiGuard AntiSpam Service collects spam samples through our global spam trap network and spam sample submissions from our customers and partners. The URLs are then extracted from the spam samples and went through our rigorous QA process before being injected the FortiSig Database. The URLs are then subject to the continuous aging process where obsolete ones are removed promptly.

•   FortiSig2 - spamvertised email addresses.

  Similar to the spamvertised URLs, lots of spam have an email address in the message body that prompts one to contact the spammers. By extracting these email addresses from the spam sample, these spamvertised email addresses provide another powerful global filter to identify and filter spam.

•   FortiSig3 - spam object checksums.

  In line with the release of FortiOS 3.0, FortiGuard AntiSpam Service releases one additional global filter as FortiSig3 to counter attack those hard-to-detect spam that do not contain FortiSig1 or FortiSig2. Using a proprietary algorithm, objects in spam are identified and a fuzzy checksum is calculated from each object. The object can be part of the message body or an attachment. The checksum is then added into the FortiSig database, providing another highly effective global filter with virtual no false positives.

•   FortiRule - dynamic heuristic rules.

  This is the latest component offered in the FortiGuard Antispam Service, available in FortiMail version 3.0 MR1 and later. This global filter uses dynamically updated heuristic rules to identify spam, exploiting various attributes in the spam message header, body, mime header, and attachments. With manually crafted heuristic rules for specific spam attacks, FortiRule further increases the catch rate with virtually no false positives.

To judge an email message as spam is quite subjective. Most people easily agree on some email message as being spam, such as the never ending messages of Viagra ads and Nigeria scam messages. Some may include all advertisements and newsletters as spam, others may consider newsletters as legitimate email.

FortiGuard use the industry standard's definition of spam as Unsolicited Bulk Email (UBE). Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent and the sender has no discernible relationship with all or some of the recipients. Bulk means the message is sent as part of a larger collection of messages, all having substantively identical content.

A message is considered spam if both Unsolicited and Bulk. Unsolicited Email can be normal email, such as first contact enquiries, job enquiries, and sales enquiries. Bulk Email can be normal email, such as subscriber newsletters, customer communications, discussion lists. The message content is generally irrelevant in determining whether a message is spam though most are commercial in nature. There is spam that fraudulently promotes penny stocks in the classic pump-and-dump scheme. There is spam that promotes religious beliefs.

Technically, an email message is spam if

• The recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients;
  
  
• And, the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.
  
  

Spam submitted will be analyzed, their signatures will be extracted and added to our spam signature database, which makes FortiGuard AntiSpam detecting and filtering similar spam. We appreciate your submitting spam samples, but do not respond to them because of the volume.

Submission Instructions:

For Microsoft Outlook:

Method 1:

1. Open Microsoft Outlook
2. Create a new email to submitspam@fortinet.com
3. Drag the message(s) you want to submit from the "message listing" pane into the body of the new message window you just created.
4. Send the message.

Method 2:

Set Outlook to forward email as original attachment by

1. In Outlook menu, click "Tools" -> "Options"
2. In "Preference" tab, click "Email Options..." button in "Email" section
3. In the drop-down section "When forwarding a message," choose "Attach original message text"
4. Click "OK"

From now on, you can simply click "Forward" button in Outlook and put submitspam@fortinet.com to "To:" address to submit a spam.

1. Open Microsoft Outlook Express
2. Right-click the message you want to submit, click "Forward As Attachment"
3. Put submitspam@fortinet.com to "To:" address
4. Click "Send"

Method 1:

1. Open Thunderbird/Mozilla/Netscape mail
2. Create a new email to submitspam@fortinet.com
3. Drag the message(s) you want to submit from the "message listing" pane into the 'attachment' area of the new message window you just created.
4. Send the message

Method 2:

Set Thunderbird/Mozilla/Netscape to forward email as original attachment by

1. Click "Edit" -> "Preference"
2. In Composition section, there is a drop-down option for "Forward messages". Choose "As Attachment".
3. Click "OK"/"Close"

From now on, you can simply click "Forward" button in Thunderbird/Mozilla/Netscape and put submitspam@fortinet.com to "To:" address to submit a spam.

If you are using web-based mail like yahoo, please forward the spam email as attachment instead of inline text.

Due to the volume of the spam submitted, we do not respond to any spam submitted.

If you notice a false positive, a clean message marked as spam by FortiGuard AntiSpam Service, or if you believe an IP address, URL, or email address is blacklisted incorrectly, you can either:

• Send a request following Signature Lookup
• Or, email the request to:
  
    

If you are the email sender who had an email message incorrectly blocked:

• Send us the error message you received. The error message shall look like this:
  
  

  mail.xxx.xxx #5.7.1 smtp;554 5.7.1 This message has been blocked because it contains FortiGuard - AntiSpam blocking URL/IP(s).(black url/ip xxx.xxx)

If you are a Fortinet customer:

• Send us the AntiSpam log messages obtained from FortiGate, FortiClient or FortiMail, including your Fortinet product's serial number. The AntiSpam log from FortiGate shall look like this:
  
  

  Feb 26 19:15:13 xx.xx.com date=2006-02-26 time=19:15:14 device_id=FGT-xxxxxxxxxxx log_id=xxxxxxx type=emailfilter subtype=smtp pri=notice vd=root src=xxx.xxx.xxx.xxx dst=xxx.xxx.xxx.xxx src_int=wan1 dst_int=internal service=smtp status=detected from="xxx@xxx.com" to="xxxx@xxx.net" msg="The email contains FortiGuard - AntiSpam blocking URL(s).(black url xx.xxxx.xxx)"

Please send any questions or concerns to: