D-Link NetDefendOS User Manual page 529

When enabled, NetDefendOS will perform a DNS MX query, requesting the IP address of a
mail server associated with the email sender's domain. For example, the sender email address
might be some.name@example.com so NetDefendOS will send an MX query to the configured
DNS server for the mail server at example.com.
If the DNS server recognizes the domain name, NetDefendOS takes no action. If the DNS
server does not recognize the domain, NetDefendOS will add the sub-score for this filtering
option to the overall anti-spam score.
Note that at least one DNS server must be configured in NetDefendOS for this option to work.
If no DNS server is configured, this test will not be performed and its sub-score will not be
added. Configuring DNS servers is described in Section 3.10, "DNS".
This filtering option is enabled by default.
• Malicious Link Protection
This option neutralizes undesirable or malicious HTML links inside emails. It is enabled by
default and is discussed later in this section in more detail. Finding a single triggering link will
add this option's sub-score (a default value of 10) to the total score.
• DCC
The Distributed Checksum Clearinghouses (DCC) method of filtering involves NetDefendOS
sending anonymous checksums that identify an email to an external Clearing House server.
The server returns a value to indicate how many other email recipients have reported
identical checksums. If the returned value is greater than the DCC Threshold property set by
the administrator, the sub-score for this filter option is added to the total anti-spam score.
DCC filtering is enabled by default and the default sub-score is 10. The administrator does not
need to define any DCC servers because NetDefendOS uses D-Link's own server network for
this function.
Note that the DCC option is a subscription based feature and will only function if an
appropriate subscription has been purchased. Subscriptions, as well as DCC behavior without
a valid subscription, is discussed further in Appendix A, Subscribing to Updates.
• DNS Blacklists
By enabling the DNS Blacklists option, up to 10 different DNS Blacklist (DNBL) servers can be
specified, each with its own sub-score (the default value is 10 per server) that will be added to
the total score if that server flags an email as spam.
If a DNSBL server is not responding then its sub-score is not included in the final score
calculation. How DNSBL functions is explained further in Section 6.4.3, "DNSBL Databases".
Email Tagging
If an email score exceeds the Tagging Threshold property, it is marked as being SPAM. This is
done in either or both of two ways:
• Tag Subject
This is enabled by default and adds text to the subject line of an email. The default text is "***
SPAM ***" but this can be set to any string.
529
Chapter 6: Security Mechanisms