The SenderBase Network

Take control with SenderBase™—the world's largest email traffic monitoring service, with data on more than 25% of the world's email and web traffic. IronPort's SenderBase Network provides an unprecedented real-time view into security threats from around the world. With this information SenderBase can be used as a "credit reporting service" for email, providing comprehensive data that ISPs and companies can use to differentiate legitimate senders from spammers and other attackers and giving email administrators visibility into who is sending them email.

Download IronPort SenderBase Network Overview

IronPort's SenderBase and the IronPort Email Security Appliance

IronPort's enterprise email security customers harness the power of SenderBase through IronPort Reputation Filters™ and the SenderBase Reputation Score (SBRS), which boils down SenderBase data into a single score indicating the threat level for each incoming message. SenderBase data also powers IronPort Virus Outbreak Filters™, a preventive security service that protects customers from viruses hours before anti-virus vendors publish virus signatures.

SenderBase Network: 100,000 contributing organizations and 5 billion queries equal unprecedented visibility

How Senderbase Works

Identify Threats First

SenderBase collects data from more than ten times the networks of competing monitoring systems, with data on more than 25% of the world's email and web traffic. This volume provides a very statistically significant sample size, resulting in immediate and accurate detection of even low volume mail senders. A highly diverse group of over 100,000 organizations, including the largest networks in the world, contribute information to SenderBase on a remarkable 5 billion messages per day. The SenderBase Network gives mail administrators unprecedented real-time visibility into security threats from around the world.

Get the Whole Picture

Breadth of data is key to making accurate decisions about security threats. Looking at a narrow set of data can lead to high false positive rates. For example, volume is a very interesting parameter. High volumes of mail correlate very well with spam. But there are legitimate instances of high volumes, such as senders delivering breaking news alerts. Thus if volume alone was the metric, many legitimate mail streams would be blocked. But when volume is examined in addition to other parameters such as end user complaint data, zombie characteristics and country of origin, a much more accurate conclusion can be drawn.

SenderBase examines the broadest set of data in the industry, currently examining more than 90 different parameters about email traffic and 20 different parameters about web traffic. Parameters tracked include global sending volume, complaint levels, "spamtrap" accounts, whether a sender's DNS resolves properly and accepts return mail, country of origin, blacklist information, probability that URLs are appearing as part of a spam or virus attack, open proxy status, use of hijacked IP space, valid and invalid recipients, and other parameters. Never before has it been so easy to distinguish "friend" from "foe" in one place.

Require the Highest Data Quality

IronPort has more than three years operational experience managing data quality and integrity. IronPort developed the Data Quality Engine to assess the quality of a given data feed by cross correlating multiple different data streams with known references or benchmarks. This system allows SenderBase to access even "dirty" data streams and still derive some value by properly weighting the data according to quality. In addition, periodic data calibrations and manual spot checks are conducted.

Find out more at www.senderbase.org and the IronPort Threat Operations Center.