Email Protection - Bitdefender Techzone

Bitdefender Security for Exchange provides a comprehensive suite of security features, seamlessly integrated with Microsoft Exchange Server. These features encompass antimalware, antispam, antiphishing, as well as attachment and content filtering. The main objective is to create a secure messaging and collaboration environment while simultaneously boosting productivity.

Bitdefender Endpoint Security Tools with an Exchange role can be installed on Microsoft Exchange Servers to protect Exchange users from email threats. Customers can install BEST on any number of Exchange servers if the number of active mailboxes adheres to the license limit.

Security for Exchange automatically integrates with the Exchange Servers, depending on the server's role. For each role, only the compatible features are installed, as described here. During installation, the built-in Exchange Antimalware agent is automatically disabled to avoid undesirable outcomes. It is also advisable to disable any other third-party antimalware/filtering agents already installed on the server to avoid any performance problems on the server. The server may experience a storm-like effect caused for example by file scanning at the same time by both solutions.

The Bitdefender Exchange Protection module integrates with Microsoft Exchange Server through transport agents in order to filter the email traffic for malware, spam, and custom attachment & content detection rules (transport level filtering). A scan can also be done on demand to check all incoming, internal, and outgoing emails. Administrators can create content filtering rules utilizing regular expressions to scan the body and subject of the message to catch email matching criteria based on compliance with regulations such as ID number or insurance number.

One of the most important functionalities is related to Domain IP which allows detecting spoofed emails and thus increases protection. Admins should use this feature to prevent their own domains from being spoofed. Sophisticated usage of domain spoofing may lead to money stealing, for example impersonating email communications between fake CEO and financial department.

Further elaboration on the antispam functionality is provided below in the section Bitdefender Antispam service, where detailed information about its usage and implementation is described. The same engine is utilized for both Exchange and Email protection, ensuring consistent and reliable security measures.

The Exchange quarantine contains both emails and attachments. While the Antimalware module quarantines only email attachments, the Antispam, Content, and Attachment Filtering modules quarantine the entire email. All reports related to Blocked Content and Attachments, Email, and Malware Activity are accessible to the administrator from the GravityZone console.

Detailed information about Security for Exchange configurations can be found at our Bitdefender Support Center here.

While dedicated email security solutions like Security for Email and Exchange Protection are crucial for filtering threats at the mail server or gateway, the Bitdefender Endpoint Security Tools (BEST) agent, installed on individual user devices, provides an additional layer of security directly at the endpoint.

The BEST agent's capabilities include email protection, managed through the Network Protection module in Web Protection section of its policy configuration. This functionality supports common email protocols such as POP3, SMTP, IMAP, and MAPI, allowing for the monitoring and securing of various types of email traffic. To enable scanning of encrypted MAPI traffic, MAPI interception must first be activated in the General settings of the policy.

Incoming emails (via POP3, IMAP, and MAPI) and outgoing emails (via SMTP and MAPI) are scanned in real time. This process aims to prevent malware from being downloaded to the endpoint from incoming messages and to stop infected files from being transmitted to other devices through outgoing communications. When infected emails are detected via POP3, SMTP, or IMAP, BEST replaces these messages with notifications to the recipients. For MAPI traffic, the system monitors and reports detected threats without replacing the email content.

It's important to recognize that while endpoint protection is a critical component, stopping threats before they reach the endpoint remains a primary objective. A multi-layered security strategy, combining endpoint protection with server and gateway-level defenses, helps reduce the attack surface and provides a more robust defense.

The Bitdefender Antispam service utilizes a combination of antispam filtering and predictive technologies to efficiently detect spam messages in various languages, minimizing false positives, and providing protection against phishing attacks and malicious links in email attachments.  The engine is utilized for both Email and Exchange protection, and it is also integrated into OEM technology solution. As a leading global technology provider, Bitdefender's Antispam services are widely adopted by numerous security vendors worldwide.

In independent tests, such as Virus Bulletin, Bitdefender achieved an exceptional spam detection rate of over 99.9%, with zero false positives, earning Virus Bulletin's highest certification, VBSpam+.

Bitdefender Antispam components

• The IP Reputation system ensures the proactive detection of spam emails by analyzing the sender's IP address.

• Domain and URL Reputation involves extracting the URLs from the message and cross-referencing them with a real-time blacklist to assess their reputation.

• Fingerprinting, by employing cryptographic hashes, the system scans the email structure, headers, and body content to efficiently detect spam content.

• Malicious attachment detection serves as a crucial layer in identifying messages containing malware and phishing attachments.

• Cryptocurrency address blacklists to target extortion scams and detects multiple obfuscated cryptocurrency wallet addresses.

• Spam image detection enhances detection accuracy.

• Email address blacklists to filter out known spamming email addresses.

• Phone number filter to block dating, scam & fraud campaigns.

• Proactive heuristic detection technology combines intricate spam message patterns, advanced heuristic filters, and content analysis methods.

• Spear phishing detection based on FROM and Reply-to header content filtering.

• Email Classification is achieved through our detection types and machine learning classification models, enabling us to categorize emails accurately based on categories like phishing, malware, scam extortion and marketing.

To learn more about the technologies behind the Protection layer, we recommend reading the next article Network Protection.

GravityZone Security for Exchange Servers official website: Bitdefender GravityZone Security for Exchange

GravityZone Security for Exchange Servers Guided Tour: Security for Exchange Servers Guided Tour

Discover the Email Security full potential with our dedicated video masterclasses: Masterclass