Santronics Software, Inc.
Wildcat! Anti-Spam Support

Please read our disclaimer below.

Introduction:

The Wildcat! Mail System includes two powerful AVS components to help control and manage the "spam problem:"

wcSAP and SMTPFILTER are wcBASIC applications designed by Santronics Software and has been very successful and popular since 2003. Both are separate systems.  WCSAP focuses on controlling the anonymous or non-authenticated mail delivery process by validating the sender of the mail.  SMTPFILTER provides system administrators a way to defined specific mail filtering rules.   It is important to understand SMTPFILTER does not provide you with "ready-made" anti-spam rules, just examples.  It provides the "means" for you write your own anti-spam rules or integrate 3rd party software.

Quick Installation:

The AUTOUPDATE and CD installation will automatically install the Wildcat! AVS components. You can turn it off/on in the Wildcat! Configuration Mail Server setup section. You can edit the INI files directly or you can use the web-based AVS Manager using the URL link /services/wcavs directed at your wcWEB server.

What is the Spam Problem?

Wildcat! views the spam problem beginning as a "non-authenticated" or "anonymous access" mail transaction problem.  

Industry research has shown over 60% to 80% of all spam provide a spoofed, fake or bad information which is not checked by current SMTP software.  

Wildcat! will try to address the "spam problem" by protecting the SMTP envelope information against what is called the "spoofed domain" without even seeing or checking the mail content.  This is done using wcSAP.

Once this (SMTP envelope) information is ok,  Wildcat! allows you to define mail filtering rules to analyze the mail content for spam or viruses.  This is done using SMTPFILTER.  It is important to understand, these mail filtering rules are not defined by Wildcat! but by the system administrator. 

The "Spoofing Spam Problem:"

When a mail sender connects to your wcSMTP mail server to begin sending mail, wcSMTP will know the following information about the sender:

For the most part, the basic overall problem with the SMTP mail standard is that the above three pieces of information not checked.   If you look at the SMTP Protocol State Machine diagram, it suggest that all the system needs to do is validate the information as it is provided at each step.

Unfortunately, the SMTP mail standard has it written in stone that they "can't be checked" or even if they were invalid, the SMTP relaxed provisions suggests mail should not be rejected because of this.   

Because of this, over 60-80% of all spams provide a fake or bad information which is not checked by current SMTP software 

Worst, now virus writers have learned from the spammers who exploit the weakness of SMTP "bounce mail system" by providing, not bad addresses, but good addresses, maybe your address or your users.  So when a SMTP server rejects mail, it bounces the virus mail back to a legitimate user thus further spreading the virus.

So in short, the SMTP weak provisions have created a "Spoofing Spam Problem" to the tune of a $8-9 billion dollar cost on the industry.

How wcSAP addresses the problem:

wcSAP is designed to control what is called "Spoofing Spammers" using SMTP technical compliancy  with no logic to analyze the mail content.    The three pieces of information provided by the mail sender will be checked by WCSAP.    wcSAP is called at the RCPT TO: state point as shown in the SMTP protocol state machine.  

Note, the Mail From: (or Return Path) is not necessarily the sender's email address. Technically it is the address of the system or person sending the mail on behalf of the author.  However, in most cases, it is the address of the author.   Regardless of who the address belongs too,  wcSAP is designed to enforce the validity of this address.

Once the sender attempting to send mail is deemed SMTP compliant, Wildcat! will allow you to define a policy based on "mail content" to accept or reject the final reception of mail.  To understand this process, Santronics is not in the business of analyzing mail content and will make no attempt to reject mail once the sender is deemed SMTP compliant.  Once mail is transferred but not received by wcSMTP,  you can use SMTPFILTER using your own "decisions and rules" to tell wcSMTP if it should reject or accept the reception and storage of mail.


Disclaimer:

Santronics has invested much resources in researching and addressing the "spam problem." Even though we believe you will find the Wildcat! new anti-spam system eliminating a large percentage of spam,   keep in mind it is not a 100% solution.  Santronics is not in the business of analyzing mail content and will make no attempt to reject mail based on "content."  Mail Rejection is a system administration policy, not a technical policy. wcSAP is designed to control what is called "Spoofing Spammers" using SMTP technical compliancy using technology to help control the illegal mail sender with no logic to analyze the mail content.  SMTPFILTER is designed to provide the system administrator the ability to define rules (key words lookups,  integrate 3rd party AVS tools like wsSpamGuard, spam-assassin, etc) to analyze the mail content after wcSAP approves the sender. By using this system, you agree Santronics Software is not liable for lost of legitimate mail due to any anti-Spam rejections deemed incorrect.