VBSpam Verified Award
VBSpam is an independent testing and certification scheme for anti-spam products by Virus Bulletin. Participating products get tested approximately bimonthly using Virus Bulletin's live email stream.
The VBSpam Verified award is given to products that exceed a predefined benchmark for spam catch rate and false positive rate.
We are proud to have a strong and stable performance in the challenging VBSpam qualification system ever since ORF was first submitted for testing. This outstanding result was achieved while maintaining an exceptionally low false positive rate.
Legend: Green - award won; grey - test skipped; red - test failed.
Nov '12 Sep '12 July '12 May '12 Mar '12 Jan '12
Nov '11 Sep '11 Jun '11 Mar '11 Jan '11
Dec '10 Sep '10 Jul '10 May '10
More about VBSpam
Learn more about VBSpam at http://www.virusbtn.com/vbspam/
Email Filtering Features
The SMTP transport-level filtering of ORF enables stopping threats right on their tracks and can save you server resources. The ability to bounce emails during transmission also allows proper, standards-compliant NDR handling and prevents backscatter issues, but there is more that you can do with emails.
Spam, phishing and other email security threats are best kept outside your network. Not only ORF works on the network perimeter with Exchange Edge Transport and Client Access Server servers, it does its best job there, while it still allows deployment on internal gateways and Exchange Hub Transport (Mailbox) servers.
The scalable design of ORF means it can do the job for a 1,000 emails a day or 1,000,000 emails a day. For load balanced scenarios, multi-site organizations and clusters, ORF is even capable of sharing its data and configuration between servers out of the box, without expensive datacenter licenses. No matter how fast you expand, ORF can keep up with you.
Email Filtering Features
Each email in ORF goes through up to 23 individual tests to determine its status. These tests are a configurable blend of email security technologies working together to achieve the award-winning filtering performance of ORF. 16 "blacklist" tests are dedicated to detect and stop spam and other threats. The rest 7 tests are "whitelist" tests, which check if the email should be specifically trusted by ORF. This multiple layers of protection combines the power of each technology and fixes their individual weaknesses.
Multiple in-transport filtering points
Unlike other Exchange email filters, ORF employs multi-stage transport filtering, which allows bouncing unwanted emails before they would be fully transmitted to your server. The first stage (called the "Before Arrival" filtering point) of filtering is performed when the sending party specifies the email recipients. Only emails passing the tests at Before Arrival reach the second "On Arrival" stage when the email is fully transmitted and more comprehensive analysis is performed.
This early intervention approach has many benefits, like reduced resource consumption, proper NDR handling and the prevention of backscatter. It also enables certain features, such as transport-level recipient validation or the ability to detect and defer Directory Harvest Attacks (DHAs).
The Auto Sender Whitelist feature of ORF learns from your outbound email traffic and can automatically accept emails from your trusted email partners. This feature guarantees effortless business continuity and allow you to set stricter anti-spam measures, knowing that email communication with your clientele is safe. Whitelist customization is supported on per user and per local domain basis.
Advanced DNSBL and SURBL support
DNS Blacklists (DNSBLs) and SURBLs (URL Domain Blacklists) are the workhorses of email filtering which take care of the vast majority of spam and phishing. DNSBLs are third-party databases of known "bad" email source IP addresses, such as botnet IPs, spamming operations and hacked email servers. DNSBLs are often updated many times a day and provide live coverage against spam outbreaks. SURBLs are very similar to DNSBLs, except that they list domain names involved in spam and phishing – instead of the source, they are concerned with the payload, such as links to "spamvertized" online pharmacy sites or replica shops. The URL payload harvesting engine of ORF can deal with most obfuscation attempts and can harvest IDNs.
SPF-based email authenticity validation
SPF is an RFC-approved technology which allows domain owners to declare who is allowed to send email in their name. By evaluating the email source against the SPF policy of the sender, ORF can immediately spot if the email is forged. The number of SPF adopters grows every day and today it includes microsoft.com, many Fortune 500 companies and all major social media sites.
The External Agents feature allows attaching third-party software to ORF for email filtering. A typical attached software is the open source ClamAV anti-virus—which means you can get additional virus protection free of charge! External Agents are not necessarily software written for ORF, in fact, they are regular command-line programs, so you can attach any software with a command-line interface or even write your own to extend the range of filtering tools.
Directory Harvest Attacks (DHAs) are brute force attacks used by spammers to discover valid email addresses in your domain by email delivery probes. This ORF feature can detect and fend off the less distributed kind of attacks.
Sender, IP and recipient lists
ORF supports whitelisting specific trusted email senders, IP addresses and local recipient mailboxes, which excludes them from spam filtering. Email addresses can be specified by wildcard masks or even regular expressions. IP address range expressions support wildcard, CIDR (e.g. /24) and range notations.
In-transport recipient validation
This feature validates the email recipients during the SMTP transmission and accepts emails only for valid users. Spam is often sent with fake sender email address to recipients that are no longer or never been valid, which results in a large number of NDRs filling up the mail queue, or worse, backscattering. This feature is primarily useful for older Exchange servers and IIS SMTP gateways, because Exchange 2007 and later has this feature built-in. Address data for the validation can be retrieved from the Active Directory, SQL databases or simple text address lists.
Sender Score™ DNS whitelist support
Return Path, Inc's Sender Score™ email reputation service is available via ORF. Like a credit score, Sender Score is an indication of the trustworthiness of the email source. The comprehensive reputation data from this service can help reducing the chance for ORF to accidentally classify a legitimate email as spam.
Additional email filtering features
ORF offers several more filtering features, such as: Attachment Filtering (by file name and/or MIME type) with quarantining and configurable email rejection or neutralization by attachment replacement; Greylisting (an aggressive, but very efficient anti-spam technique); Reverse DNS-based sender validation; Keyword Blacklist with various search scopes and regular expression support; HELO Blacklist with standard conformance check; email Character Set Blacklist; Honeypot/Spamtrap support.
The versatile action settings of ORF grant you full control over emails caught by the filter: you can decide to bounce (reject) or keep the email and perform further actions on it, such as tagging the email header or subject, or to redirect them to a catch-all mailbox. The tagging feature can be used to move emails to the users' Junk Email folder (this feature requires Exchange 2003 or later), which allows the end-users to review the emails for false positives and recover them without administrator assistance.
Real-time status monitoring
ORF offers a quick overview of the system status by providing real-time information about its state, including the system health, high-resolution 24-hour performance data and performance data and detailed statistics with resettable, stopwatch-like counters to aid evaluating state changes.
The best logs in the industry
With a log system designed to actually help the administrator, ORF makes logs a primary mean of software monitoring and stands out high from the usual crowd. To make sure you can always tell what happened to an email and why, the logs contain detailed information about every important event in the system, written in simple human language instead of cryptic codes. ORF also ships with a full-blown log management tool with sophisticated built-in event filtering, integrated knowledge base lookups, Unicode® support, data export and support for sending addresses to various ORF lists. In addition to our proprietary log format, ORF supports Windows Event log and syslog logging and can send email notifications about any event, as determined by the administrator.
ORF features a dedicated component called the Reporting Tool for generating highly detailed reports about the system performance, including test, subtest and even expression-level break down of data. Besides giving you an overall picture of the system, reports are useful to evaluate the effects of configuration changes and to monitor performance over the time.
Data sharing between servers
Sharing data between certain ORF tests (such as the Auto Sender Whitelist or the Greylisting test) is essential when you employ multiple front-ends or similar setups. ORF achieves sharing by using external SQL databases (such as Microsoft® SQL Server), which also offer scalable and robust storage.
Configuration sharing between servers
The configuration synchronization feature works in a publisher-subscriber model and enables appointing a central configuration repository server from which subscribers retrieve their settings. In this model, publisher configuration changes get automatically delegated to the subscribers, so there is only one configuration to edit. ORF also offers a wide range of local customizations to the configuration received, which helps coping with the differences between publisher and subscriber—file system paths and DNS settings are prime examples of what has to be overridden on individual systems. Due to this flexibility, the synchronization feature can be employed in various scenarios like load-balanced setups; failover clusters; within multi-site organizations or even by Managed Service Providers to distribute settings to client deployment sites.
Outstanding documentation and support
From deployment to best practices, complete documentation for the whole lifetime of the product is available. ORF ships with a context-sensitive help system (also available online) and sensible UI dialogs, while our website offers a continuously expanding Knowledge Base, FAQ and various guides for common tasks like deployment, installation or migration.
Complementing our software offering, our website offers several online services like the SPF Syntax Validator and Policy Tester which helps setting up and troubleshooting SPF policies; detailed spam statistics for the big picture or a Geo Blacklist Generator for geographic email classification, etc.
The ORF Client Portal offers licensed downloads, easy license renewals and extensions, license and order history and profile management with a multi-user approach that supports granting account access to multiple persons within the organization.
Take the Tour
Download the 42 day, fully functional trial version of ORF now or go ahead and buy it (we have 90 day, no questions asked moneyback guarantee).