The USG100's Anti-Spam feature is a base service that doesn't require an additional subscription. To filter spam, the USG100 has three different means to look at the header information within emails sent and received.
White Lists, Black Lists, and/or configured DNSBLs (DNS Black List) are used to determine if an email is considered Spam. If it an email is determined to be Spam, the configuration options are to forward, forward with a tag such as “[Spam]”, or drop the packets. The USG100 can also be configured to generate log entries when spam is detected.
White List and Black List rules can be constructed to filter emails based on an email address, IP address, or the contents of the subject or mail header fields. Common wildcards such as “*” can be used in rule creation.
As you can see circled in Figure 4, I've created two simple rules to filter email from @aol.com and email with the keyword “shop” in the subject line. Just above my two rules in Figure 4, I've also circled the Tag option. In this case, I'm using the default tag “[Spam]” for emails that match either of my rules.
Figure 4: Blacklist keyword filtering
To ensure true spam is filtered while good email isn't filtered, it is important to know the sequence used by the USG100 for checking email. First, the USG100 will check emails against White List rules to see if there is a match. If there is a match in the White List, the email will pass and no further checking will be performed. Thus, the White List functionality is useful to ensure known good emails aren't filtered, or to override a filtering condition that exists in a Black List or DNSBL.
Second, the USG100 will compare the parameters of the email to any configured Black List rules. Using default configurations, an email that matches a Black List rule will be forwarded with a tag.
Third, the USG100 can use multiple different Spam services, such as spamhouse.org or sorbs.net, to see if an IP addresses found in the email's "Received" field are associated to mail servers known to be sources of spam. This is a nice feature, since there aren't default filters in the USG100 configuration. So having the option to connect to a free Anti-Spam service is helpful. As shown in Figure 5, I've configured my USG100 to query the free DNSBL maintained at zen.spamhaus.org for known spammers.
Figure 5: Anti-Spam DNSBL configuration
Note that the USG100 Anti-Spam functionality does not inspect the contents of email. It filters standard POP3 and SMTP traffic, and then examines headers only.
Running security controls at the core of your network isn't designed to eliminate the need for software based anti-virus or anti-spam protection on servers or desktops, but provides another layer of protection to your network. Running a content filter at the core, however, can be an effective single solution to controlling Internet usage.
Zyxel has partnered with Blue Coat as their Content Filtering provider. The USG100's content filter has 60 different Categories of web sites it will recognize. With a current subscription, it will constantly keep up to date on web site ratings and classifications.
Users browsing an unapproved web site will be presented with a customized message, such as the one I created for my kids in Figure 6.
Figure 6: Blocked site message
Alternatively, users browsing an unapproved web site can be redirected to some other web site by entering that URL in the USG100's Content Filter general configuration page. In my experience testing the Content Filter, I wasn't able to access objectionable materials once the filter was enabled, including simple image searches from normal web portals like Yahoo! And Google.
The USG100 can be configured to perform content filtering based on customizable Profiles, and then those Profiles can be applied on user-defined schedules to specified subnets or users of your network, giving you control of what levels of filters are applied to which users.
For example, a Profile can be created to block only traffic that matches the Category Online Games. This profile could then be selectively applied just during business hours, and only to PCs with IP addresses from the LAN2 interface.