Detecting spam originating from the network

Detecting spam originating from the network

A client PC on a university network became infected with malware and started to send large volumes of spam email. The university was notified by its internet service provider that it was at risk of being blacklisted.

LANGuardian solution

The university deployed LANGuardian on the network and configured it to monitor email activity on the network.

A network engineer configured an alert to be generated when the amount of mail emanating from a single client on the network exceeded a specified value. When a client exceeded this value, LANGuardian triggered the alert and emailed the engineer with the data. Then the engineer used the LANGuardian browser interface to see details of the client machine that was causing the problem.

LANGuardian reads headers from email traffic on the network and gives visibility into the sender, recipient and subject line. Unofficial email servers are immediately detected, and the university network manager has configured alerts to monitor suspicious activity based on email subject lines that contain certain phrasing or words (for example “Supermodels exposed” in the example, left). The alerts allow him to react quickly and prevent the University IP address from being blacklisted.

Find out more

If you have any questions about how LANGuardian can help you with your network monitoring requirements, please contact us. If you would like to see LANGuardian in action, please try our online demo system or download a free 30-day trial to try it on your own network with your own data.