View Categories

Hash Reporting

1 min read

Notice #

This infrastructure for this feature is still in development. Regardless of your settings, no data will be reported until our infrastructure is completed. A future update will enable this feature.

 

The Basics #

Hash reporting is the process of taking the MD5 hash of an email message body and using the result in analysis of future email. These hashes are reported to Mailborder Systems and correlated from every server that reports hashes. The more times a hash is seen across multiple Mailborder customers, the more likely the possibility that the email message is spam. This information is shared with all Mailborder customers to create a hash reporting and identification system.

 

Privacy #

Hash reporting does not violate privacy nor does it reveal any information of any kind about an email including the sender, recipient, IP addresses, servers, or anything else. For example, the MD5 hash of the first paragraph of this article is A7F3BD9D7E2DDC176576E3B50274003C. There is no way to reverse the hash to get the data from the first paragraph. However, if the first paragraph is run through an MD5 check again, it will produce the same hash of A7F3BD9D7E2DDC176576E3B50274003C. 

 

Reporting and Use #

If Hash Reporting is enabled in the Master server’s global settings, all Master and Child servers will periodically report a set of hashes and how many times each hash was seen. The hash must be seen more than once, or it will not be reported. Someone replying to an email will generate a different hash, so normal email behavior does not produce false positives.

Mailborder Systems compiles this hash data from multiple sources to produce what is similar to a spam detection database. Master and Child servers download this database periodically to supplement their own local hash detection system. The more times a hash is seen, the higher the score will be from the Mailborder supplied detection database. This allows your Mailborder servers to detect massive spam and malware attacks even if your servers are seeing the hash for the first time.

 

Participation #

If Hash Reporting is disabled in the Master server’s global settings, then additional detection databases will not be downloaded from Mailborder Systems. A local hash detection system will still be used, but it will not be supplemented by the global detection system and therefore be less effective. 

In short, if you want to use the global hash detection from Mailborder, you must also contribute to the program.