Engate Technology has added phishing protection to its anti-spam software, MailSentinel 3.5.

PhishFilet, a new profiling technology, blocks phishing attacks at the network level, according to company officials. Engate says catching phishing attacks at the network level results in 99 percent effectiveness and very few false positives.

Engate CEO Wil Cochran said he couldn't go into too much detail about how the new technology knows a phish when it sees one, because the company has eight patents pending, but he said it was developed from the company's existing network-level anti-spam technology.

MailSentinel 3.5 monitors inbound connection requests from email senders, examining TCP headers and envelope information, he said. The software can determine whether the message is coming from the domain it claims to be from; if the two don't match, the software knows that the sender is pretending to be a different organisation, or spoofing, Cochran said.

While spoofing is an integral part of phishing, it's also used by spam and other email threats; how PhishFilet can distinguish a spam message from a phishing attack is Engate's secret, he said. Connection requests from senders determined to be phishers are immediately dropped.

The advantage to this network-level approach is that companies running MailSentinel never have to accept, store, filter or process any phishing messages they are sent, Cochran said. This is particularly important for financial institutions, which are subject to regulations that say they must archive any email they accept.

"What our competitors do is use a 'cocktail' solution, so they use IP reputation, content filtering, traffic shaping, grey listing, and combine them with hopes of getting a good solution," Cochran said. "What we've patented happens right at the connection layer, so we don't do anything other than this analysis at the connection layer. That's all it takes."

MailSentinel 3.5 comes loaded on a dedicated appliance and is priced starting at $1,195. The company also sells MailSentinel for inclusion in other hardware makers' devices, such as appliances, routers and firewalls.