Chapter13 SenderBase Network Participation
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
(a) Filenames will be encoded in a 1-way hash (MD5).
(b) Filenames will be sent in an obfuscated form, with all lowercase ASCII letters ([a-z]) replaced with
“a,” all uppercase ASCII letters ([A-Z]) replaced with “A,” any multi-byte UTF-8 characters
replaced with “x” (to provide privacy for other character sets), all ASCII digits ([0-9]) replaced
with “0,” and all other single byte characters (whitespace, punctuation, etc.) maintained. For
example, the file Britney1.txt.pif would appear as Aaaaaaa0.aaa.pif.
(c) URL hostnames point to a web server providing content, much as an IP address does. No
confidential information, such as usernames and passwords, are included.
(d) URL information following the hostname is obfuscated to ensure that any personal information of
the user is not revealed.
What does Cisco do to make sure that the data I share is secure?
If you agree to participate in the SenderBase Network:
Data sent from your Cisco IronPort appliances will be sent to the Cisco IronPort
SenderBase Network servers using the secure protocol HTTPS.
All customer data will be handled with care at Cisco. This data will be stored in
a secure location and access to the data will be limited to employees and
contractors at Cisco who require access in order to improve the company's email
security products and services or provide customer support.
No information identifying email recipients or the customer's company will be
shared outside of Cisco Systems when reports or statistics are generated based on
Count of different extension types
300 “.exe” attachments
Correlation of attachment types, true file
type, and container type
100 attachments that have a “.doc”
extension but are actually “.exe”
50 attachments are “.exe” extensions
within a zip
Correlation of extension and true file type
with attachment size
30 attachments were “.exe” within the
Statistics Shared Per IP Address
Sample Data (Continued)