The intent of spam messages is to get a user to reply to an email, to visit a web site, or to call a phone number. Intent analysis involves researching email addresses, web links (URLs), and phone numbers embedded in email messages to determine whether they are associated with legitimate entities. Phishing emails are examples of Intent.
Frequently, Intent Analysis is the defense layer that catches phishing attacks. The Barracuda Email Security Service applies the following forms of Intent Analysis to inbound mail, including real-time and multi-level intent analysis.
- Intent Analysis – Markers of intent, such as URLs, are extracted and compared against a database maintained by Barracuda Central.
- Real-Time Intent Analysis – For new domain names that may come into use, Real-Time Intent Analysis involves performing DNS lookups against known URL blocklists.
- Multilevel intent analysis – Use of free websites to redirect to known spammer websites is a growing practice used by spammers to hide or obfuscate their identity from mail scanning techniques such as Intent Analysis. Multilevel Intent Analysis involves inspecting the results of Web queries to URLs of well-known free websites for redirections to known spammer sites.
Intent Analysis can be enabled or disabled on the Inbound Settings > Anti-Phishing page. Domains found in the body of email messages can also be blocked based on or exempt from Intent Analysis on that page. See also Anti-Fraud and Anti-Phishing Protection.