I am curious to know if the organization I work at gets a blast email to 500 employee's from an external B2B marketer does the wildfire analysis get performed on all 500 identical emails or does it simply do it once knowing the email and links are identical.
Actually yes, the firewall is doing the analysis for every email. It does not really care about the url, it simply forwards it to wildfire - in batches of 200 URLs per upload or all 2 minutes - depending on which limit is hit first. About the list of trusted sites I am not sure, as theoretically there is nothing like trusted site. On every website there is the potential risk that it gets hacked and will be used to host malware or exploit kits. But at least I think, there is a timer that a website is not ddos'ed by wildfire and only scanned for example max. once per hour or day. About a local check if the urls are identical, @jdelio could you say something about this? But often the links in such mass-emails aren't identical, every link is different to track which recepient clicks on the url.
@Remo and others..
From the official documentation on WildFire email analysis..
"WildFire visits submitted links to determine if the corresponding web page hosts any exploits or displays phishing activity. A link that WildFire finds to be malicious or phishing is:
When there are 500 of the exact same link.. I would like to think that it would count them as one, but I will ask the experts about this and see what they are able to tell me.
I will respond as soon as I have an answer.
Actually I was able to get the details from people who looked at the code, and other detailed info.. and it looks like there will be 500, because each one comes from a different email header and we produce separate reports with the specific session information associated with the SMTP, IMAP or POP3 session. So, all links are sent to the cloud at this time, duplicate or not.
So, all links are sent to the cloud at this time, duplicate or not.
Hmn ... what if now all these attributes are the same? Either if the same email really was sent 500 times or if the same email was sent to 500 recipients in bcc. In this case the firewall would only show the actual recipient in the to field of the email but nothing about bcc. But I assume even then there it will be forwarded to wildfire 500 times.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!