The 20 Minute E-mail Solution!
TOC PREV NEXT INDEX

Processing Order

The following is the processing order for the antispam features. This process assumes that all default options and settings are not altered after installation. Several things can change this order, such as enabling/disabling the "Content Filtering for Authenticated Users" and "Apply to Content Filtering Only" options, but for the most part a message will be processed as follows:

  1. Trusted Addresses (Trusted Addresses tab under the White List folder). IMail checks the Apply to Antispam option. If this option is enabled, then the IP address (and address present in the MAIL FROM command) for an incoming message is compared against the Trusted Address list to see if there is a match. If there is a match, all other antispam checks are skipped. However, if the IP address (or MAIL FROM address) does not match, the message is compared against the DNS Black Lists.
    Note: If the Apply Domains/EMail Addresses to content filtering only option is enabled (in the Trusted Addresses tab), then DNS Black Lists, Verification Tests, and SPF checks are performed against the message; even if the address in the MAIL FROM command is present on the Trusted Addresses tab.
  2. DNS Black Lists (Connection Filtering tab). IMail Server initiates connection filtering to compare a message's sender information against configured DNS black lists. If the message matches a black list, it is processed according to whether the black list is a "trusted" or standard black list. If the message does not match a black list, verification checks are performed.
  3. Verification checks (Connection Filtering tab). If enabled, verification tests are performed to verify the "Mail FROM" address, the HELO/EHLO domain, and to perform a reverse DNS lookup. If a message passes all the checks, content filtering is performed. If a message does not pass all checks, an X-Header is inserted into the message, and the trusted email/domain list is checked.
  4. SPF (SPF tab). The SPF feature provides increased capability to stop incoming email from forged email addresses. Using a sender authentication scheme, a domain owner requires that legitimate messages from a domain must meet certain SPF criteria. Messages that do not meet the criteria are not accepted as a legitimate email message and are processed according to the SPF options selected on the SPF tab.
  5. Trusted Domains/E-Mail Addresses (Trusted Addresses tab under the White List folder). If the Apply to Domain/EMail Addresses to content filtering only option is selected, IMail Server checks whether the connecting SMTP server's Domain/EMail address is listed in the Domain/EMail Addresses list. If it is listed, the content is not scanned further with content filtering.
  6. Premium AntiSpam (Premium AntiSpam tab). The Premium Antispam filter (optional in the ICS Suite only) provides automated spam protection in addition to the Standard Antispam filter included in IMail. If a message does not pass the Premium Antispam filtering, actions selected are applied before Standard Antispam filter settings.
  7. Broken MIME Header. If enabled, the filter identifies broken MIME header characteristics that may be present in SPAM email. You can define actions to take when broken MIME headers are identified in SPAM email. If it is not filtered as a broken MIME header, the message is passed on to either HTML filtering or phrase filtering, depending on whether it contains HTML code.
  8. HTML Filtering (Content Filtering (HTML) tab). The HTML content filtering occurs during the Phrase Filtering and Statistical Filtering process. If HTML filtering is enabled, the message is examined to determine if it contains any HTML code. If it does, the message undergoes HTML Content Filtering. If the message does not contain HTML components, Phrase Filtering and Statistical Filtering continues to evaluate the message.
    • Feature Filtering. When a message with HTML code is evaluated, it is compared against the Feature Filtering options to detect certain HTML code components that may be present in the message. If the selected HTML code components are present, selected actions are taken on the message.
    • URL Domain Black List. When a message with HTML code is evaluated, it is also compared against the URL Domain Black List to search for domain names that may be present in the message URL links. If a URL that is identified in a message matches a domain name included in the URL Domain Black List, selected actions are taken on the message.
  9. Phrase Filtering (Content Filtering tab). If phrase filtering is enabled, the message is checked to see if it contains any phrases that are in the phrase list. If the message passes, it is processed according to the settings for phrase filtering. If the message does not pass, it is processed by statistical filtering.
  10. Statistical Filtering (Content Filtering tab). If statistical filtering is enabled, the message is compared against the spam and non-spam word counts to determine if it is statistically likely to be spam. If it is identified as spam, it is processed according to the settings for statistical filtering. If the message is not identified as spam, it is delivered.
    Note: For information on how the antispam features integrate into the mail processing order, see "Processing Order".

Ipswitch, Inc.
http://www.ipswitch.com
TOC PREV NEXT INDEX
©Ipswitch 2005