IMail Antispam Processing Order
The following steps indicate the order in which each antispam component performs, assuming that all default options and settings are not altered after installation. Several things can change this order, such as enabling/disabling the "Content Filtering for Authenticated Users" and "Apply Domains/EMail Addresses to content filtering only" options, but for the most part messages are processed as follows:
- . IMail checks the option. If this option is enabled, then the IP address (and address present in the MAIL FROM command) for an incoming message is compared against the white list to see if there is a match. If there is a match, all other antispam checks are skipped. However, if the IP address (or MAIL FROM address) does not match, the message is compared against the .
If the option is enabled (on the page), then DNS Black Lists, Verification Tests, and How to get here checks are performed against the message; even if the address in the MAIL FROM command is present on the page.
- . initiates connection filtering to compare a message's sender information against configured DNS black lists. If the message matches a black list, it is processed according to whether the black list is a "trusted" or standard black list. If the message does not match a black list, verification checks are performed.
- . If enabled, verification tests are performed to verify the "Mail FROM" address, the HELO/EHLO domain, and a reverse DNS lookup is performed. If a message passes all the checks, content filtering is performed. If a message does not pass all checks, an X-Header is inserted into the message or the message may be deleted. SPF checks are performed next.
- . The SPF feature provides increased capability to stop incoming e-mail from forged e-mail addresses. Using a sender authentication scheme, a domain owner requires that legitimate messages from a domain must meet certain SPF criteria. Messages that do not meet the criteria are not accepted as a legitimate e-mail messages and are processed according to the SPF options selected on the tab.
- (on the page). If the option is selected, IMail Server checks whether the connecting SMTP server's Domain/EMail address is listed in the list. If it is listed, the content is not scanned further with content filtering.
- . The Premium Antispam filter (optional in IMail Premium only) provides automated spam protection in addition to the Standard Antispam filter included in IMail. If a message does not pass the Premium Antispam filtering, actions selected are applied before Standard Antispam filter settings.
- . If enabled, the filter identifies broken MIME header characteristics that may be present in SPAM e-mail. You can define actions to take when broken MIME headers are identified in SPAM e-mail. If it is not filtered as a broken MIME header, the message is passed on to either HTML filtering or phrase filtering, depending on whether it contains HTML code.
- . The HTML content filtering occurs during the Phrase Filtering and Statistical Filtering process. If HTML filtering is enabled, the message is examined to determine if it contains HTML code. If it does, the message undergoes . If the message does not contain HTML components, Phrase Filtering and Statistical Filtering continue to evaluate the message.
- When a message with HTML code is evaluated, it is compared against the options to detect certain HTML code components that may be present in the message. If the selected HTML code components are present, selected actions are taken on the message.
- When a message with HTML code is evaluated, it is also compared against the to search for domain names that may be present in the message URL links. If a URL that is identified in a message matches a domain name included in the URL Domain Black List, selected actions are taken on the message.
- . If phrase filtering is enabled, the message is checked to determine if it contains phrases that are in the . If the message passes, it is processed according to the settings for phrase filtering. If the message does not pass, it is processed by statistical filtering.
- . If statistical filtering is enabled, the message is compared against the spam and non-spam word counts to determine if it is statistically likely to be spam. If it is identified as spam, it is processed according to the settings for statistical filtering. If the message is not identified as spam, it is delivered.
For information on how these antispam components integrate into IMail Server mail processing, see .