IMail Antispam Processing Order

The following steps indicate the order in which each antispam component performs, assuming that all default options and settings are not altered after installation. Several things can change this order, such as enabling/disabling the "Content Filtering for Authenticated Users" and "Apply Domains/EMail Addresses to content filtering only" options, but for the most part messages are processed as follows:

  1. White List (Trusted Addresses). IMail checks the Apply to Antispam option. If this option is enabled, then the IP address (and address present in the MAIL FROM command) for an incoming message is compared against the white list to see if there is a match. If there is a match, all other antispam checks are skipped. However, if the IP address (or MAIL FROM address) does not match, the message is compared against the DNS Black Lists.

    Note: If the Apply Domains/EMail Addresses to Content Filtering Only option is enabled (on the White List page), then DNS Black Lists, Verification Tests, and SPF How to get here checks are performed against the message; even if the address in the MAIL FROM command is present on the White List page.

  2. Connection Checks. IMail Server initiates connection filtering to compare a message's sender information against configured DNS black lists. If the message matches a black list, it is processed according to whether the black list is a "trusted" or standard black list. If the message does not match a black list, verification checks are performed.
  3. Verification checks. If enabled, verification tests are performed to verify the "Mail FROM" address, the HELO/EHLO domain, and a reverse DNS lookup is performed. If a message passes all the checks, content filtering is performed. If a message does not pass all checks, an X-Header is inserted into the message or the message may be deleted. SPF checks are performed next.
  4. SPF Filtering. The SPF feature provides increased capability to stop incoming e-mail from forged e-mail addresses. Using a sender authentication scheme, a domain owner requires that legitimate messages from a domain must meet certain SPF criteria. Messages that do not meet the criteria are not accepted as a legitimate e-mail messages and are processed according to the SPF options selected on the SPF tab.
  5. Trusted Domains/Email Addresses (on the White List page). If the Apply to Domain/EMail Addresses to Content Filtering Only option is selected, IMail Server checks whether the connecting SMTP server's Domain/EMail address is listed in the Domain/EMail Addresses list. If it is listed, the content is not scanned further with content filtering.
  6. Premium Filter. The Premium Antispam filter (optional in IMail Premium only) provides automated spam protection in addition to the Standard Antispam filter included in IMail. If a message does not pass the Premium Antispam filtering, actions selected are applied before Standard Antispam filter settings.  
  7. Broken MIME Header. If enabled, the filter identifies broken MIME header characteristics that may be present in SPAM e-mail. You can define actions to take when broken MIME headers are identified in SPAM e-mail. If it is not filtered as a broken MIME header, the message is passed on to either HTML filtering or phrase filtering, depending on whether it contains HTML code.
  8. HTML Feature Filtering. The HTML content filtering occurs during the Phrase Filtering and Statistical Filtering process. If HTML filtering is enabled, the message is examined to determine if it contains HTML code. If it does, the message undergoes HTML Content Filtering. If the message does not contain HTML components, Phrase Filtering and Statistical Filtering continue to evaluate the message.
    • Feature Filtering. When a message with HTML code is evaluated, it is compared against the Feature Filtering options to detect certain HTML code components that may be present in the message. If the selected HTML code components are present, selected actions are taken on the message.
    • URL Domain Black List. When a message with HTML code is evaluated, it is also compared against the URL Domain Black List to search for domain names that may be present in the message URL links. If a URL that is identified in a message matches a domain name included in the URL Domain Black List, selected actions are taken on the message.
  9. Phrase Filtering. If phrase filtering is enabled, the message is checked to determine if it contains phrases that are in the phrase list. If the message passes, it is processed according to the settings for phrase filtering. If the message does not pass, it is processed by statistical filtering.
  10. Statistical Filtering. If statistical filtering is enabled, the message is compared against the spam and non-spam word counts to determine if it is statistically likely to be spam. If it is identified as spam, it is processed according to the settings for statistical filtering. If the message is not identified as spam, it is delivered.

For information on how these antispam components integrate into IMail Server mail processing, see IMail Server Processing Order.