IMail Anti-spam Processing Order

The following steps indicate the order in which each anti-spam component performs, assuming that all default options and settings are not altered after installation. This order can change when enabling/disabling "Apply Domains/E-Mail Addresses to content filtering only" options, otherwise messages are processed as follows:

  1. White List (Trusted Addresses). IMail checks the Apply to Anti-spam option. If this option is enabled, then the IP address (and address present in the MAIL FROM command) for an incoming message is compared against the white list to see if there is a match. If there is a match, all other anti-spam checks are skipped. However, if the IP address (or MAIL FROM address) does not match, the message is compared against the Realtime Blacklists.

    Note: If the Apply Domains/EMail Addresses to Content Filtering Only option is enabled (on the White List page), then Realtime Blacklists, Verification Tests, and SPF checks are performed against the message; even if the address in the MAIL FROM command is present on the White List page.

  2. Connection Checks. IMail Server initiates connection filtering to compare a message’s sender information against configured Realtime blacklists. If the message matches a blacklist, it is processed according to whether the blacklist is a “trusted” or standard blacklist. If the message does not match a blacklist, verification checks are performed.
  3. Verification checks. If enabled, verification tests are performed to verify the "Mail FROM" address, the HELO/EHLO domain, and a reverse DNS lookup is performed. If a message passes all the checks, content filtering is performed. If a message does not pass all checks, an X-Header is inserted into the message or the message may be deleted. SPF checks are performed next.
  4. SPF Filtering. The SPF feature provides increased capability to stop incoming e-mail from forged e-mail addresses. Using a sender authentication scheme, a domain owner requires that legitimate messages from a domain must meet certain SPF criteria. Messages that do not meet the criteria are not accepted as a legitimate e-mail messages and are processed according to the SPF options selected on the SPF tab.
  5. Trusted Domains/Email Addresses (on the White List page). If the Apply to Domain/EMail Addresses to Content Filtering Only option is selected, IMail Server checks whether the connecting SMTP server’s Domain/EMail address is listed in the Domain/EMail Addresses list. If it is listed, the content is not scanned further with content filtering.
  6. Premium Filter. The Premium Anti-spam filter (optional in IMail Premium only) provides automated spam protection in addition to the Standard Anti-spam filter included in IMail. If a message does not pass the Premium Anti-spam filtering, actions selected are applied before Standard Anti-spam filter settings.  
  7. Broken MIME Header. If enabled, the filter identifies broken MIME header characteristics that may be present in SPAM e-mail. You can define actions to take when broken MIME headers are identified in SPAM e-mail. If it is not filtered as a broken MIME header, the message is passed on to either HTML filtering or phrase filtering, depending on whether it contains HTML code.
  8. HTML Feature Filtering. The HTML content filtering occurs during the Phrase Filtering and Statistical Filtering process. If HTML filtering is enabled, the message is examined to determine if it contains HTML code. If it does, the message undergoes HTML Content Filtering. If the message does not contain HTML components, Phrase Filtering and Statistical Filtering continue to evaluate the message.
    • Feature Filtering. When a message with HTML code is evaluated, it is compared against the Feature Filtering options to detect certain HTML code components that may be present in the message. If the selected HTML code components are present, selected actions are taken on the message.
    • URL Domain Blacklist. When a message with HTML code is evaluated, it is also compared against the URL Domain Blacklist to search for domain names that may be present in the message URL links. If a URL that is identified in a message matches a domain name included in the URL Domain Blacklist, selected actions are taken on the message.
  9. Phrase Filtering. If phrase filtering is enabled, the message is checked to determine if it contains phrases that are in the phrase list. If the message passes, it is processed according to the settings for phrase filtering. If the message does not pass, it is processed by statistical filtering.
  10. Statistical Filtering. If statistical filtering is enabled, the message is compared against the spam and non-spam word counts to determine if it is statistically likely to be spam. If it is identified as spam, it is processed according to the settings for statistical filtering. If the message is not identified as spam, it is delivered.

For information on how these anti-spam components integrate into IMail Server mail processing, see IMail Server Processing Order.