 |
|
|
This page provides detailed information about how our spam filter service
works. For a more general overview please visit the
spam filter overview
page.
Emerald Spam Shield's anti spam filter scanning process involves several tests
that begin the moment a remote SMTP server connects to one of our secure spam
filter servers. Below we walk through each spam filter test and explain a
little more about why each of these are run.
|
SMTP Server (Before Acceptance)
|
|
The Emerald Spam Shield anti spam filter service performs a series of
checks before it even accepts responsibility of a new inbound message. These
tests include relay control, account validation, relay delay (also known as
greylisting), and Real-Time Blacklist (RBL) testing.
Messages that fail any of these tests are rejected before the bulk of the
message is sent. Legitimate senders that are incorrectly identified as spammers
can then take measures to correct the problem and resend the message. Rejecting
messages at this level helps to prevent false positives.
Our dictionary attack detection system provides protection to all of our
customers from spammers guessing user names. Once a remote system has
been identified as a harvestor it is blocked by our internal RBL from sending
mail to any of our customers for a period of time. We expire these IP's
over time, but if they contact us back again with the same tactic they are then
blocked for a longer period.
Relay delay also happens at this stage if the customer has requested it be
enabled. Relay delay (also known as graylisting) is a technique that
takes advantage of spammers tactics of only trying an email address once.
When a new server requests to send email to a user they are told we are too
busy, please contact back later. This is perfectly legal for an email
server. Legitimate email servers will wait from 30 minutes to an hour and
try again. Spammers rarely try back.
|
SMTP Server Email Integrity (Post-Acceptance)
|
|
After accepting responsibility of a new message our anti spam
filter service conducts basic tests to confirm the validity of the
message. Also at this stage the file type of each attachment contained by the
message is referenced with a customizable attachment block list. Any
attachments found on the block list are handled according to your settings in
the Attachment filter. |
Anti-Virus Scanning
|
|
Accounts for which the anti-virus option has been purchased are scanned for
viruses and handled according to each domain's anti-virus preferences. |
Header Integrity
|
|
The anti spam filter service then begins analyzing the integrity of the
message's headers. Header integrity checks include searching for references to
known bulk emailers that may have been used to send the message, checking the
message's route prior to Emerald Spam Shield's acceptance of the message, and
looking for references to any invalid mail agents involved in propagating the
message.
Other checks performed at this level involve header formatting, open relay
detection, and fingerprint generation.
|
Body Integrity
|
|
Over 95% of spam messages contain images or links to remote servers.
We use these links and images to detect the originator of the message and score
it against our Emerald URL Database List Management Service of known-good
and known-bad sites. Unclassified links are collected by our filter
service so that they can be scanned and a determination can be made about their
content. This system is called
Stop and Dig.
This system of crawling new links when they are found makes us unique in
the industry. We crawl over TWO MILLION domains per month.
Optional tests include the ability to look for messages that clearly
indicate the nature of their content (such as advertising or sexually-explicit)
in compliance with the CAN-SPAM act, blank emails, messages that contain images
pulled from IP addresses, content hosted by Free Hosting providers,
or content redirectors. All these tests are controllable from the Secure
Management Interface.
Heuristics tests are optionally performed at this stage as well.
Common phrases and phone numbers are extracted and scored on their own
merit. These are not simple word matches, but complex regular expressions
used to find more spam.
|
Spam Identification
|
|
After a decision is made on the spam probability of the message, it passes
through the Spam Reporting and Quarantine Engine.
These engines determine whether to hold an email for further inspection, to flag
it as bad, or to pass it untouched.
|
SMTP Sender
|
|
At this stage the message has been filtered and is now ready to be delivered to
its intended recipient. Messages identified as spam are handled according to
the anti spam filter settings configured by you.
|
Disaster Recovery
|
|
Most companies have only one email server running. This
is a single point of failure and can cause a loss of email service.
Any failure of power, internet connectivity, etc can cause remote systems to
bounce email intended for your domain.
Each of our customers is given two MX records for their usage. These two
records are not in the same datacenter. We have datacenters
geographically dispersed to ensure maximum fault tolerance. The Emerald
Spam Shield is comprised of multiple servers working together to provide the
best spam protection possible.
We have a separate page if you would like to learn more about
email disaster recovery.
|
Email Archival
|
|
Need to store all inbound or outbound email for compliance reasons? Want
to be able to search all that data and provide reports for e-discovery?
We can archive inbound or outbound email and store it on our server network for
you. We also offer a service to burn your archives to DVD and mail them
to you.
Contact us for more information.
|
