Email scanning order in Email
search cancel

Email scanning order in Email


Article ID: 161438


Updated On:




This article explains the order in which Symantec Email scans inbound email.


Email traffic entering the infrastructure is checked and scanned in the following order:

Connection Management 01. SMTP Heuristics
02. Address Validation/Registration
03. AntiSpam Approved Senders
04. AntiSpam Blocked Senders
Connection Management /
05. SPF
Anti-spam 07. AntiSpam Public DNS block lists (PBL)
08. AntiSpam Signaturing System
Anti-malware 09. AntiVirus Skeptic
10. AntiVirus Signaturing
11. Cynic Sandbox *
12. IOC Blacklist *
Anti-Spam 13. Skeptic Heuristics
14. Newsletters Scanning
Image Control 15. Image Control
EIC 16. Email Impersonation Control
Data Protection 17. Data Protection
Click-time 18. URL Rewriting *
Isolation 19. URL Isolation *
20. Attachment Isolation *


Note: The AntiSpam scanning order will only apply when enabled according to the AntiSpam best practice settings. When not following best practices, weaker actions such as 'Tag Subject' will mean that any scanner further down the order will potentially be triggered and their action taken. This is to ensure your protection from harmful or malicious phishing emails.

* requires ETDR (ETDR stands for Email Threat Detection and Response, previously known as ATP Advanced Threat Protection.)