Understanding all the Anti-Spam services and their actions.
This guide will help you define which detection methods to use for the AntiSpam service.
You can associate a specific action for spam emails that are detected by each detection method. Applying the detection settings at global level, domain level, or group level. In this way, you can use specific detection methods and actions for a specific domain or group.
The available detection settings are described below in the following table.
Table: Email AntiSpam detection settings:
|
|
---|---|
|
You can define a list of IP addresses, domains, or email addresses that are approved senders. Emails that are received from these senders are not identified as spam. You can also use the approved senders list to ensure that wanted email newsletters go through the AntiSpam service without interruption. |
|
SPF (Sender Policy Framework) detects sender spoofing, blocking phishing attempts in which domain spoofing is commonplace. Some organizations publish an SPF record in their DNS. The SPF record authorizes sending hosts for their domains. The recipient verifies the email sender against the authorized hosts. If verification fails, the email sender is spoofing and the email should not be trusted. When you use SPF spam detection for a domain, inbound email to your domain is verified against the SPF policy of the reported sender. If the reported sender publishes a hard-fail SPF policy and the inbound email fails SPF verification, the email is blocked and deleted. The block and delete action enforces the sender's hard fail policy, which says not to accept emails that are not from my authorized hosts. A 5xx error is returned to the sender. Other types of SPF policy, for example, soft-fail, are ignored. You can enable spoofed sender detection for all of your domains or for individual domains. You cannot enable it for individual groups or users. Overview of AntiSpam detection settings and actions |
|
DMARC (Domain-based Message Authentication, Reporting, and Conformance) helps thwart phishing attempts that can lead to security breaches by detecting email sender spoofing. DMARC standardizes how email recipients perform SPF and DKIM email authentication. Organizations publish a DMARC policy that indicates that their emails are protected by SPF, DKIM, or both. The DMARC policy tells a recipient what to do if neither of these authentication methods passes. When you enable DMARC for a domain, inbound email to that domain is verified against the DMARC policy of the reported sender. If DMARC authentication passes, then the message is delivered normally. If DMARC authentication fails, then the message is quarantined or rejected, according to the email sender's policy. If quarantine is not enabled, then message subject lines can be modified to notify recipients that DMARC authentication has failed. You can enable spoofed sender detection for all of your domains or for individual domains. You cannot enable it for individual groups or users. |
|
You can define a list of IP addresses, domains, or email addresses that you recognize as sources of spam or other unwanted email. |
|
The AntiSpam service can detect email from globally known sources of spam. Companies and individuals in the dynamic public block list have demonstrated patterns of junk emailing. The block list is a recognized public block list of IP addresses. |
|
A signature is a unique string that defines a specific spam email. This string is used to detect further instances of the email. The signaturing system uses proprietary and commercially-available signature-building engines to create a vast knowledgebase of spam message samples that are currently in email circulation. The signaturing system enables exact matching of spam, and reduces the chances that the scanner stops genuine business emails. In addition, the signaturing system speeds the spam identification process and the message handling process. |
|
Skeptic™ uses artificial intelligence to create an ever-expanding knowledgebase to identify spam. The heuristics method scores each email against a set of rules. If an email achieves more than a specified score, it is immediately identified as spam. Newsletters can be a burden for organizations. The AntiSpam service distinguishes spam from newsletters. To block unwanted newsletters, you must have the Skeptic™ heuristic detection setting enabled. |
For each spam detection method, define an action for the spam emails that are detected. The available actions are described here.
Table: Actions for detected emails:
The risk that AntiSpam may stop genuine business emails (false-positives) is minimal. See the section in your contract that states the false-positive rates for spam. We recommend that you select "
with the signaturing and the public block elements methods. If you do not select , your mailbox collects a large amount of spam in a short amount of time.