Skip to main content

The Filtering Process

 

MailRoute uses a multi-layered approach to email filtering.  Our process looks like this:

 

Adaptive Blocklisting

This is our first layer of defense. Incoming connections are checked and denial of service attacks are blocked. IP addresses that have very bad reputations (all spam, no ham) are logged and dropped. We use roughly 40 RBL’s (internal and those shared with other filtering companies, as well as some from outside providers). Whatever is best of breed that day. 

Greylisting

We challenge mail the first time a sender attempts to reach your address. Greylisting forces a sending server to prove it is legitimate - it makes it resend an email the first time it tries to connect and transfer an email to one of our mailboxes.  If the mailbox holder does so, it's marked as "legitimate" and not challenged again. Spammers will move on, while legit mail servers will reattempt delivery. This blocks email from 'bots and zombies, and certain types of email spam client software.

These first two layers block about 80% of all mail traffic, because it eliminates mail from known, egregious spammers. This layer happens in under a few seconds.

Content Filtering

Mail that’s passed the first layer enters our proprietary Content Filtering. We take a message apart and look at the route it took to get to us (how many hops around the internet), message header, MIME, content, attachments, URL’s, etc. Attachments are parsed and recursively decoded, and all parts are run through a minimum of two anti-virus engines. 

This layer also happens in a few seconds or less.

Content-filtered mail is scored by our hundreds of thousands of rules. Mail deemed clean (based on a score set by the customer) is delivered to the customer’s server; mail deemed questionable (again, based on the filter settings of the customer) will be quarantined. 

Quarantined mail is held for 15 days and expires naturally. Customers receive Quarantine Notifications alerting them to new mail in their quarantine. From within this notification, customers can allow, block, recover to their mailbox, or allow and recover, with a single click. 

 

 

* Additional protection *

MailRoute has created a secure, reliable disaster-recovery email solution called Continuity, an add-on service to your filtering account. Continuity makes your email available even when your mailserver is not. For further details please see here or contact support@mailroute.net.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.