How Our Spam & Virus Filtration Works


Our filtration system consists of multiple filter methods to scan incoming email. The entire process takes an average of 2 seconds per email.  Below is an explanation of the main filter method sections.

Whitelists:
Our system allows "safe" emails through our system before it checks the blacklists etc.  This ensures that legitimate emails are not affected by any delays or incorrectly blocked.

  • IP & Sender Whitelist
    We list the IP addresses of servers which we consider safe and unlikely to issue spam due to their anti-hacker and anti-spam measures.  Any emails from these servers are allowed through the system and are immediately delivered to the recipient.
     
  • Auto Sender Whitelist
    The system automatically analyses details of everyone our client sends emails to.  The system then allows any emails from those sources to send replies back without interference.  This means that our clients get emails from those they regularly are in contact with.
     
  • Bonded Sender Program
    This is a third party certification program that subscribing companies can use to ensure that their emails are delivered without blocking.  For information about how the system works please visit www.bondedsender.org, or alternatively if you would like to register for this service please visit www.bondedsender.com.  Please contact mailhost@snmail.co.uk for details of discounts for registering with the Bonded Sender Program.
     

Blacklists & Filters:
Our system then analyses the information embedded within the email and correspondence with sending servers to discover whether the emails are legitimate or not.

  • HELO Blacklist
    The first step of an email being sent by an SMTP server is to send an introduction, e.g. "HELO" or "EHLO" to the recipient server.  Well setup servers carry out this task without any problem, however spammer software sometimes introduces itself incorrectly.  We are also able to block emails from servers based on the details provided in the "HELO" and "EHLO" introductions.
     
  • IP Blacklist
    We are able to list computers/servers by internet IP address to block spammers not listed by the DNS blacklists.  This filter also allows us to take steps against computers/servers infected by viruses.  We are then able to take steps to get these additions added to the DNS blacklists.
     
  • Client Checklist
    Any email addressed to a user not listed on our server is automatically rejected.
     
  • Sender Policy Framework (SPF)
    This is an anti-forgery solution in which the system checks with the owners of the domain listed as the sender that the email is in fact being sent by one of their legitimate servers, rather than being fraudulently used by viruses or spamming software.
     
  • DNS Blacklist
    We use a number of DNS blacklists. These are lists created by users around the world who in working together to pinpoint computers/servers that are purposefully sending spam. Any computer/server listed as being the sender of the email which match these databases are bounced.
     
  • Subject Title Analysis
    Subject titles are analysed for containing programming scripts, characters not used in human languages, adult related words and phrases, non-legitimate marketing words and phrases, and character strings used by spammers to avoid detection.
     
  • Email Contents Analysis
    In a similar way to the Subject Title Analysis the filtration system is able to analyse the contents of emails for regularly used words, phrases, scripts or website links.
     
  • Anti-Virus Filter
    At this stage the file types listed below are automatically removed from all
    emails and all emails and their attachments are scanned for known viruses.
    File Types Include:  .bat .bhx .class .cmd .com .cpl .exe .gz .hqx .hta .mim .ocx .pif .rar .scr .tgz .tmp .uu .uue .vba .vbs .xxe .z .zip
     
  • DNS Record Checks and Reverse DNS Checks
    The lack of internet based DNS records indicate that the domain name sending the email has not been registered and therefore is not a legitimate sender and is subsequently bounced. These checks also highlight other issues however are of a technical nature.
     

Further Anti-Spam & Anti-Virus Measures
The market is always changing and so we do all we can to keep abreast of the spam and virus trends.

  • Spam Catcher Accounts
    Specific accounts have been created by SNMail to attract and catch spam for analysis.  The capture and analysis of emails from these accounts help ensure that the system is kept up to date and in advance of the regularly changing spam problem.
     
  • Daily Updates
    The anti-spam and anti-virus filtration is system is updated on a daily basis.  This allows the system to adapt to the ever changing problem.
     
  • Client Submissions
    In the event the system fails to block a spam message, we encourage subscribers to submit such emails as quickly as possible.  This provides feedback to our staff and allows the system to be updated with the new information that is able to be farmed from the submission.
     
  • Protection against False-Positives
    False-Positives is the phrase given to legitimate emails that are blocked by an anti-spam system.  Although our ratio of False-Positives to Spam is 1:10,000 we ensure that all emails filtered are checked by human beings to ensure that the system is working correctly.  All filtration scripts are controlled by SNMail staff and therefore these checks also ensure that no human error has been made in the creation of these new scripts.
     

Internet Content Rating Association