Open with table of contents

Detecting and Blocking Spam Messages

Clearswift Gateway provides various methods to detect and block spam messages. You can use these tools and services to block messages at the perimeter, or to detect messages as part of your content security policies:

• Spam messages blocked at the perimeter are rejected before they are processed by the policy engine. This conserves Gateway processing resources. See About SpamLogic Settings for more information.

• You can also create a Detect Spam content rule and apply it to a mail policy route. This enables you to apply more specific spam techniques on incoming mail which matches the content rule.

  If you apply a Detect Spam content rule to a policy route, the policy always ignores the perimeter spam checks, even if the content rule does not trigger.

• By default, the Clearswift Gateway holds spam messages blocked by your content security policies in the spam message area. If PMM is enabled, you can review these messages, delete the spam messages and release the messages detected as false positives. To set up PMM, see Configuring PMM.

Tools and services provided by Clearswift Gateway

Clearswift Gateway provides the following tools and services for spam detection:

• TRUSTmanager Host Reputation enables you to control whether messages will be accepted by the Gateway based on the previous spam-related activities of the sending host.
• Real-time IP Blocklist settings enable you to use additional Real-time IP Blocklist (RBL) servers to check the IP addresses of incoming requests against spam-originating IP addresses. This can be used both at the perimeter, and as part of your security policy.
• Sender Domain Validation enables you to reject messages from unresolvable domains.
• BATVBounce Address Tag Validation Address Validation enables you to use Bounce Address Tag Validation (BATV) to eliminate email bounce attacks.
• DMARCDomain-based Message Authentication, Reporting & Conformance settings enables you to perform Domain-based Message Authentication, Reporting and Conformance (DMARC) verification on received messages. This can be used both at the perimeter, and as part of your security policy.
• SPFSender Policy Framework settings enable you to perform Sender Policy Framework (SPF) checks on received messages. This can be used both at the perimeter, and as part of your security policy.
• DKIMDomainKeys Identified Mail settings enables you to perform DomainKeys Identified Mail (DKIM) validation checks on received messages. This can be used both at the perimeter, and as part of your security policy.
• Greylisting enables you to temporarily reject messages from unknown or untrusted senders, requesting that they are retried.
• Bulk Email Detection checks messages for patterns derived from a combination of message attributes that identify mass mailed messages. This can be used as part of your security policy.
• SpamLogic Signatures checks messages for signatures derived from a combination of message attributes that identify spam messages. This can be used both at the perimeter, and as part of your security policy.

• Address Validation settings enable you to specify Address Lists to block from sending mail, and addresses to block from accepting mail. This can be used at the perimeter only.
• Host Access Control enables you to configure a whitelist of SMTP hosts from which Clearswift Gateway accepts connections, and a blacklist of hosts from which Clearswift Gateway rejects connections. This can be used at the perimeter only.
• SpamLogic Managed lists compares message contents against lists of known spam expressions to determine if a message is spam. This can be used as part of your security policy.