How does the mail server filter spam and viruses?

Bagfull provides several layers of email filtering to reduce the amount of unwanted email delivered to your mailboxes on the shared system.

1. The source of the incoming email is compared to spam blacklists, including the Spamcop Blocklist, a dynamically refreshing database of IP addresses from which numerous spam messages have recently been reported. In the event of a match, the email is temporarily deferred for later attempted delivery. Depending on the sender’s ISP’s server configuration, re-delivery is attempted for 1-4 days. If the source of the email is no longer present in the spam blacklists upon any later delivery attempt, the email makes it to subsequent checks (described below). There currently is no way on the shared system to opt-out of this filtering.

2. The destination address is checked, and if it’s not valid (and you don’t have a catch-all address configured in the control panel), the email is returned to the sender with an ‘Unknown user’ error message.

3. As an emergency countermeasure against emerging worm and malware threats, we will occasionally at this point in the delivery process reject attachments with certain filenames. Legitimate senders will receive a bounce message explaining the non-delivery in these cases.

4. Attachments are next checked for dangerous content, including attachments with file extensions such as .reg, .chm, .cnf, .ins, .jse, .lnk, .pif, .scf, .sct, .shb, .vbs, .xnk, .com, .exe, .scr, .bat, .cmd, .cpl, .mhtml, as well as any attachment with a very long filename, and filenames with many spaces. Any matches are silently quarantined. There currently is no way on the shared system to opt-out of this filtering.

5. Next, our virus signature database is consulted, and any infected emails are discarded. There currently is no way on the shared system to opt-out of this filtering.

In no case, except as specifically noted above, are senders notified of an email being discarded. This is because most email generated by viruses provides a fake ‘From’ address, and notifying these innocent users would needlessly cause alarm and confusion.

• Why can’t I send or receive email with large attachments?
• How Does Bagfull handle Viruses?
• Why am I getting spam?
• Why am I getting bounced messages for email I didn’t send?
• Someone is sending viruses or spam that appears to come “from” an address at my domain.