2 Recommended post-install actions 2.1 Introduction About anti-spam filters Out of the box, GFI MailEssentials includes a number of specialized anti-spam filters. Each one of these filters target one or more types of spam. The filters which ship with GFI MailEssentials are listed below: Filter Description Enabled by Default SpamRazer An anti-spam engine that determines if an email is spam by using email reputation, message fingerprinting and content analysis. Yes Directory Harvesting Stops email which is randomly generated towards a server, mostly addressed to non-existent users. Yes Phishing Blocks emails that contain links in the message bodies pointing to known phishing sites or if they contain typical phishing keywords. Yes Sender Policy Framework Stops email which is received from domains not authorized in SPF records No Auto-Whitelist Addresses to which an email is sent to, are automatically excluded from being blocked. Yes Whitelist A custom list of safe email addresses Yes Email blacklist A custom list of blocked email users or domains. Yes DNS blacklists Checks if the email received is from senders that are listed on a public DNS blacklist of known spammers. Yes Spam URI Realtime Blocklists Stops emails which contain links to domains listed on public Spam URI Blocklists such as sc.surbl.org Yes Header checking A module which analyses the individual fields in a header by referencing the SMTP and MIME fields Yes Keyword checking Spam messages are identified based on blocked keywords in the email title or body No New Senders Emails that have been received from senders to whom emails have never been sent before. No Bayesian analysis An anti-spam technique where a statistical probability index based on training from users is used to identify spam. No As listed in the table above, not all anti-spam filters are enabled by default. This is due to configuration settings which are network/infrastructure dependent and cannot therefore be preset. Although key filters like SpamRazer are enabled by default, it is recommended that after installing GFI MailEssentials, the rest of the anti-spam filters and filtering mechanisms are reviewed and enabled accordingly. For more information refer to the Anti-spam filters chapter starting on page 38 in this manual. Anti-Spam actions A number of actions can be triggered by anti-spam filters on detection of spam email. These actions determine what will happen to email spam detected and are configurable on a filter by filter basis. Anti-spam filter actions supported are: • Tag spam email (default) • Move email spam to a central folder • Move email spam to public folders • Moving email spam to Junk E-mail folder • Forward email spam it to a specific email address • Delete spam. Default Anti-Spam actions The default action taken when GFI MailEssentials blocks a spam email depends where the software is installed: Deployment Default action Description GFI MailEssentials installed on the same computer as Microsoft Exchange Deliver email in Exchange mailbox sub-folder When a filter blocks a spam email, the email is moved to a sub-folder in Inbox named Suspected Spam. GFI MailEssentials not installed on the same machine as Microsoft Exchange Tagging Anti-spam filters adding the prefix [SPAM] in the subject field of spam emails. Tagged emails are still delivered in the user’s Inbox. For more information about anti-spam actions refer to the Spam Actions – What to do with spam email section starting on page 70 in this manual.
