CleanMail - Antispam Filters
Blacklist and Whitelist Filters
The blacklist filter uses static address patterns to check the sender address fields of a message. Although spammers can easily fake any sender address, some spammers make it surprisingly simple to remove unwanted messages by adding some obvious address patterns to a blacklist filter.
You should apply some restraint when using the blacklist filter. Don't add each and every spam sender address to this list, as most sender addresses are only used once. Keep the blacklist small and manageable.
The whitelist filter is the exact opposite of the blacklist filter. Mail from whitelisted addresses is accepted and bypasses all filters but the attachment filter and anti-virus filter. There are additional configuration options that allow whitelisted mail past the attachment and anti-virus filter without checking.
DNS blacklists are Internet resources maintaining databases of known spam relay hosts. Mail servers can query these databases in an efficient manner using the DNS (domain name service) protocol. The DNSBL filter rejects all mail that has been relayed by a blacklisted host.
The fingerprint filter calculates message fingerprints and compares them against a database of known spam message fingerprints. If a message is blocked by another filter, its fingerprints are automatically added to the database, speeding up the processing of similar spam messages. If a message fingerprint matches a known spam message fingerprint, the mail is blocked.
In addition to the local fingerprint database, Byteplant maintains a central fingerprint database available to all customers. New spam fingerprints detected by thousands of CleanMail users are used to refine and improve this database, constantly improving filtering and performance for all our customers.
Additional Custom Filters
CleanMail's highly versatile filter architecture provides an open interface that allows you to integrate third-party tools, such as email classification, automated mail processing, server-based email encryption, or virus detection.
Messages are passed to a custom filter by invoking the custom filter program with a configurable command line. A message can then be passed or blocked depending on the filter program's exit code.