Email scanning and filtering engines
GFI MailEssentials contains a number of scanning and filtering engines to prevent malicious emails, spam and other unwanted emails from reaching domain users.
Malicious email scanning
The following engines scan and block emails containing malicious content.
Email scanning engine | Description |
---|---|
Virus Scanning Engines |
GFI MailEssentials uses multiple antivirus engines to scan inbound, outbound and internal emails for the presence of viruses. GFI MailEssentials ships with Avira and BitDefender Virus Scanning Engines. You can also acquire a license for Kaspersky, Sophos & Cyren. |
Information Store Protection | Use the Virus Scanning Engines to scan the Microsoft® Exchange mailbox databases and public folders for viruses. |
Trojan & executable scanner |
The Trojan and Executable Scanner analyzes and determines the function of executable files attached to emails. This scanner can subsequently quarantine any executables that perform suspicious activities (such as Trojans). |
Email exploit engine |
The Email Exploit Engine blocks exploits embedded in an email that can execute on the recipient’s machine either when the user receives or opens the email. |
HTML Sanitizer |
The HTML Sanitizer scans and removes scripting code within the email body and attachments. |
Content filtering engines
The following engines scan the content of emails, checking for parameters matching configured rules.
Email scanning engine | Description |
---|---|
Keyword Filtering | Keyword Filtering enables you to set up rules that filter emails with particular keywords or a combination of keywords in the body or subject of the email. |
Attachment Filtering | Attachment Filtering allows you to set up rules to filter what types of email attachments to allow and block on the mail server. |
Decompression engine | The Decompression engine extracts and analyzes archives (compressed files) attached to an email. |
Advanced Content Filtering | Advanced Content filtering enables scanning of email header data and content using advanced configurable search conditions and regular expressions (regex). |
Anti-spam filtering engines
The following engines scan and block spam emails.
Filter | Description | Enabled by default |
---|---|---|
SpamRazer | An anti-spam engine that determines if an email is spam by using email reputation, message fingerprinting and content analysis. | Yes |
Anti-Phishing | Blocks emails that contain links in the message body pointing to known phishing sites or if they contain typical phishing keywords. | Yes |
Directory Harvesting | Directory harvesting attacks occur when spammers try to guess email addresses by attaching well known usernames to your domain. The majority of the email addresses are non-existent. | Yes (only if GFI MailEssentials is installed in an Active Directory environment) |
Email Blocklist | The Email Blocklist is a custom database of email addresses and domains from which you never want to receive emails. | Yes |
IP Blocklist | The IP Blocklist is a custom database of IP addresses from which you never want to receive emails. | No |
IP DNS Blocklist | IP DNS Blocklist checks the IP address of the sending mail server against a public list of mail servers known to send spam. | Yes |
URI DNS Blocklist | Stops emails that contain links to domains listed on public Spam URI Blocklists. | Yes |
Sender Policy Framework | This filter uses SPF records to stop email sent from forged IP addresses by identifying if the sender IP address is authorized. | No |
Anti-Spoofing | Checks emails received with a sender email address claiming to originate from your own domain against a list of IP addresses by GFI MailEssentials. If the sender IP address is not on the list of own-domain server IP addresses, email is blocked. | No |
Language Detection | Determines the language of the email body text and configurable to block certain languages. | No |
Header Checking | The Header Checking filter analyses the email header to identify spam emails. | No |
Spam Keyword Checking | This filter enables the identification of Spam based on keywords in the email being received. | No |
Bayesian analysis | An anti-spam filter that can be trained to accurately determine if an email is spam based on past experience. | No |
Filters running at SMTP level
The following engines scan and block emails during SMTP transmission before the email is received. For more information refer to SMTP Transmission Filtering.
FILTER | DESCRIPTION | ENABLED BY DEFAULT |
---|---|---|
IP Blocklist | The IP Blocklist is a custom database of IP addresses from which you never want to receive emails. | No |
Directory Harvesting | Directory harvesting attacks occur when spammers try to guess email addresses by attaching well known usernames to your domain. The majority of the email addresses are non-existent. | No |
IP DNS Blocklist | IP DNS Blocklist checks the IP address of the sending mail server against a public list of mail servers known to send spam. | Yes |
Greylist | The Greylist filter temporarily blocks incoming emails received from unknown senders. Legitimate mail systems typically try to send the email after a few minutes; spammers simply ignore such error messages. | No |
Other engines
The following engines help to identify safe emails.
FILTER | DESCRIPTION | ENABLED BY DEFAULT |
---|---|---|
Whitelist | The Whitelist contains lists of criteria that identify legitimate email. Emails that match these criteria are not scanned by anti-spam filters and are always delivered to the recipient. | Yes |
New Senders | The New Senders filter identifies emails that have been received from senders to whom emails have never been sent before. | No |