Previous Topic

Next Topic

Book Contents

Book Index

How VStream Antispam Works

Linked Diagram Template

VStream Antispam Flow

VStream Antispam works as follows:

  1. A TCP connection arrives at the SMTP port (TCP 25) or the POP3 port (TCP 110).
  2. The connection is checked against the VStream Antispam policy, to determine whether it should be scanned.
  3. If the IP Reputation engine is enabled, and the connection is an SMTP connection:
    1. VStream Antispam sends the connection's source IP address to a VStream Antispam data center.
    2. The VStream Antispam data center checks the reputation of this IP address against a list of known spam sender IP addresses, and then returns a spam score.
    3. One of the following things happens:
      • If the spam score does not exceed the configured confidence level, the email passes to the next enabled VStream Antispam engine for processing.
      • If the spam score exceeds the configured confidence level, VStream Antispam determines that the email is spam and handles it as specified by the IP Reputation engine's settings.
    4. VStream Antispam caches the results of the IP Reputation check.
  4. VStream Antispam checks whether the email sender appears on the Safe Sender List. If so, then the email is accepted.
  5. If the Block List engine is enabled:
    1. VStream Antispam examines the email content and compares the sender to the list of blocked senders.
    2. One of the following things happens:
      • If the sender is not on the list of blocked senders, the email passes to the next enabled VStream Antispam engine for processing.
      • If the sender is on the list of blocked senders, VStream Antispam determines that the email is spam and handles it as specified by the Block List engine's settings.

        By default, VStream Antispam marks the email subject.

  6. If the Content Based Antispam engine is enabled:
    1. VStream Antispam examines the email content and creates a spam fingerprint.
    2. VStream Antispam sends the fingerprint to a VStream Antispam data center, where it is checked against an online database of spam messages.
    3. The VStream Antispam data center returns a spam score.
    4. One of the following things happens:
      • If the spam score does not exceed the configured confidence level, the email is accepted.
      • If the spam score exceeds the configured confidence level, VStream Antispam determines that email is spam and handles it and handles it as specified by the Content Based Antispam engine's settings.

        By default, VStream Antispam marks the email as spam.

  7. One of the following things happen:

See Also

Using VStream Antispam

Header Marking

Default Antispam Policy

Enabling/Disabling VStream Antispam

Viewing VStream Antispam Statistics

Configuring the Content Based Antispam Engine

Configuring the Block List Engine

Configuring the IP Reputation Engine

Configuring the VStream Antispam Policy

Configuring the Safe Sender List

Configuring VStream Antispam Advanced Settings