Spam Filters

What spam filters does MX Guarddog use?

MX Guarddog uses a number of techniques and filters to combat spam, on a massive scale. The following is a partial list of techniques in use, as technologies change we implement new methods to prevent spam from reaching your mailbox.

Collective Intelligence Filters

We use the power of millions of email addresses to power our collective intelligence filters, giving MX Guarddog more bite than bark. You might think our MX Guarddog mascot is small and cute, but he is vicious on spam.

  • Distributed IP Reputation We analyze senders IP address information in real-time, blocking senders that send spam to multiple domains protected by MX Guarddog. When spam is detected at multiple domains new spam is quickly detected and can be blocked in a matter of minutes. Fully automated, and extremely accurate.
  • Distributed Signature Analysis We generate a signature for all incoming email, when large quantities of similar email are detected at different domains we are able to detect the signatures generated by spam messages. This technology does not stop spam based on the message origin but rather by the actual message signature patterns.
  • Distributed Email To the best of our knowledge we were the first to start fighting spam based on email addresses. It sounds obvious to block mail from known spammers, but we do it a bit different than others - making our process unique. Our exact formula is a trade secret, but let's just say we take action when we see large quantities of mail from a specific sender. Our distributed detection systems power this incredibly accurate spam detection method.

Being a part of MX Guarddog distributed detection systems gives you an incredible advantage in the fight against spam, something running your own independent spam filtering system can't provide.

Spam Filtering

In addition to our powerful collective intelligence filters that rely on our distributed network, we have more traditional filtering systems as well.

  • Image Signatures MX Guarddog contains proprietary software that scans images embedded in email, including images that have been embedded in PDF files.
  • RBL Blacklists We subscribe to several RBL (real-time black list) to see if the sender's address is on any blacklists. We constantly adjust sensitivity, and validate with multiple sources to confirm if an address is a known spammer.
  • SURLBL Blacklists The power to fight by URL. Spammers require a call to action, they want you to click a link, send an SMS, make a phone call etc. Most commonly they try and get you to click a link in their spam message, either to try and sell you something or infect your computer. MX Guarddog has developed our own SURBL that is constantly updated with domains that spammers are using in their email messages.
  • Greylisting A modified version of greylisting has been implemented on all MX Guarddog servers, which prevents spam bots from sending huge amounts of email. Most spam bots try and deliver email the fastest way possible, when they are told to come back later they simply give up. Real email servers must comply with delivery RFCs that indicate they must retry after a first delivery error.
  • Bayesian DNA Fingerprinting Bayesian filtering is a self-learning fingerprinting system. It filters spam based on words that are found in spam, but not found in legitimate email. This technology was advanced when first released, but spammers have figured out how to bypass this one. We do not rely on this much anymore but we still have the technology available.
  • SPF - Sender Policy Framework SPF fights email address forgery, and prevents spam from being sent from stolen email addresses. SPF makes it easy to identify spam, worms and viruses. SPF is an open source standard being adopted by domain owners to identify legitimate email by verifying the message envelope with the owner of a domain.
  • Country Blocking By default MX Guarddog will accept email from every country in the world. If you don't need to receive email from specific countries place them on your block list. This is one of the most powerful and accurate filtering systems we offer. Preventing delivery of email from countries you don't normally communicate with is an excellent way to reduce your surface area and can greatly reduce the amount of spam you receive.
  • Local Blacklist All domains are able to define their own blacklists, based on IP address, email address, domain name or attachment types.
  • Reverse DNS PTR Messages can be blocked if the email sender does not have a DNS PTR record. All legitimate email servers are required to have reverse name resolution setup, if a sender does not have a reverse name it should not be sending mail.
  • MX Records If a domain is sending mail, it should be able to receive mail as well. If a sending domain does not have MX records defined for their domain we will not accept mail from them. This type of test prevents mail from being sent from virus infected computers around the world where the virus is part of a spam bot network flood mailboxes with spam.
  • Plus More... This is only a partial list of techniques used to identify and stop spam before it reaches your server.