Filter Types

Emails from certain domains, IP ranges, e-mail addresses or with certain subject content can be filtered out by the integrated Blacklist technologies. The administrator can create these lists company-wide and users can additionally maintain them.

However, the Blacklist filters of the REDDOXX Spamfinder are also based on external, public lists.
A general problem of these filter techniques is the risk of wrong detection (so-called false positives).

The integrated user quarantine function of the REDDOXX Spamfinder reduces the risk of false-positives, because each user has the possibility to access his quarantine section and make sure that it does not contain emails, which don't belong there.

This also reduces the administrators' efforts to look for important emails among the spam.

Whitelists are so-called friendly lists, and inasmuch as certain criteria are fulfilled, the emails are forwarded directly without delay.
These lists vary from individual e-mail addresses up to general domain addresses.
They may contain individual IP addresses or IP address ranges or simply certain subject contents that classify an e-mail as "desired".
In the REDDOXX Spamfinder, these lists were implemented as follows:

  • AWL: Adresses White list
  • DWL: Domain White list
  • NWL: Network White list
  • SWL: Subject White list

These filter lists are available to all users of a system on a general basis but also for individual users in order to perfect the accuracy of the REDDOXX Spamfinder.

  • ABL (Adresses Blacklist): Checking the sender's address against an address blacklist maintained in the REDDOXX Spamfinder
  • DBL (Domain Blacklist): Checking the sender's domain against an address blacklist maintained in the REDDOXX Spamfinder
  • NBL (Network Blacklist): Checking the IP address of a sending e-mail server against a network blacklist maintained in the REDDOXX Spamfinder.
  • SBL (Subject Blacklist): Checking the e-mail's subject line against a subject blacklist maintained in the REDDOXX Spamfinder.

  • RBL (Realtime Blacklist):
    Realtime check of the sending mail server against public blacklist servers.
  • Dynamic IP-Blacklist:
    While establishing a SMTP Connection for a new mail, the senders IP Address is checked with the RBL Blacklist Server that are provided in RBL Filter.
    If the senders IP Address is Blacklisted, the Connection is terminated.
    This results in a performance gain for spam attacks.
    This Szenario needs the mails to receive directly and not through a relay.
    Blacklist Addresses are saved for 7 Days.
  • ARBL (Advanced Realtime Blacklist):
    The advanced Realtime blacklist filter checks the last mail server in the mail flow, meaning the one who sends the e-mail to the Spamfinder.
    If you obtain your emails via an own relay, this must be excluded in the configuration.
  • Fuzzy Filter:
    Filter developed by REDDOXX, which compares the content of the e-mail with already identified spam mails.
    The patterns that are used to filter spam mails are generated via a honeypot method and the corresponding sender reputation
    Port 55555 TCP outgoing is required.
    The Fuzzy Filter works fine, if the logfile shows a “result” behind the given tests:
    Fuzzy-Filter (64B44D65FB1) phase 1 (ex) 3248ms result: Major=clean Minor=normal Fallback=clean Virus=
  • Antispoofing:
    The Antispoofing Filter checks, if sender and recipient mailaddresses are from different networks but belong to the same domain. This would be a spoofing attack with faked senderdomain and is filtered when antispoofing is enabled.

  • SWL: Subject Whitelist
  • SBL: Subject Blacklist

  • Antivirus Filter:
    As a comprehensive security system for emails, the REDDOXX Spamfinder Appliance also contains an integrated virus protection for your e-mail server.
    In order to highlight the quality standards of the filters, we use ClamAV which is open source software.
  • RVC: Recipient Verify Check:
    The RVC filter already checks upon acceptance of the e-mail (SMTP server dialog), whether the recipient address is known at all on the target system.
    If not, receipt is already denied during the send attempt.
    This prevents spam attacks on non-existent mailboxes without impairing the performance of your e-mail servers.
    The acknowledgement is: 550 Recipient not accepted (Unknown recipient: xxxx@domain.tld).
    In contrary to the other filters, the settings for the recipient verify check are made in the Lokal Internet Domains.

The Innovation of the REDDOXX Spamfinder Appliance is called CISS

CISS (Confirmation Interactive Site Server), is a unique, several stage control process, which ensures the permanent exchange of wanted mails between sender and recipient.

  1. Stage: E-mail receipt, check for viruses through anti-spam filter and temporary saving.
    Dispatch of a response e-mail to the sender with the request for authentication at the stated link.
  2. Stage: Request to perform a certain action on the Internet page, which can only be performed by a person, not by spam robots.
  3. Stage: Feedback from the portal to the REDDOXX Spamfinder about the successful authorization and automatic forwarding of the e-mail to the recipient.
  • These 3 stages are performed, if the sender is unknown or has not answered the CISS Challenge yet.
  • E-Mails from known senders (that are on the Address Whitelist) are checked with respect to viruses, worms, Trojans and of course, also whether this is a spam mailt, but without going through the 3 steps again.