All email accounts hosted on our servers are protected by multiple levels of Antispam and Antivirus. The protection concerns both incoming and outgoing emails. Our Antispam analysis systems are based on algorithms for calculating the reputation (positive and negative) of the sender IP, of the URLs contained in the messages and a series of commercial third-party filters capable of intercepting and blocking the new trends of Spam and Virus in real time. In particular, Qboxmail users are protected by specific Antivirus signatures dedicated to blocking 0-day Ransomware, or new variants of previously known attacks.
The first layer of protection is at the SMTP connection level.
All remote servers that connect to our MXs must have the following requirements:
- A valid and qualified (FQDN) reverse DNS
- Not be present in the main DNSBLs
- Introduce yourself with a valid HELO FQDN
If your server or its configuration does not comply with these Best Practices you will hardly be able to deliver your emails around the network.
ANTIVIRUS Scan: The first scan is aimed at understanding if the message contains a potential threat (Virus, Malware, Phishing, Ransomware). In case our Antivirus discovers a danger, the email is silently discarded as the sender of these emails is almost always non-existent so sending a notification does not make sense.
ANTISPAM filters: The second scan is aimed at understanding if the message can be considered unwanted (Spam or Bulk email) or containing a potential threat not detected by the previous Antivirus filter. Penalties related to the content of emails and the presence of the sender IP are applied in various less relevant DNSBLs. If the penalties are lower than a certain score, the email is quarantined in the “Spam” folder of the user’s mailbox (available from Webmail or IMAP), if the penalties are above the threshold, the email is rejected with an error 500 at the SMTP dialog level. The sender of the email can thus receive a notification of non-delivery and take the necessary measures.
The Log Analyzer tool in real time, ETLive, allows you to check if the Antispam or Antivirus filter has blocked a message due to a false positive:
The Whitelists, which can be activated from the webmail, act only at the “Antispam” level. If the email comes from a blacklisted IP, from an incorrectly configured server or contains a virus, it will be rejected in any case.
Blacklists are also manageable by the user via webmail and cause the message to be sent back to the sender with a 500 SMTP type error.
Whitelists and blacklists entered by users are intended to “heal” a problematic situation temporarily. Our system is able to learn, on the basis of user reports, any problems of false positives / negatives and to adapt its filters in this sense.
The email addresses of the senders of the message must be valid internet addresses, it is not possible to accept emails from the sender to which it is not possible to send a reply to (for example domains without a correct DNS configuration or invalid or non-existent domains). If the sender domain uses SPF or DKIM the settings must be correct.
The DNSBL lists used may vary over time depending on technical factors. When they receive a connection from a blacklisted IP, return a “permanent” error 5.xx, in this case the remote server will not retry the connection and will immediately generate a bounce (error message) addressed to the sender.
Except for the Antispam analysis, the filters cannot be customized by the user. Furthermore, since the block is at the IP / DNS level on the first phases of the SMTP dialogue, the email addresses of the blocked senders are not present in the logs of our systems but only the IP addresses of the sending servers. In any case, following a block for one of the reasons given above, the sender server or the sender itself (ie the e-mail address specified in the “Return-Path” header) always returns an error message, so no email can be lost.
In any case, our technical support is always available to customers / senders to analyze cases of false positives.
There is also an Antispam and Antivirus system on our SMTP servers, this to avoid that the compromise of an email account (for example following a password theft) can lead to sending spam from our servers and penalise the reputation of our IPs. Through ETLive you can check if an account or a message has been blocked for these reasons.
Here is how the error appears in ETLive when trying to send a spam email via our SMTP:
If the attempts to send Spam are repeated over time, the email account will be inhibited by sending other messages by SMTP block. It will be the customer’s responsibility to verify the problem, generally with an Antivirus scan of his PC and subsequently a password change, and then re-enable the email account at the authenticated sending.