Antivirus and antispam check with the system Cloudmark Security Platform

Antivirus, antispam and phishing protection is performed with the system Cloudmark Security Platform. It provides carrier-grade messaging protection solutions to protect users against all forms of current and new email threats (spam, phishing, virus).

The TLSA record is published for the mailserver The DNS record of the type TLSA improves the utilization of TLS certificates during the communication between two mailservers. If somebody sends you an email, their smtp server can verify using DANE TLSA, that the email is being delivered to the right target mailserver ( Everything, what the owner of the domain with mailboxes hosted on has to do, is to check, whether their domain has activated DNSSEC and properly set the MX record with the value If the domain has another MX records set up, check, whether these MX records are needed. DANE TLSA technology protects only the domains, that have activated DNSSEC and that all mailservers listed in its MX records have set TLSA records. DANE TLSA technology is quite new, so it is not widely used. As of now, not all mailservers check for TLSA records. Nevertheless, our mailservers are ready to use DANE TLSA.

When smtp connection is established, the outgoing IP is checked. If it is blacklisted or it doesn't have set the PTR record or there are too many simultanous connections from this IP or too many spams from this IP, smtp connection is rejected.

Then the outgoing IP and the envelope sender's domain is checked with SPF (Sender Policy Framework), whether the outgoing IP is allowed in the SPF record of the domin of the envelope sender. For every envelope sender, it is checked, whether its domain has set MX or A record.

Incoming messages are checked against the list of safe and blocked senders. If the envelope sender of the message can be found in the list of safe senders, the message will be delivered as legitimate. If the envelope sender is in the list of blocked senders, the message is rejected within the smtp connection. If the envelope sender of the message is in both safe and blocked senders, the message is accepted. The safe senders have higher prority than blocked senders, so that the recipient don't miss any inmportant email.

If the envelope sender of the message can not be found in safe nor blocked senders, the message goes through the antivirus and DMARC check. If the message contains virus, it is rejected. Safe messages are not rejected, only messages with virus.

All other incoming messages are unambiguously evaluated as legit, or as spam.. Antispam check uses sophisticated algorithm, that evaluates the message on base of the database of fingerprints and returns unambiguous response: message is legit, or message is spam. Reliability of the algorithm is high, spams are evaluated with 98 % success rate, number of false positive legit messages is nearing zero. The database of fingerprints is updated in short time intervals (cca 1 minute) from the global database. Customer only should decide, what to do with spams. There are three possibilities

  • Spams are delivered into the folder INBOX and the subject is overwritten
  • Spams are moved into the folder SPAM
  • Spams are rejected during the smtp connection and they are not delivered into the mailbox

In the default antispam settings of every mailbox, every spam is delivered into the INBOX folder and the string *****SPAM***** is added into the subject.

The article Antispam settings describes all antispam settings.