Email filtering

Last updated

Email filtering is the processing of email to organize it according to specified criteria. The term can apply to the intervention of human intelligence, but most often refers to the automatic processing of messages at an SMTP server, possibly applying anti-spam techniques. Filtering can be applied to incoming emails as well as to outgoing ones.

Contents

Depending on the calling environment, email filtering software can reject an item at the initial SMTP connection stage [1] or pass it through unchanged for delivery to the user's mailbox. It is also possible to redirect the message for delivery elsewhere, quarantine it for further checking, modify it or 'tag' it in any other way.

Motivation

Common uses for mail filters include organizing incoming email and removal of spam and computer viruses. Mailbox providers filter outgoing email to promptly react to spam surges that may result from compromised accounts. A less common use is to inspect outgoing email at some companies to ensure that employees comply with appropriate policies and laws. Users might also employ a mail filter to prioritize messages, and to sort them into folders based on subject matter or other criteria.

Methods

Mailbox providers can also install mail filters in their mail transfer agents as a service to all of their customers. Anti-virus, anti-spam, URL filtering, and authentication-based rejections are common filter types.

Corporations often use filters to protect their employees and their information technology assets. A catch-all filter will "catch all" of the emails addressed to the domain that do not exist in the mail server - this can help avoid losing emails due to misspelling.

Users, may be able to install separate programs (see links below), or configure filtering as part of their email program (email client). In email programs, users can make personal, "manual" filters that then automatically filter mail according to the chosen criteria.

Inbound and outbound filtering

Mail filters can operate on inbound and outbound email traffic. Inbound email filtering involves scanning messages from the Internet addressed to users protected by the filtering system or for lawful interception. Outbound email filtering involves the reverse - scanning email messages from local users before any potentially harmful messages can be delivered to others on the Internet. [2] One method of outbound email filtering that is commonly used by Internet service providers is transparent SMTP proxying, in which email traffic is intercepted and filtered via a transparent proxy within the network. Outbound filtering [3] can also take place in an email server. Many corporations employ data leak prevention technology in their outbound mail servers to prevent the leakage of sensitive information via email.

Customization

Mail filters have varying degrees of configurability. Sometimes they make decisions based on matching a regular expression. Other times, code may match keywords in the message body, or perhaps the email address of the sender of the message. More complex control flow and logic is possible with programming languages; this is typically implemented with a data-driven programming language, such as procmail, which specifies conditions to match and actions to take on matching, which may involve further matching. Some more advanced filters, particularly anti-spam filters, use statistical document classification techniques such as the naive Bayes classifier while others use natural language processing to organize incoming emails. [4] Image filtering can use complex image-analysis algorithms to detect skin-tones and specific body shapes normally associated with pornographic images.

Microsoft Outlook includes user-generated email filters called "rules". [5]

See also

Related Research Articles

<span class="mw-page-title-main">Email</span> Mail sent using electronic means

Electronic mail is a method of transmitting and receiving messages using electronic devices. It was conceived in the late–20th century as the digital version of, or counterpart to, mail. Email is a ubiquitous and very widely used communication medium; in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.

Within the Internet email system, a message transfer agent (MTA), mail transfer agent, or mail relay is software that transfers electronic mail messages from one computer to another using the Simple Mail Transfer Protocol. In some contexts, the alternative names mail server, mail exchanger, or MX host are used to describe an MTA.

The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.

<span class="mw-page-title-main">Open mail relay</span>

An open mail relay is a Simple Mail Transfer Protocol (SMTP) server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users. This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular because of their exploitation by spammers and worms. Many relays were closed, or were placed on blacklists by other servers.

<span class="mw-page-title-main">Email client</span> Computer program used to access and manage a users email

An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.

A tarpit is a service on a computer system that purposely delays incoming connections. The technique was developed as a defense against a computer worm, and the idea is that network abuses such as spamming or broad scanning are less effective, and therefore less attractive, if they take too long. The concept is analogous with a tar pit, in which animals can get bogged down and slowly sink under the surface, like in a swamp.

<span class="mw-page-title-main">Apache SpamAssassin</span> Open-source e-mail spam filter

Apache SpamAssassin is a computer program used for e-mail spam filtering. It uses a variety of spam-detection techniques, including DNS and fuzzy checksum techniques, Bayesian filtering, external programs, blacklists and online databases. It is released under the Apache License 2.0 and is a part of the Apache Foundation since 2004.

An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineering Task Force (IETF) in the 1980s, and updated by RFC 5322 and 6854. The term email address in this article refers to just the addr-spec in Section 3.4 of RFC 5322. The RFC defines address more broadly as either a mailbox or group. A mailbox value can be either a name-addr, which contains a display-name and addr-spec, or the more common addr-spec alone.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Email spam</span> Unsolicited electronic advertising by email

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoidable, and repetitive. Email spam has steadily grown since the early 1990s, and by 2014 was estimated to account for around 90% of total email traffic.

Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again after a delay, and if sufficient time has elapsed, the email will be accepted.

A bounce message or just "bounce" is an automated message from an email system, informing the sender of a previous message that the message has not been delivered. The original message is said to have "bounced".

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

<span class="mw-page-title-main">Message submission agent</span>

A message submission agent (MSA), or mail submission agent, is a computer program or software agent that receives electronic mail messages from a mail user agent (MUA) and cooperates with a mail transfer agent (MTA) for delivery of the mail. It uses ESMTP, a variant of the Simple Mail Transfer Protocol (SMTP), as specified in RFC 6409.

Sieve is a programming language that can be used for email filtering. It owes its creation to the CMU Cyrus Project, creators of Cyrus IMAP server.

SMTP proxies are specialized mail servers that, similar to other types of proxy servers, pass simple mail transfer protocol (SMTP) sessions through to other SMTP servers without using the store-and-forward approach of a mail transfer agent (MTA). When an SMTP proxy accepts a connection, it initiates another SMTP session to a destination SMTP server. Any errors or status information from the destination server will be passed back to the sending MTA through the proxy.

Email forwarding generically refers to the operation of re-sending a previously delivered email to an email address to one or more different email addresses.

MailChannels is a Canadian technology company that is specialized in email security for businesses and internet service providers (ISPs). Founded in 2004 by Ken Simpson and headquartered in Vancouver, British Columbia, the company operates in the areas of email security and infrastructure market. The business provides a variety of products and services designed to safeguard email systems against spam, phishing, and other harmful content. Simultaneously, they guarantee the dependable delivery of legitimate messages. Additionally, they offer a mail relay API for numerous websites.

Backscatter is incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

A mailbox provider, mail service provider or, somewhat improperly, email service provider is a provider of email hosting. It implements email servers to send, receive, accept, and store email for other organizations or end users, on their behalf.

References

  1. With a 5xx SMTP status code
  2. Zonk (31 January 2008). "How Pervasive is ISP Outbound Email Filtering?". Slashdot.org. Retrieved 15 September 2011.
  3. "Inbound and Outbound Email Filtering". thexyz.com. Retrieved 15 May 2023.
  4. "A Guide to Smart Filters | InMoat Knowledge Base". www.inmoat.com. Retrieved 2021-10-19.
  5. Padwick, Gordon; Feddema, Helen Bell (1999). "22: Creating and Using Rules". Using Microsoft Outlook 2000 . Using Series. Indianapolis: Que Publishing. p.  618. ISBN   9780789719096 . Retrieved 2017-01-10. A rule is a set of conditions, actions, and exceptions that controls how Outlook processes and organizes messages.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.