Anti-Spam Transport Agents

Anti-spam transport agents respond to SMTP event OnEndOfData related to the completion of receiving the email contents by the server.

The email is not checked for spam and is considered as not being spam if

•the sender domain is included into the values list of TrustedDomains variable;

•the sender address is included into the values list of SpamTrustedEmails variable.

Unlike the white list of Anti-spam that contains the exclusions list based on the sender and recipient email addresses (for example, if the sender and the recipient addresses belong to the same domain, and the sender's address is from the white list, the message can still be considered as spam), the TrustedDomains and SpamTrustedEmails variables exclude the message from the spam check definitively. Therefore, it is not generally recommended to exclude domains by adding them to these variables values lists, but to use the white list of Dr.Web Administrator Web Console for this purpose.

If the sender domain does not belong to the trusted list, the message is put into the line waiting to be checked. If it is considered as spam after the check, it may be deleted, blocked, redirected to another email address, marked as Junk email, or a prefix can be added to its subject. All these actions are fixed in the Incidents section of the Dr.Web Administrator Web Console and in the server log.

If the message is deleted as spam or blocked by filtering rules, the transport agent either closes the connection to the client or produces the RejectMessage response containing the following text: Dr.Web AntiSpam Agent: Message was rejected as spam. You can select one of these actions using Dr.Web CMS Web Console. The message does not reach its recipients in any case.

If the message is redirected to another email address or marked as Junk email, an X-header is added to its header.

An X-DrWeb-RedirectTo header is added to the redirected message, together with new destination address. This header is used by anti-virus transport agent, as it deletes the list of initial recipients and replaces it by the address from the header, if the message does not contain any viruses or other threats. The message does not reach the initial recipients in this case. But it will reach the initial recipients if it is marked as Junk email. In this case, a X-MS-Exchange-Organization-SCL header is added to the message, together with the message distrust index score. This header is recognized by Microsoft mail clients and Microsoft Exchange Server. If the score is between 4 and 7, the clients move such message to the Junk folder (in case they are correctly configured). If the score is larger than 7, the message is rejected by the transport system of Microsoft Exchange Server.

Adding prefix to the message subject does not affect receiving it by the clients. The recipients can configure their own rules and filters to process messages with such prefixes.