Antispam and Antivirus Policy
All email accounts hosted on our servers are protected by multiple levels of Antispam and Antivirus. Protection is effective for both recived and sent emails. Our antispam analysis systems are based on algorithms for the calculation of the reputation, positive and negative, of the sender IP, of the URLs contained in the messages and of a series of commercial third-party filters which, by means of Machine Learning techniques, are in able to intercept and block new trends in spam and viruses in real time. Furthermore, Qboxmail users are protected by special antivirus signatures dedicated to blocking 0-day Ransomware or new variants of previously known attacks.
The first level of protection is at the SMTP connection level. All the remote servers that connect to our MX Records must have the following requirements:
- A qualified reverse DNS (of type FQDN) is valid
- Not present in the main DNSBLs
- Present with a valid HELO FQDN
If your server or its configuration does not comply with these best practices, you will be unlikely to be able to deliver your emails online.
The first analysis performed is aimed at understanding if the message contains a potential threat: viruses, malware, phishing, ransomware. In the event that our antivirus detects a danger, the email is silently discarded since the sender of these emails is almost always non-existent and therefore sending a notification would not make sense.
The second scan is intended to understand if the message can be considered unwanted (Spam or Bulk email) or if it contains a potential threat not detected by the previous virus filter. Each email is assigned a score which is the result of a series of evaluations and analyzes that the system performs. This score is linked to the content of emails and the presence of the sender IP in various less relevant DNSBLs. Depending on the score assigned, the email can:
- be quarantined in the Spam folder of your email account
- be rejected with an error 500 at the SMTP dialog level. The sender of the email will receive a notification of non-delivery and will be able to take appropriate action.
Analysis via ETlive
With ETLive, a real-time log analysis tool, you can independently verify if the anti-spam or antivirus filter has blocked a message due to a false positive. For more information on searching through ETlive, read the relevant document.
White list and black list
A white list is a list where you can enter email addresses or domain names considered to be safe and whose messages should not be blocked by the anti-spam, both incoming and outgoing. A white list acts only at the analysis level of the antispam email content, so if an email arrives from an IP in the black list, from a server configured incorrectly or contains a virus, it will be refused in any case. You can add an email address or a domain in the white list directly from the Webmail. For more information, read the reference [documentation].
A black list is a list where you can enter email addresses or a domain from which you do not want to receive messages because you consider them spam or unwanted. Entering an email address or a domain in the black list will result in the sender rejecting the message with a type 500 SMTP error. You can add an email address or a domain in the Blacklist directly from the Webmail. For more information, read the reference [documentation].
The whitelists and blacklists inserted are intended to temporarily solve a problematic situation. Our system is able to learn, on the basis of user reports, possible false positive / negative problems and to adapt its filters in this sense. Because of this, user customizations can be removed automatically after a few months.
Senders'email addresses must be valid Internet addresses as it is not possible to accept emails from senders to whom a reply cannot be sent. For example domains without a correct DNS configuration or invalid or non-existent domains.
If the sending domain uses SPF or DKIM, the settings must be correct.
The DNSBL lists used may vary over time depending on technical factors. Any changes will, as far as possible and appropriate, be reported on these pages after their application. Our servers, when they receive a connection from an IP in the black list, return a permanent error 5.x.x, the remote server will not retry the connection and will immediately generate a bounce (error message) addressed to the sender.
With the exception of antispam analysis, it is not possible to customize the filters indicated above because they are connected to common rules and common sense that all email server administrators must follow. Furthermore, since the block is at the IP / DNS level or in the early stages of the SMTP dialog, the email addresses of the blocked senders are not present in the registers of our systems, but only the IP addresses of the sending servers. In any case, following a block for one of the reasons indicated above, the sending server or the sender itself (ie the email address specified in the "Return-Path" header) always returns an error message, then no email can be lost.
Our technical support is always at your disposal to evaluate cases of false positives and find the solution that best suits your needs.
Antispam on emails sent
For greater security there is an anti-spam and anti-virus system also on our SMTP servers in order to avoid that the compromise of an email account (for example following a password theft) can lead to sending spam from our servers and penalize the reputation of our IP addresses. Through ETLive you can check if an account or message has been blocked for these reasons. Here's how the error appears in ETLive when trying to send a spam e-mail via our SMTP:
[Immagine Authenticated SMTP block for sending spam]
If attempts to send spam are repeated over time, the email account will be inhibited by sending other messages via the SMTP block. You will first need to scan the user's PC to make sure there are no viruses or malware and then make a password change to the blocked account. Once these procedures have been performed, it is possible to unlock SMTP following the procedure indicated in the documentation.
Notification on abnormal sending
Qboxmail accounts are protected by a system that identifies when an account sends abnormal emails via our SMTP servers.
This usually happens following the theft of credentials to access the email account, in order to use that account to send spam or phishing emails. When this abnormal activity is detected, an email is sent to the subject email account of the attack to the holder of the Qboxmail account to which that account is connected. Also, as a precaution, sending additional emails via SMTP is temporarily suspended.
Once the cause has been identified, even analyzing the sending registers using the ETLive tool and solving the problem, even with the use of the antivirus on the user's computer, it is necessary to perform a password change.
Once these procedures have been performed, it is possible to unlock SMTP following the procedure indicated in the documentation.