< Technology

Email Filtering Architecture

How we ensure confidence in our client’s email

Want to learn more about how we filter emails? You’ve come to the right place. Hold on to your hats: this might get technical.

2 - Envelope Filtering ENG
3 - Content Filtering ENG
4 - Output ENG

Chris S.

The Prefilter – Checking the Basics

Our filters start the scanning process during the SMTP connection. Even before we've seen the email content or subject, our filters can already split the good from the bad by analyzing how the sending server is communicating. Bad emails are blocked before they even reach the quarantine, making your life easier.


  • Protects against DDOS and mail floods

Standards compliance

  • Checks that messages respect the basics of email-sending
  • Rejects emails that fail RFC compliance


  • Check reputable external blacklists
  • Client preferences applied to reduce quarantine size

Safe Content

Our filters are thorough and check every part of the email content: subject, content, URLs, images, etc. Some of the analysis is done with our manmade rules; over 10,000 of them! Some of the analysis is done with our Machine Learning engine called Tyr. All blocked emails are placed in quarantine with a score so you can see just how bad they are.

Link scanning

  • URIBL and heuristic analysis
  • Rapid analysis of links. No delays in receiving emails

Content filtering - heuristics

  • Over 10k rules built and refined over the years
  • Curated daily by dedicated experts

Content filtering - AI

  • Machine-learning recognizes and classifies emails
  • In-house research team

Safe Attachments

Who likes malware? Not us! Our filters check all attached files to block potential infections. To protect against Zero-Days, our filters will automatically quarantine messages that have potentially dangerous files like executables or Office documents with Macros. Blocked messages are placed in quarantine so they can be easily released if needed.


  • Detects known viruses
  • Identifies phishing indicators
  • Powered by Bit Defender and ClamAV

File-type blocking

  • Pre-configured for optimal security
  • Blocks executable files, dangerous Office documents, and zip bombs
  • Fully customizable
  • 0-day protection

Basic anti-phishing

We're working very hard so you don't have to. Scammers are always coming up with new ways to make their emails look legit. ZeroPhishing is there to make sure that spoofed emails are blocked. Our filters are updated daily so you don't have to worry about opening your emails.

Content filtering - heuristics

  • Part of the 10k rules dedicated to phishing
  • Updated every day based on customer feedback

Email authentication (SPF / DKIM / DMARC)

  • In line with industry best-practices
  • Backed by an experienced team that specializes in troubleshooting

Advanced Anti-phishing

Everyone gets advanced protection against threats like BEC and CEO Scams at no extra cost. While this filtering might be advanced, it sure is easy to set up and use.

Spearphishing module

  • Definitive and simple solution to BEC and CEO scams
  • Flexible and powerful protection

Lexicographical analysis

  • Protects against lookalike domain spoofs
  • Applied automatically to all emails

The Importance of SMTP Authentication Verifications

SPF, DKIM, and DMARC keeping you safe

While these authentication frameworks have existed for many years, not everyone enforces them. We do.
We don’t just use them, we know how they work. Want help setting up authentication verifications? We’ve got you covered. These are, after all, important protections. We have years of experience setting up and troubleshooting DNS entries. It’s the kind of thing we email geeks find interesting.