Unwanted email, also known as spam, fills the average Inbox at a very high rate. A large volume of spam consumes bandwidth, degrades employee productivity, and wastes network resources.
Commercial mail filters use many methods to find spam. Blocklists keep a list of domains that are used by known spam sources or are open relays for spam. Content filters search for key words in the header and body of email messages. URL detection compares a list of domains used by known spam sources to the advertised link in the body of the email message. All of these procedures scan each individual email message. Attackers can easily bypass those fixed algorithms. They can mask the sender address to bypass a blocklist, change key words, embed words in an image, or use multiple languages. They can also create a chain of proxies to disguise the advertised URL.
spamBlocker uses a combination of rules, pattern matching, and sender reputation to accurately identify and block spam messages before they reach your email server. spamBlocker reviews the header and body of the email message to identify and block spam. The email header can include the HELO domain, sender, recipient(s), connecting IP, and the reverse DNS of the connecting host. To determine whether the message is spam, spamBlocker also scans graphical data included in the email message and attachments. For information on spamBlocker data retention and protection, see spamBlocker Data Retention and Protection.
spamBlocker uses IPv4 to connect to the spamBlocker server. If your Firebox is configured for IPv6, you must configure the external interface with both an IPv4 address and an IPv6 address.
spamBlocker scans each message up to a specified kilobyte count. Any additional bytes in the message are not scanned. This allows the proxy to partially scan very large files without a large effect on performance. For more information, see About spamBlocker Scan Limits.
WatchGuard has retired the old spamBlocker engine used by Fireware versions lower than v12.5.4. To continue to get spam detection with spamBlocker, you must upgrade to Fireware v12.5.4 or higher. For more information, see this Knowledge Base article.
The Firebox uses the HTTPS protocol to send requests to the spamBlocker server. If traffic from the Firebox must go through a perimeter firewall to reach the Internet, make sure the firewall does not block HTTPS traffic.
spamBlocker helps you control inbound spam. We recommend that you also configure the SMTP-proxy to prevent mail relay through your mail server. For more information, see Protect Your SMTP Server from Email Relaying.