To identify and block spam, spamBlocker reviews the header and body of email messages. In Fireware v12.5.4 and higher, all emails that are scored by the spamBlocker engine are then sent over a TLS connection to a third-party, cloud-based service that provides additional scanning and scoring.
For SMTP and POP3 proxies, the Firebox sends the first 100 Kilobytes of the message body for scoring, and for IMAP proxy, the Firebox sends all of the message. Attachments are part of the message body.
WatchGuard has a Data Processing Addendum (DPA) in place with the owner of the cloud-based service, which provides guarantees that they implement appropriate technical and organizational measures to protect data sent for analysis. The cloud-based service automatically deletes the emails it receives, but the emails might be retained for up to 30 days after submission to be used in subsequent analysis by the engine.
The Firebox sends spamBlocker requests to the nearest server data center by default. For GDPR compliance in the EU, the DNS used by spamBlocker always links to a data center in Europe. For WatchGuard’s official GDPR statement, see https://www.watchguard.com/wgrd-about/gdpr-statement.
You can select a different data center location.
- Any — Uses an FQDN that resolves to the closest IP address.
- NA/America — Uses an FQDN that resolves to the US-West data center.
- EU/Europe — Uses an FQDN that resolves to the Ireland data center.
- AP/Asia — Uses an FQDN that resolves to the Tokyo data center.
For more information on how to set the server location, see Configure Global spamBlocker Settings.
spamBlocker Data Retention FAQ (Knowledge Base article)