There are a number of options available for tuning how SchoolZone filters email. The following is a run down of each of the available filter options.


Options in green are our recommended options to use to block the majority of spam with minimum chance of false positives.


SMTP Heuristic Descriptions


Found in Network -> Proxies > SMTP > Profiles > Expand the profile. Right click to turn each on or off.


AnomalousCharacterScanner Looks for strange characters which when found in excess often indicate spam.


FromAddressValidationScanner Checks the From header against the envelope sender and/or the return path.


HeuristicScanner Performs a heuristic scan of the message contents looking for defined spam patterns.


HTMLConcealmentScanner Detects the presence of HTML concealment such as misleading links.


ImageDominanceScanner Looks for unusual ratios of images to text. This is intended to catch spam emails which use solely images to convey their message.


InvisiMailScanner Simply looks for messages without content or subject. 


KeywordScanner Performs a simple keyword match against the tokens returned by the tokenizer. When one ‘keyword’ is matched against token, ‘max’ value will be returned. When one ‘killerword’ is matched, the value of 1 (absolute=true) will be returned and further filtering checking will stop.


ObfuscatedCharacterScanner Looks for characters which have been misused to represent legitimate characters, such as '@' in place of 'A'.


RBLScanner Checks the sending servers address isn't on a number of online blacklists.


SURBLScanner Scans the email for embeded URLs known to be spam/phising destinations.


RecipientScanner Looks for excessive numbers of recipients.


SenderAddressValidationScanner Validates the forged status of the sender. A sender is deemed to have been forged if and only if: The sending MTA publicized a name (HELO) which either does not exist in the DNS, or does not match the recorded IP address for that sending MTA.


TagFalseAnchorScanner Looks for anchor tags who's href attribute does not match the displayable text inside the anchor. This is often found in phishing emails.


TagSourceCgiScanner Looks for mail bugs. These are images which reference a CGI script (or other server side script) to render an image.


TagSourcePortScanner Looks for unusual port references in urls. This is intended to identify suspicious emails which contain references to unusual or vulnerable tcp ports.


SMTP Profile Option Descriptions


Found in Network -> Proxies > SMTP > Profiles > Right click the profile and Edit.


check_rdns=(true/false) Reject messages a check for the presence of reverse DNS from sender IP address fails.


check_rmx=(true/false) Reject messages with return path domains without an MX or A record. This means that domains in the reverse path that would be undeliverable for return mail cause the message to be rejected.


greylist =(true/false) Temporarily rejects messages with an SMTP 421 error, forcing the sending end to redeliver. Mails from this sender will continue to be rejected until the 'greylist_activetime’ has elapsed. Greylisting works because most spammers will not re‐attempt to send mail after the initial attempt. 


Reputation_check=(true/false) This is the Cyren engines activation trigger. Cyren is a cloud based global spam identifying service. This filter alone will cover 90% of inbound spam.


tagged_confirmation=(true/false) An email is sent to the sender asking them to reply and confirm they are human. The SMTP engine will do this for all senders it is unsure are trusted. Great system but can lead to problems with receiving bulk emails as it can get you blacklisted from mass replying with TMA requests.