The incoming Spam quarantine holds incoming messages that the filtering system rejects with a 5xx SMTP rejection code at SMTP level. Legitimate sending servers inform the sender about the rejection.

By default, the quarantined spam is stored for 14 days. Spam messages that were temporarily rejected at SMTP level are not listed in the quarantine, and will be automatically retried by legitimate sending servers.

Enable the Quarantine

Enabling the quarantine is optional, but you must enable it for it to start rejecting messages and for you to view those messages:

In the Domain Level Control Panel, select Incoming – Protection Settings > Filter Settings and ensure the Quarantine enabled box is ticked:

Access the Quarantine

You can access the Quarantine from the Domain Level and Email Level Control Panels.

• View Domain Level Incoming Spam Quarantine
• View Email Level Spam Quarantine

View Domain Level Incoming Spam Quarantine

In the Domain Level Control Panel, select Incoming > Spam Quarantine:

The Incoming Log search page is displayed, and filtered to show all messages with the ‘Quarantined’ status. You can further filter your listed results by adding new rules using the + New rule link.

In this page you can:

• Search for a quarantined message – Using the Query rules panel – and remove all rules to see unfiltered results
• Preview quarantined message content – By clicking on the message link in the Subject column.
• Empty spam quarantine – Click on the Empty spam quarantine button at the top right of the page.
• Release quarantined messages – Allow messages to be delivered to the recipient.
• Release and train messages – Allow messages to be delivered and train the system to recognize future messages from this sender as not spam.
• Release and whitelist messages – Allow messages to be delivered and whitelist the sender.
• Remove messages
• Remove and Blacklist Messages – Remove the message and blacklist the sender.

View Email Level Spam Quarantine

Access the Spam quarantine to view incoming messages that have been blocked as spam.

Select Incoming – Spam quarantine.

The Spam quarantine page is displayed, listing all messages that have been quarantined.

In this page you can:

• Search for a quarantined message – Using the Search fields at the top of the page.
• Preview quarantined message content – By clicking on the message link in the Subject column.
• Empty spam quarantine – Click on the Empty spam quarantine button at the top right of the page.
• Release quarantined messages – Allow messages to be delivered to the recipient.
• Release and train messages – Allow messages to be delivered and train the system to recognize future messages from this sender as not spam.
• Remove messages

The Incoming Delivery Queue stores emails that are not being accepted by the destination server (your mail server administrator should be able to check why these emails are not being accepted).

The system attempts to re-deliver queued messages automatically for 14 days. If, after 14 days, a message still cannot be delivered to the recipient, the system will try to bounce it to the sender. If it cannot be bounced, the message is placed in a frozen state – it cannot be delivered to the recipient or bounced back to the server.

If required, you can manually force delivery of a queued message after resolving the destination mail server issues.

Access the Incoming Delivery Queue

You can view the Incoming Delivery Queue at the Admin Level, Domain Level and Email Level.

• At the Admin Level you can see the queue for all recipients for all domains (and can filter).
• At the Domain Level you can see the queue for all recipients in the domain you are logged into.
• At the Email Level, you can see the queue for your own mailbox.

1. 1. Click on Continuity > Delivery queue – incoming to open the Incoming Log Search page filtered to show all messages with the ‘Queued’ and ‘Delivery failed’ status. You can further filter your listed results by adding new rules using the + New rule link.

1. 2. After adding more rules, click Show Results to run the search and list the results.

All queued emails which match the filters are listed in the table at the bottom of the page.

The dropdown to the left of each email allows you to carry out a variety of actions including various troubleshooting tools:

1. 1. • Retry delivery from queue
      • Remove from queue
      • Remove from queue and notify sender
      • Remove from queue and train as spam
      • Redeliver archived message
      • Download archived message
      • Telnet SMTP test – Opens the Network Tools page and runs a check on the full SMTP delivery process to the destination server.
      • Sender callout – Opens the Network Tools page and runs a check on what the sender’s mail server responds with when the address is checked.
      • Recipient callout – Opens the Network Tools page and runs a check on what the destination mail server responds with when the recipient is verified.
      • Whitelist sender
      • Blacklist sender
      • Whitelist recipient
      • Blacklist recipient
      • Delivery history
      • Compose reply
      • View email – view email content
      • Export as .CSV
   3. To customise what columns are displayed, choose from the columns available in the Customise dropdown:

View Earliest Time an Automatic Delivery Attempt Will be Made

1. 1. Follow the steps described above to list all matching messages.
   2. From the Customise dropdown, select Earliest next delivery attempt and click on Show Results.

1. 3. To lessen the impact on performance, you can only select one message at a time to see this value:

The earliest delivery time is then displayed in the column:

Our filtering systems are specifically designed to avoid false positives. For example, many different checks are performed to avoid making mistakes based on only one classifier.

There are two levels of filtering:

• SMTP Level Filtering
• DATA Level Filtering

Thanks to the combination of the many advanced filters and compliance with IETF RFC standards on how connections should be handled, our systems ensure email messages never disappear. The sender is always informed by their sending server when a message is rejected and messages blocked at the DATA level are usually available in the Quarantine.

SMTP Level Filtering

Incoming email connections are not blocked until after the “rcpt to:” SMTP command, as much as is possible. In doing so the system ensures that the connection belonging to the recipient domain in the logging server is properly logged. As a result, logs showing all connections made to a certain recipient are easy to access.

If a connection appears to be coming from an unknown source or it has not yet been ranked with a good reputation, it may be temporarily rejected with a 4xx code. In this scenario, the sending server queues the email in the Outbound Delivery Queue and automatically retries delivery (at a time controlled by the sending server administrator).

After ten minutes, the connection is accepted by the cluster on any of the filtering nodes, and the internal IP whitelists are adjusted to avoid this delivery delay occurring the next time.

This concept is also known as greylisting, however our implementation is a lot more advanced than traditional greylisting systems since all nodes are fully synchronized, and only connections from servers that are unknown to the network are temporarily delayed. Therefore email delays due to greylisting on active filtering clusters are rare and generally do not cause any problems for the recipients. If the connection appears to originate from a spamming source, it may also be temporarily rejected with a 4xx series code.

This way, even if the server is wrongly listed (for example on an external blacklist) as a spamming source, or if the spamming problem has been resolved on the sending server’s domain configuration, the email still does not get rejected and will be delivered to the final recipient after a delay.

Only if the connection is from a known, spam-only source, or if the behavior is in direct conflict with the IETF RFC standards, a connection may be permanently rejected with a 5xx error code. If that ever happens for a legitimate sender, the sender will always receive a bounce notification from their sending server. This issue only occurs when there are serious problems with the sending server that can only be resolved at the sender’s side. 5xx series rejections will only occur at SMTP level, when the receiving users have rules to do this, or if the source has been verified as sending only spam messages.

DATA Level Filtering

After the “DATA level” is reached, the system scans the email content of the message based on a combination of advanced statistical filtering technologies, spam fingerprint databases, malware, phishing detection and spyware. An email that is detected as spam, can be configured to be:

• Quarantined
• Dropped silently
• Delivered anyway

Email which is permanently rejected (5xx series status reply to the sending server) at this level as spam is quarantined, and will be available for release (except for viruses). If a legitimate email has been permanently blocked, the sending server is responsible for informing the sender that the email did not reach the destination recipient.

The Incoming Log Search is a comprehensive search tool which allows you to filter on all incoming messages over the past 28 days. In this page you can also access Quarantined messages, those that are in the Incoming Delivery Queue as well as those that are Archived.

To access the Incoming Log Search, in the Admin, Domain or Email level Control Panel, select Incoming > Logs.

Using the Log Search you can:

• Perform powerful filtering to find the results you need including:
  • Filtering on message size and the From, To and CC headers
  • Filtering on the outgoing IP used for delivering or attempting to deliver the message and the location of the sending server (based on the IP address)
• Perform various action on single or multiple messages
• Customize available actions on specific messages
• Regenerate the index to search all archived message content
• Export archived messages
• Create and email a report of your log search results (and schedule at a specified frequency)

Run Custom Log Search

In the Admin or Domain Level Control Panel, search incoming or outgoing logs by selecting Incoming > Logs or Outgoing > Logs

Query Rules Panel

The Query Rules panel allows you to customize your search filters. The default query rule for the incoming Log Search is the Timestamp rule.

Use the shortcuts beneath the Timestamp filter to quickly select results from Yesterday, the Last week and Last month.

To Match all rules specified ensure that All is selected. Alternatively to allow partial matching select Any:

1. 1. Click on + New rule and select from the filter options available:

The Query Rules are constructed of three parts:

1. 1. • The part of the message/metadata you are looking for e.g. sender, subject, To, From, CC, Sender location, message size etc. – Select from the first dropdown in the Query Rules panel
      • The type of match e.g. contains, does not start with etc. – Select from the 2nd dropdown in the Query Rules panel
      • The content you are trying to match – Select

The Status of a message tells you what stage the message has reached in the filtering process e.g. rejected, queued for delivery, quarantined etc. To search for messages with a specific status, use the Status rule and tick the checkboxes of the statuses you wish to include.

1. 2. If you wish, you can use the Quick select shortcuts provided e.g.Accepted; Not accepted.
   3. Once you have added the rules, use the Customise dropdown to select the fields you want displayed in the search results.

There are many options available, with the most popular choices outside of the defaults being:

1. 1. • Main Class – How the message was classified which determines what happens to the message (e.g. temporarily or permanently rejected, for example, Spam).
      • Sub Class – Why the message was given the Main Class that it was given. For example, if the message was classed as Spam, the Sub Class may be DNSBL (DNS Blacklisted).
      • Delivery Data – Shows the destination mail server’s most recent response to the filtering server’s attempt to deliver. For example, if a message is accepted by the filter but can’t be found in the recipient’s Inbox, this field will show if the message was delivered to the destination mail server or not.
      • Status – Shows the current status of the message. For example, Delivered, Rejected, Quarantined, Queued etc. Note that Rejected includes both temporary rejections (where the sender will most likely automatically retry delivery later) and permanent rejections (where the sender will not automatically retry).

4. Use the Group results by: dropdown and select from the list if you want to group the results by category. For example, to group the results by sender, select Sender.
5. Once you have specified your filters, click on Show Results to run the search and display the results at the bottom of the page.

Actions Available on Log Search Results

In the Search Results listed you can carry out a variety of actions including:

• Telnet SMTP test
• Sender callout
• Recipient callout
• Whitelist/Blacklist Sender/Recipient
• View Delivery History
• Change action for specific messages
• Export Log Search Results – Download the report in Excel CSV format – using the Export button.

Regenerate Index

If you want to be able to search all archived message content in your domain, click on the Regenerate Index button at the top of the Domain Level Log Search page.

The index is regenerated and any messages archived since the last time the index was generated are added to the index – allowing you to search all archived message content for that domain.

Add Customized Action Using Log Search

1. 1. Once you have run your log search and the search results are listed, select the dropdown to the left of the message and select Change action for messages like this.

1. 2. The Add a new custom action for emails dialog is displayed with the fields pre-populated according to the message.

1. 3. Click Save.

The new custom action is listed in the Customize actions page accessible from the Admin and Domain Level Control Panels.

You can now use the dropdown to the left of the new action and select Find similar messages to redirect you to the Log Search where the query based on your rule is automatically run and matching results are listed.

Alternatively, you can set up custom actions manually on the Customize Actions page. However, using the log search, as described here, is quicker, easier and more versatile.

After incoming messages are processed, they are delivered to the destinations configured here – this is typically the final mail server for the recipient. Delivery is attempted to each of the destinations, from the lowest priority to the highest (as with MX records). Destinations with identical property values are attempted in random order and do NOT have deliveries spread across them.

The Destination Routes you set up when adding a domain are listed here automatically but you can also add any manually.

In this page you can:

• Add, edit and delete destinations
• Perform a connection check
• Perform a catch-all check – Discover whether the destination mail server is a ‘catch-all’ for a specified domain (accepting mail for any address at that domain)
• Check Routes for Open Relays
• Carry out a Telnet test for a route by clicking on  alongside the route.

To access this page, go to Incoming > destinations in the Domain Level Control Panel.

Add Destination

1. 1. In the Admin or Domain Level Control Panel, select Incoming > Destinations. All existing destination servers are listed.

2. Click on + Add a destination at the top of the page.
3. In the Add a destination dialog enter:
   • Priority – delivery is attempted from lowest priority to higher
   • Host – destination server address
   • Port – destination port
4. Click Save.

Perform Network Checks on Destination Server

You can perform a Connection check, Catch all check or Open relay check on a destination server.

1. 1. In the Admin or Domain Level Control Panel, select Incoming > Destinations.
   2. In the list of destinations displayed, locate the destination to check.
   3. Click on the dropdown to the left of the destination and select from the following:
      • Connection check
      • Catch all check
      • Open relay check

The SMTP tab in the Network Tools page is displayed with the check running.