Skip to main content
BusinessPrivate
LoginRegister now

Answers for private customers

The Knowledge Base for private customers is already largely up to date. A few individual articles are currently being revised and will be updated shortly. We thank you for your understanding and look forward to providing you with the latest information on using mailbox.

Please note: The Knowledge Base has changed slightly. Categories have been adjusted and any URLs stored in the old Knowledge Base are no longer valid.

Spam and virus protection with mailbox

Why am I receiving spam?

mailbox – and Heinlein Support – operate reliable mail servers and spam filters. More than 20 years of experience as consultants specialized in mail and spam protection systems for many companies and well-known providers help us to understand what is possible – but also why various large providers do not implement everything. Spam itself cannot be completely avoided, but anyone who wants to filter it successfully must examine certain characteristics or properties of emails and, if necessary, reject them.

On the one hand, we speak of content-related characteristics, e.g., that the subject contains “Viagra” or that the message body contains a link to a website known for spreading malware. On the other hand, technical characteristics can also be distinguished:

  • Who is sending this mail?
  • How does the sender behave?
  • Is it a “normal” mail server or part of a botnet?
  • From which country or location is this mail being sent?

Spam and virus protection at mailbox

mailbox checks incoming mail in real time, directly upon receipt. Unlike many other providers, spam, junk, or ham folders are disabled by default. Instead of first delivering suspicious messages and temporarily storing them, we perform the evaluation already during the acceptance process on the mail server.
If an email is clearly identified as spam, our servers reject the message immediately. The sender receives a non-delivery notification (bounce) stating that the message could not be delivered.

This consistent approach offers several advantages:

  • The sender is immediately informed that the message has not been delivered.
  • The recipient never receives the message and therefore has no exposure to its content.

Adjusting spam filters

You can adjust our recommended spam filter settings according to your personal preferences – an appropriate guide is available here: Spam and Trash | Spam settings.
Please note that we cannot provide support for problems resulting from changes to the recommended settings – for example, a significantly increased volume of spam.

How our spam filter works

Our spam filter evaluates emails only to a small extent based on their content. The focus is rather on the technical evaluation of the sender. Several complementary methods work together to achieve the best possible distinction between legitimate and unwanted emails.

Serious providers such as eBay, Facebook, or other large services are identified and correctly classified based on technical characteristics. Since these providers are trustworthy and their servers are known and technically well configured, there is usually no reason to fear that their messages will be blocked.

The real threat comes from spam messages sent via so-called botnets – that is, from infected computers, often with outdated Windows systems. Such sources can be reliably identified technically, as they differ significantly from real mail servers, for example by missing authentication mechanisms, dynamic IP addresses, or unusual sending behavior.

Some technical background information

The spam filtering techniques we use include RBL checks, which block known spam-sending mail servers, as well as greylisting and the use of text pattern recognition. By combining various characteristic features, we can identify spam and filter out virus emails with very high accuracy.

RBL checks

Most RBLs (Real-time Blackhole Lists) contain IP addresses of computers that have sent spam, viruses, or malware in the past. Our mail servers use selected lists for spam detection directly upon receiving a mail. You can think of it as the postman not even putting obviously identifiable advertising flyers into the mailbox.

Greylisting

When our mail server is contacted to receive a message, the following details are checked:

  • The IP address of the sending mail server
  • The sender’s email address
  • The recipient’s email address

If our mail server has never received an email from the sending server’s IP address or the sender’s email address – or if both conditions apply – then the delivery attempt is rejected by our mail server. The sending server receives an error message indicating that a temporary error has occurred. For all properly configured mail servers, this results in a reattempt after a minimum waiting period (normally about 5 minutes). Whether and when another delivery attempt is made ultimately depends solely on the sending mail server.
If our server then receives the same combination of data again, the email is accepted.

Text pattern recognition

Text pattern recognition is implemented using manually maintained strings to check whether parts of a message match elements of known spam emails.
For example, if a message contains the text pattern “ViAgra for S$le,” it is likely spam. The corresponding filtering rule could then look like this:

/ViAgra for S$le/i REJECT Body-Spamprotection-rule 0815

Which patterns we currently use for spam detection is available online for administrators. Technically skilled or interested users can take a look at the associated blog entry.

Virus detection

For virus detection, our systems primarily use ClamAV, a freely available virus scanner and phishing filter. When our mail servers receive a message, the entire contents of the email (including attachments) are checked against known virus patterns. If necessary, the virus scanner will also unpack attachments (for example, .zip files) to examine the contained files for malicious code.
If malware is found in the email, our mail server refuses to accept it.

  • LinkedIn icon
  • Mastodon icon
  • Bluesky icon
  • RSS icon

Heinlein Gruppe