ALTOSPAM Functioning and technologies used

ALTOSPAM is a real-time on-line antispam and antivirus system. This service is an externalized bridge by which all your e-mails transit and are sorted out to be redirected towards your servers or rejected in the case of spam or virus. Your mail server receives e-mails without spam or virus.

ALTOSPAM requires no modification of architecture, no parameter setting and no downloading or installation of software on the user device. The ALTOSPAM service is integrated directly in your existing computer environment. A simple modification of DNS entry is necessary so that e-mails are sent to the ALTOSPAM servers and then routed after analysis towards your e-mail server.

Altospam provides access to an administration interface from which you can control how messages are filtered and what actions should be implemented when a spam or a virus is discovered. You can also add your own filters and show your reports and logs of analysis.

If your mail server is unavailable for a while, your e-mails are temporarily stored on our ALTOSPAM servers until your service is restored.

ALTOSPAM is a solution which combines judiciously the most recent techniques in detection of spams:


Heuristics analysis

The heuristics analysis constitutes a set of rules represented in the form of regular expressions. It looks for e-mails which headers and\or bodies match some very particular characteristics known to have a strong probability of being a spam. ALTOSPAM uses a database of customized rules to identify spams from different countries


RBL (Realtime Blackhole List) or DNSBL (Back List DNS) are lists of servers or networks known to help, welcome, produce or broadcast spams or to supply a service which can be used as support for the expedition of spams: OpenSMTP Relay, Open Proxy List (OPL). ALTOSPAM uses the main RBLs of the market.

Collaborative databases of spams

These databases of signatures of spams are used in the same way as the databases of signatures of virus. They are maintained by the users of antispam solutions.

Recording DNS

Verify the correlation between the IP address of the server source and its name via an inverse DNS request (in - Generally, real mail servers possess a fixed IP address which is related to its domain name. Although a large number of servers do not possess PTR recordings in the zones of addresses for which their suppliers have authority, it remains interesting to know the information to moderate the results.

Bayesians filters

Probabilistic method of e-mails filtering working by learning and basing itself on the statistical distribution of keywords in mails. This type of algorithm self-adapts by leaning on the analysis of e-mails known as being or not spams.

White list

List of sites, hosts, domains or addresses known to be trustworthy. By default very few hosts are considered as trustworthy because their addresses could be usurped by spammers. However a system of self-learning of white list is used by Altospam to accelerate the time of treatment of issuers already tested and considered trustworthy. Furthermore, ALTOSPAM allows you to configure your own white list.

History of the transactions

The previously made transactions between the sender and the recipient of a message are used to influence the analysis results. Indeed, individuals used to sending legitimate emails to each others have no reason of exchanging spams.

URL validation

The analysis of the URL within the message body aims at identifying and filtering the e-mail according to the expected action: a click of the user on a promotional link. This analysis is based on the detection of suspicious sites and suspicious url (numerical, badly formatted).


This antispam technique means Sender Policy Framework. It consists in defining, in a TXT field of a domain, the mail servers authorized to send emails for the same domain (Cf. Sender Policy Framework) et DKIM ( DomainKeys Identified Mail).

Validation of the sending domain

Although the address email is not verified, because certain newsletters are sent from accounts which do not exist, we proceed to the analysis of the sending domain to validate that the sender is capable of receiving emails.

Analysis of images and PDF

Further to the increase of the number of spam-image, we integrated a system of image analysis in order to improve our service efficiency. ALTOSPAM analyzes the images contained in an email on various parameters: number, type, size, format and dimensions, then compares these criteria with the characteristics of images used by spammers.


This technique allows, by holding a session on certain connections considered as questionable, to reduce significantly the speed of answer of the SMTP server. Teergrubing put constraints on the SPAM server.


Greylising is a very recent antispam technique which consists of rejecting temporarily a message, by issuing a code of temporary refusal to the broadcasting server. Then, the broadcasting server sends the mail a second time after a few minutes; an effort that most of spam servers do not make! (Cf. Greylisting/).

Test of Turing

This technique, also named challenge / answer, rely on sending an authentication request to the sender of an email (by reproducing a displayed code) to make sure of the sender’s physical existence. Used in isolation this technology has many drawbacks (transferring the filtering work back to the sender, systematic sending of often unsolicited emails, false-positive generation). When integrated with other technologies and suitably used at the end of the analysis, it allows to release unresolved false-positive.