Email classification and verification status

by Stephane
Image-Par-Défaut-Site-Actualités

In addition to upstream filtering for spam, viruses, phishing and scams, and the ability to block advertising at source, we’ve integrated a basic email classification system into Altospam. This can be used to perform a number of actions on emails, such as automatically classifying emails in an “advertising” folder, or highlighting “safe” emails.

We’ve already described in an article how to highlight or indent certain e-mails, or how to separate advertisements from other e-mails. However, the information transmitted via the specific ” X-ALTOSPAM-STATUT ” field is also used to perform other actions, such as checking SPF or DKIM compliance, or validating mail servers.

Since these previous articles, other statuses have been added to complete the information transmitted via this field, to carry out tests, check the conformity of a server, an email, and its classification by Altospam.x-altospam-statut

We’ve taken a look at each of the possible statuses one by one, to give you an overview and help you interpret their presence in an email. You will find below the 11 possible statuses sorted into 5 different categories:

 

Sender server compliance

Allows you to check the compliance of a sending server, in particular its IP reputation.

serverok : the sending mail server is considered secure and legitimate. Its reverse DNS is correct (valid and legitimate) and its IP is not blacklisted, or the server is whitelisted.

-serverko: the IP address of the sending server is blacklisted on at least one RBL. The RBLs used are public, private and proprietary.

 

SPF validation

The presence of tags: spfok and spfko allow you to quickly check the validity of SPF entries for a sender domain.

spfok : the SPF is present for the sending domain and valid for the mail received: compliance of the sending server with the SPF defined by the domain.

spfko: an SPF field is present for the sending domain but invalid (soft or hard fail).

 

DKIM validation

The presence of tags: dkimok and dkimko allow you to quickly check the DKIM compliance (valid domain TXT field, valid signature present) of a given email.

dkimok : DKIM is valid. The sending domain broadcasts a DKIM key, the mail is signed by the sending server and the signature is valid.

dkimko: DKIM signature is present but invalid.

 

Issuer validation

The status below is intended to validate that the sending server is compliant and that there is no identity theft on the part of the sender.

senderok : the sender server seems authorized to send emails on behalf of the email sender.

This status checks whether at least one of the following conditions is valid: SPF compliance (spfok), DKIM compliance (dkimok), or whether the sender’s domain is identical to that used in the sender server’s reverse DNS. The use of this status can be useful to confirm that an official email (tax, caf, …) comes from an authorized source, that it is indeed valid. This ensures that it is not phishing.

Email classification

Allows you to define specific email classifications.

mailok : this status is present if the message has been extremely well rated. Everything seems to indicate (sending server, authentication, content, etc.) that this is a legitimate message and in no way a spam or unwanted email.

bulk : this is a massive advertisement or newsletter recognized as such by Altospam. If the recipient activates anti-advertising on their account, they will not receive this email.

bounce : this is a bounce, a non-delivery message sent by a certainly legitimate mail server. If the recipient refuses bounces (configurable via the interface), he won’t receive this email.

senderwt : the sender of the message is part of your global whitelist, and all his emails are accepted by Altospam (except known viruses).

x-altospam-statut-thunderbird

Another field, ” X-ALTOSPAM-HOST “, identifies the Altospam server through which the mail was sent. Among other things, this makes it possible to be sure that the e-mail has actually gone through Altospam. It also facilitates research by our technical teams.

 

Altospam’s evolution of email classification gives you better readability in your mailbox, so you can quickly point out conformity, validity and legitimacy when sending and receiving emails.

If you’d like to see for yourself, please try it here.

 

 

Test Altospam’s solutions!

Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …