The Gibraltar Spam filter is able to identify, to block and to mark unsolicited bulk email. By using many different detection techniques, it is possible to achieve a very high detection rate and a very low error ratio.

As a result of all performed tests, each email will receive a specific score, which indicates the probability of Spam. The higher the score, the higher is the probability, that the tested email is unwanted.

If the score is higher than the maximum permissible value set by the Administrator, the email can alternatively be deleted, sent back, marked or isolated. Of course it is also possible to keep all Spam emails in a quarantine post office before they are finally deleted.

To efficiently recognize Spam emails, Gibraltar uses all currently accepted methods. A special highlight is the self learning Bayes filters, which can increase the detection rate enormously. The reception of undoubtedly identified Spam emails is automatically delayed by Gibraltar until the sender abandons the broadcast. For this function, so called tar pits are used.

Methods of detection and handling of Spam emails

• Verification of sender and receiver: Both the validity of the email address of the sender and the receiver are checked. Gibraltar tries, whether it would be possible to deliver an email to the sender of the email. Additionally Gibraltar checks for the validity of the receiver address.
• Realtime blackhole lists (RBL): The sender address and the IP address of the sending server are compared with several address databases of well-known Spam senders.
• Header analysis: The email headers are checked up on wrong and malformed information and on RFC conformity.
• Heuristic, rule based analysis: Each email is analysed using a database of suspicious phrases and contents (used product and database: SpamAssassin)
• Self learning filter based on statistical probabilities. This filter can be trained by the users (Bayes filter)
• SPF (Sender policy framework): By using additional DNS entries for it can be checked, whether a sending mail server is allowed to send mail for the affected domain, or not (reverse MX).
• Razor and DCC: Query of collaborative filtering networks (Spam databases) and comparison of email with already classified emails.
• Whitelist and blacklist: The Administrator is able to define allowed and restricted email addresses and domains.
• Tar pit: If an email is rejected, all following delivery attempts are automatically delayed until the sender resigns.