Feature Overview
All MailGuard features at a glance: spam score, analysis methods, filter rules, and actions.
MailGuard Feature Overview
MailGuard is Conbool's integrated email threat protection. It analyzes every inbound and outbound email in real time and automatically executes actions based on the results.
How Does MailGuard Work?
Multi-Layer Analysis
Every email passes through multiple analysis layers:
- Reputation Check: The sender's IP address and domain are checked against reputation databases.
- SPF/DKIM/DMARC Check: Technical sender authenticity is verified.
- Heuristic Analysis: Email content is checked for typical spam/phishing patterns.
- Adaptive Detection: Learning-based filters detect spam patterns based on previous emails.
- URL Check: Links are checked against known threat databases.
- Attachment Analysis: File types, archives, and MIME types are analyzed.
- Geo/Network Filter: Geographic origin and IP ranges are checked.
Spam Score
Each email is assigned a spam score. The higher the score, the more likely it is spam. You configure two thresholds:
| Threshold | Action |
|---|---|
| Flagging Threshold | Email is flagged with X-Conbool-Flag: YES in the header and/or marked in the subject line. |
| Blocking Threshold | Email is blocked, moved to quarantine, or forwarded to an alternative address. |
Available Actions Upon Detection
- Set Header:
X-Conbool-Flag: YESin the email header. - Modify Subject: Prefix such as
[SPAM]in the subject line. - Alternative Delivery: Forward the email to a catch-all address.
- Quarantine: Isolate the email and notify the recipient.
- Reject: Reject the email directly (bounce).
Modules in Detail
Inbound (Policies)
| Module | Description | Documentation |
|---|---|---|
| Spam Protection | Spam score, thresholds, custom filter rules | Spam Protection |
| Attachment Filter | Block file types, ZIP/RAR analysis, size limits | Attachment Filter |
| Geo/Network Filter | Country blocking, IP blocklist/whitelist, domain blocklist | Geo/Network Filter |
| Link Protection | URL analysis, QR code detection, click-time recheck, defanging | Link Protection |
| Quarantine | Isolation, notifications, release | Quarantine |
Outbound (DLP)
| Module | Description | Documentation |
|---|---|---|
| DLP Rule Sets | Detect sensitive data, file types and document fingerprints | DLP Overview |
| DLP Actions | Block, quarantine, redact, BCC copy, redirect | DLP Overview |
| DLP Incidents | Audit trail of all detected violations | DLP Overview |
Prerequisites
- Active MailGuard subscription.
- Viewable by Owner, Operator, Analyst, and Auditor. Configurable by Owner and Operator.
- Correctly configured domain and mail server connection.