Feature Overview

All MailGuard features at a glance: spam score, analysis methods, filter rules, and actions.

MailGuard Feature Overview

MailGuard is Conbool's integrated email threat protection. It analyzes every inbound and outbound email in real time and automatically executes actions based on the results.

How Does MailGuard Work?

Multi-Layer Analysis

Every email passes through multiple analysis layers:

Reputation Check: The sender server's IP address is checked against RBL (Real-time Blackhole Lists).
SPF/DKIM/DMARC Check: Technical sender authenticity is verified.
Heuristic Analysis: Email content is checked for typical spam/phishing patterns.
Bayes Filter: Learning-based detection based on previous spam patterns.
URL Check: Links are checked against SURBL/URIBL databases.
Attachment Analysis: File types, archives, and MIME types are analyzed.
Geo/Network Filter: Geographic origin and IP ranges are checked.

Spam Score

Each email is assigned a spam score. The higher the score, the more likely it is spam. You configure two thresholds:

Threshold	Action
Flagging Threshold	Email is flagged with `X-Conbool-Flag: YES` in the header and/or marked in the subject line.
Blocking Threshold	Email is blocked, moved to quarantine, or forwarded to an alternative address.

Available Actions Upon Detection

Set Header: X-Conbool-Flag: YES in the email header.
Modify Subject: Prefix such as [SPAM] in the subject line.
Alternative Delivery: Forward the email to a catch-all address.
Quarantine: Isolate the email and notify the recipient.
Reject: Reject the email directly (bounce).

Modules in Detail

Module	Description	Documentation
Spam Protection	Spam score, thresholds, custom filter rules	Spam Protection
Attachment Filter	Block file types, ZIP/RAR analysis, size limits	Attachment Filter
Geo/Network Filter	Country blocking, IP blocklist/whitelist	Geo/Network Filter
Quarantine	Isolation, notifications, release	Quarantine

Prerequisites

Active MailGuard subscription.
Permission guardian.read to view, mailguard.manage to configure.
Correctly configured domain and mail server connection.

How Does MailGuard Work?

Multi-Layer Analysis

Every email passes through multiple analysis layers:

Reputation Check: The sender server's IP address is checked against RBL (Real-time Blackhole Lists).

SPF/DKIM/DMARC Check: Technical sender authenticity is verified.

Heuristic Analysis: Email content is checked for typical spam/phishing patterns.

Bayes Filter: Learning-based detection based on previous spam patterns.

URL Check: Links are checked against SURBL/URIBL databases.

Attachment Analysis: File types, archives, and MIME types are analyzed.

Geo/Network Filter: Geographic origin and IP ranges are checked.

Spam Score

Each email is assigned a spam score. The higher the score, the more likely it is spam. You configure two thresholds:

Threshold

Action

Flagging Threshold

Email is flagged with X-Conbool-Flag: YES in the header and/or marked in the subject line.

Blocking Threshold

Email is blocked, moved to quarantine, or forwarded to an alternative address.

Available Actions Upon Detection

Set Header: X-Conbool-Flag: YES in the email header.

Modify Subject: Prefix such as [SPAM] in the subject line.

Alternative Delivery: Forward the email to a catch-all address.

Quarantine: Isolate the email and notify the recipient.

Reject: Reject the email directly (bounce).

Modules in Detail

Module

Description

Documentation

Spam Protection

Spam score, thresholds, custom filter rules

Spam Protection

Attachment Filter

Block file types, ZIP/RAR analysis, size limits

Attachment Filter

Geo/Network Filter

Country blocking, IP blocklist/whitelist

Geo/Network Filter

Quarantine

Isolation, notifications, release

Quarantine