Hosted Email Security applies the following connection-based filtering at the MTA connection level:
IP reputation-based filtering
When an originating or upstream MTA attempts to connect to Hosted Email Security, Hosted Email Security queries Trend Micro Email Reputation Services (ERS) to determine whether the IP address of the upstream MTA has a "trustworthy" reputation in the database. Based on the upstream MTA's reputation and the selections on the IP Reputation settings screen, Hosted Email Security may terminate the connection and reject the messages.
Envelope sender filtering
Message envelope sender email addresses and domains go through the approved and blocked sender list filtering. Hosted Email Security may terminate the connection and reject the messages from those in the blocked sender list while allowing messages from those in the approved sender list to bypass ERS, anti-spam and graymail scanning.
Envelope recipient filtering
After you import or synchronize valid domain recipients and enable the recipient filter for your domains, Hosted Email Security may reject the messages that are not sent to your valid recipients, reducing the load on downstream mail servers in case of a dictionary attack or a flood of backscatter bounces.
Sender Policy Framework (SPF) check
SPF is an open standard to prevent sender address forgery. The SPF protects the envelope sender address, which is used for the delivery of messages. Hosted Email Security enables you to configure SPF to ensure sender's authenticity and filter out spoof messages. When receiving a message claiming to come from that domain, Hosted Email Security will verify whether the message complies with the domain's stated policy or not. If, for example, the message comes from an unknown server, it can be considered as fake and handled based on your settings.
Transport Layer Security (TLS) check
TLS is a protocol that helps you to secure data and ensure communication privacy between endpoints. Hosted Email Security allows you to configure TLS encryption policies between Hosted Email Security and specified peers. Hosted Email Security may reject the connection based on your security level.