Content-Based Filtering at the Message Level

After a message passes through connection-based filtering at the MTA connection level, Hosted Email Security examines the message content to determine whether the message contains malware such as a virus, or if it is spam, and so on. This is content-based filtering at the message level.

The following technologies are integrated into the content-based filters:

  • Pattern files (or spam signatures)

  • Heuristic rules

  • Machine learning (or statistical filtering)

  • Web reputation

  • DomainKeys Identified Mail (DKIM) verification

  • Domain-based Message Authentication, Reporting and Conformance (DMARC) authentication

  • Time-of-Click Protection

Hosted Email Security applies the following content-based filtering:

  1. Spam and phishing

    Hosted Email Security analyzes email messages and attachments for content that you may want to block from your network.

  2. Malware (viruses, spyware, and so on)

    Hosted Email Security uses Trend Micro Virus Scan Engine to detect malware. Virus Scan Engine compares message and attachment files with the patterns of known viruses. In addition, Hosted Email Security detects known and unknown macro viruses in Microsoft Office files using Trend Micro MacroTrap, a heuristic scanning technology.

  3. Hosted Email Security policy rules

    Rules are the means by which messaging policies are applied to message traffic. Content that you deem inappropriate, such as personal communication and attachments that can distract users, can be managed using Hosted Email Security policy rules.


    Hosted Email Security default rules quarantine all detected viruses, malicious content, phishing, and spam.

    See Configuring a Policy.