Inbound Message Flow

Trend Micro Email Security will first scan incoming email messages before final delivery to the "example.com" Inbound Server.

The flow of messaging traffic from the Internet, through the Trend Micro Email Security, and then to the "example.com" Inbound Server, or local MTA.

Evaluation is done in the following order:

  1. The originating MTA performs a Domain Name Service (DNS) lookup of the MX record for "example.com" to determine the location of the "example.com" domain.

    The MX record for "example.com" points to the IP address of the Trend Micro Email Security instead of the original "example.com" Inbound Server.

  2. The originating MTA routes messages to Trend Micro Email Security.

  3. The Trend Micro Email Security accepts the connection from the originating mail server.

  4. Trend Micro Email Security performs connection-based filtering at the MTA connection level to decide on an action to take. Actions include the following:

    • Trend Micro Email Security terminates the connection, rejecting the messages.

    • Trend Micro Email Security accepts the messages and filters them using content-based policy filtering.

  5. Trend Micro Email Security examines the message contents to determine whether the message contains malware or any other threats.

  6. Assuming that a message is slated for delivery according to the policies, the Trend Micro Email Security routes the message to the original "example.com" Inbound Server.

Parent topic: Inbound Message Protection