The green.ch antispam solution works as follows:
Analysis of the subject line:
Many spam e-mails have recognizable, known subject lines that can be used to filter our newly sent spam e-mails.
Protects the mail server so that it cannot be used as a spammer. This prevents being listed in real-time blacklists.
Databases on the Internet that contain examples of known spam e-mails. Mail servers can compare e-mails with these databases and block e-mails found in the databases.
Recognizing spammers whose e-mails are actually from external domains, but are camouflaged with internal sender addresses.
Analyzing the e-mail header to determine discrepancies from defined e-mail standards.
Rule-based scan methods that recognize specific e-mail characteristics. Characteristics like “Removelink” and certain words like “VIAGRA” indicate spam and are assigned “bad points”. Following the analysis, the points are added. If they exceed a defined threshold, an e-mail is classified as spam.
Internal blacklists and whitelists:
Lists with domain names and addresses that are explicitly blocked. Whitelists are the counterpart, clearly specified as wanted e-mails.
Lexical text analysis:
Examination of entire sections of text and links using operators like OR, AND, NOT, etc. to find, for example, sales pitches and requests to visit websites.
Real-time blacklists (RBL):
Lists on the Internet containing IP addresses of mail servers that have sent spam. RBLs prevent company servers from accepting e-mails from such known IP addresses. It is possible that mail servers are incorrectly placed on these lists when company servers were unwillingly forced to send spam.
Protection against mail bombing:
Preventing a mail server from sending a massive amount of automatically generated e-mails (DoS, denial of service). This protection regulates e-mail traffic to prevent overloading.
Preventing directory harvesting attacks:
Stop attempts by spammers to find valid e-mail addresses via the SMTP server.