MailWasha achieves a very high detection rate while maintaining one of the lowest false-positive rates in the industry. It does this by applying a wide range of tests to incoming messages and considering the results from all of these before deciding to pass or fail a message. Here is a summary of the more significant technologies used by MailWasha:
Zero-Hour Outbreak Protection
MailWasha’s Outbreak protection detects and classifies all types of email-borne threat patterns in real-time. It extracts and then analyzes relevant patterns, which are used to identify massive email-borne outbreaks. Resulting analysis can detect outbreaks in "Zero Hour" - much faster than traditional filter and signature based solutions.
MailWasha utilizes a high performance, customized version of the popular open source SpamAssassin™ project for heuristic rules and Bayesian classification. Messages are assigned a score based upon their content.
DNS Blacklists (DNSBL) are services which provide their own reputation assessments on a given IP address. The DNSBL engine works by querying each blacklist and checking if the IP address of the incoming SMTP connection has been blacklisted for propagating spam.
URIBLs are blacklists used to detect spam based on web links contained within the message body. For more information on URIBLs visit: http://www.surbl.org/
GreyListing is disabled by default in MailWasha, but can be enabled if required.
Greylisting works by informing the sending mail server that a temporary error has occurred and that it must retry delivery at a future time. The theory is that, by and large, spam tools don't retry delivery but legitimate mail servers do. Greylisting is a controversial weapon in the war on spam. It deliberately delays even potentially important messages. For more information on greylisting visit: http://en.wikipedia.org/wiki/Greylisting
Backscatter occurs when spam or viruses send mail using a forged address as the return path. This can lead to thousands of bogus delivery status notices, vacation and out-of-office messages, autoresponders, etc., ending up in the inbox. Backscatter protection works by using an encryption key to protect the return path value used when sending mail. This can be used later to distinguish between legitimate and forged use of email addresses in certain cases.
DomainKeys Identified Mail (DKIM)
Cryptographic authentication techniques are used to protect the identity of the signer as well as the message content. For more information on DKIM visit: http://www.dkim.org/info/dkim-faq.html
Sender Policy Framework (SPF)
The Sender Policy Framework (SPF) is an open standard designed to prevent sender address forgery. Complete details on how SPF works may be found here http://www.openspf.org/Introduction
Sender ID is related to SPF, but it is more complex in order to more reliably determine the actual domain purported to have sent the message (PRA), and to reduce the likelihood of incorrect results.
A large percentage of junk email has forged sender ("from") addresses. MailWasha can verify if a sender’s email address is a valid address.