Filtering types

Local-based:

• BWL, black orwhite list: These lists can be made from emails or IP subnets to forbid OR allow them to sending/receiving emails.

When referring to the IP address or email listed under a black or white list, email refers to the “From:” address, and IP refers to the IP address of the source of the email. In an SMTP case, the IP refers to the client’s IP address, while in a POP3 and IMAP case, it refers to the server’s IP address.

• Bannedwords: The admin can define a list of banned words. Emails that contain any of these banned words are considered as spam.
• DNS check: With spamhelodns and spamraddrdns, the FortiGate performs a standard DNS check on the machine name used in the helo SMTP message, and/or the return-to field to determine if these names belong to a registered domain. The FortiGate does not check the FortiGuard service during these operations. FortiGuard-based:
• FortiGuard based options: FortiGate consults FortiGuard servers to help identify the spammers IP address or emails, known phishing URLs, known spam URLs, known spam email checksums, etc. Protocol tuning:
• Protocol tuning: In a profile, there are sections for SMTP, POP3, and IMAP. In each section, you can set an action to either discard, tag, or pass the log for that protocol. Webmail:
• Webmail detector: The email filter can also be configured to detect and log emails sent via Gmail and MSNHotmail. Although these two interfaces do not use the standard email protocols (SMTP, POP3, or IMAP) and instead use HTTPS, the email filter can still be configured to detect the emails sent and passed through the

FortiGate. File-type:

• File-type based filtering: This can include emails which are undesired due to a file-type attachment that the network admin qualifies as non-compatible with their business environment. The admin can define the undesired file-types within the email filter profile and can associate an action to be taken for each file-type (for example: block or log).