GFI MailEssentials™ - Features

By combining SpamRazer filtering, greylisting, IP reputation filtering, Bayesian filtering and other advanced anti-spam technologies, it provides a spam capture rate of over 99%. GFI MailEssentials also has an enviable low rate of false positives, ensuring the safe delivery of important emails.

GFI MailEssentials includes patent-pending automatic whitelist functionality, which adds outgoing mail recipients to your whitelist. This greatly reduces false positives without any need for additional administration. Whitelist entries can also be based on domain names, email addresses and keywords.

The product can be configured to automatically delete emails from the spam quarantine after a pre-defined period of time.

All this allows for end users to manage their own spam quarantine without needing to have an administrator manually review everyone’s spam.

GFI MailEssentials gives you the flexibility to choose what to do with spam.

You can delete it, move it to a folder on disk, forward the spam mail to a mailbox or public folder for review, quarantine it or send it to individual customizable folders (for example, a junk mail folder) in the end-users' inboxes. You can also select multiple actions as required. This allows you to sort spam and to easily review mail that has been flagged as spam.

GFI MailEssentials is server-based and installs on the mail server or at the gateway, eliminating the deployment and administrative hassle of desktop-based anti-spam and anti-phishing products. A server-side solution will prevent your server message stores from filling up with spam and eliminate the need to train your users on the creation and update of anti-spam rules.

Greylisting is an anti-spam technique used to identify spam emails originating from non-RFC compliant mail servers (which are often utilized by spammers).

For each new SMTP transmission, GFI MailEssentials records the sender, recipient and sending mail server’s IP address (known as a “triplet”) and rejects the email with a temporary failure message. Compliant email servers will try to resend the message after a few minutes – this causes their triplet to be confirmed and connections with the same triplet are no longer rejected. Non-compliant mail servers do not try to resend the message.

GFI MailEssentials supports DNS blocklists (sometimes also known as DNS real-time blocklists, DNSRBLs), which are databases of addresses of computers and networks linked to spamming. If the sending mail server is on one of the configured lists, an email is marked as spam. GFI MailEssentials supports popular third-party DNS blocklists, such as SpamHaus and Spamcop, and also enables administrators to configure custom DNS blocklists.

GFI MailEssentials downloads regular anti-spam updates ensuring that it recognizes the latest spam and spamming techniques. These are the result of GFI’s own research as well as cooperation with other spam collection and analysis organizations.

By using multiple antivirus engines, GFI MailEssentials gives you a much better chance of having the right defense, at the right moment, to combat the latest attack. As each engine has its own heuristics and detection methods, each one brings its own strength to your email environment for detecting a particular virus and its variants. Multiple antivirus engines, as provided by GFI MailEssentials, mean better virus protection.

The GFI MailEssentials Trojan and Executable Scanner detects unknown malicious executables by analyzing what an executable does. A Trojan is software which offers some functionality which might actually be useful to a user, while performing other malicious actions under the hood such as granting an attacker unrestricted access to the data stored on the victim’s computer. The Trojan and Executable Scanner uses built-in intelligence to rate an executable's risk level. It does this by disassembling the executable, detecting in real time what it might do and comparing its actions to a database of malicious actions. The scanner then quarantines any executables that perform suspicious activities, such as making network connections or accessing the address book.

GFI MailEssentials can also detect spyware transmitted by email with the (optional) Kaspersky antivirus engine, which incorporates a dedicated spyware and adware definition file that has an extensive database of known spyware, trojans and adware.

GFI MailEssentials gives administrators the option to quarantine emails to a malware quarantine to which access can be controlled. Flexible options for managing this quarantine include web based access, which allows you to approve and reject emails from anywhere, as well as email based quarantine access forms and RSS feeds with links for reviewing, approving or deleting quarantined emails. The latter simplifies your work as an administrator in keeping an eye on your email quarantine store by eliminating the need to log on to the Quarantine Store to check for new quarantined emails manually.

Combating new malware is a major challenge for administrators. One of the best ways to detect the most recent malware, for which definitions have yet to be released, is to run it in a sandbox. With the optional Norman antivirus addition, GFI MailEssentials features Norman Sandbox, a technology which makes use of an emulated environment to analyze the behavior of suspicious files in cases where other types of analyses fall short.

The console includes a real-time dashboard that gives administrators a graphic view of the software’s status as well as the server’s email flow. Information shown on the dashboard includes: status of key GFI MailEssentials services, email flow statistics, blocked spam and malware, POP2Exchange logging and email processing results which can be filtered by sender, recipient, subject, and more.

Attachment checking functionality can be used to scan emails for attachments, ensuring that sent and received attachments are of a file type which is accepted by organizational policy, and utilizing real file type detection technology to ensure that techniques such as file extension renaming are not utilized to bypass checks. You could choose to block all incoming emails with potentially malicious attachment types, for example, or block bandwidth and productivity wasters such as .mp3 (audio) and .mpg (video) files.

In all cases, rules can be defined on a user or group basis, exclusions can be configured, and actions which can be triggered include forwarding or quarantining for administrator review, or stripping of blocked content before forwarding to the intended recipient.

The POP2Exchange feature in GFI MailEssentials offers administrators of organizations which utilize external POP3 email accounts a practical way to receive emails without needing their own dedicated email server.

Organizations that are currently using or plan to use virtualization on their network can install and use a range of GFI products with confidence. GFI MailEssentials supports and runs on the most common virtualization technologies in use, namely VMware, Microsoft Virtual Server and Microsoft Hyper-V.

List servers have traditionally been expensive and difficult to administer, and few integrated with Exchange Server. The GFI MailEssentials List Server offers an easy way to implement an opt-in email discussion list with automated subscribe and unsubscribe. Similarly, it offers email newsletter distribution with equal ease. It integrates with Exchange and can use Microsoft Access or Microsoft SQL Server as the backend for its subscriber list.