The websites and links in the mails are compared against a lost of known and agressive spammers. This list will be combined with the lists that are offered from several antispam organisations.
The mail will be scanned and will get a score, based on a list of criteria that spam usually has. When a mail gets a hight score, it will be marked as spam.
Central mailservers keep track of mails. They use a checksum technology to trace and follow mails. When too many mails with the same matching checksum pass through, they will be analysed and marked as spam.
Checks are done to verify the sender of the mail. For example, we check to see if the mail address is valid. Other complex check investigate the SMTP protocol on a deeper level.
Users can add trusted mail addresses and IP's to a whitelist. The blacklists works opposite to that.
DoS-attacks and dictionary attacks (emails using a random mail address) on domains will be blocked.
File attachment limitation
Certain file types, such as .vbl, will be blocked by default.