MailScanner scans all incoming mail under cPanel

For all incoming mail (including mail for forwarding addresses):

• The mail is initially scanned by the mail server to figure out whom it is for.

• MailScanner looks up the domain or subdomain settings and scans the mail message for viruses first (if enabled by the user or web host). If no settings exist, the defaults are used (spam and virus scanning on with viruses being deleted and spam being tagged and delivered). Compressed attachments (.zip, .rar, .sit, and so on) are scanned for viruses as well.

• If the mail message contains a virus, immediate action is taken based on the domain MailScanner Configuration or your web host's settings.

• If the virus is set to be cleaned and delivered, the message may be tagged as having a virus {virus?} and the attachment is cleaned if possible. You should be very careful with these attachments since very few viruses can be successfully cleaned out of attachments.

• The message is scanned by MailScanner and then SpamAssassin to determine if it is spam (if that feature is turned on for the receiving domain).

• Depending on the SpamAssassin score, the message is processed and tagged according to the domain's settings.

• MailScanner looks for evidence of phishing attacks, web bugs, external message bodies, banned attachment types, and other dangerous content based on your web host's settings.

• MailScanner can look for links that claim to point to one destination while actually taking the user to another site. These sorts of links might be part of a phishing attack. MailScanner has a built-in whitelist for known good sites. If the link is for a site not on the whitelist, MailScanner rewrites all such e-mail links (if the message is in HTML format) so it is clear exactly where you are going if you click a particular link or image in the e-mail. Mail is never deleted simply because it contains what looks like phishing links; it is always delivered (unless the message is classified as spam or a virus, and then the action taken depends on those settings).

• Web bugs are removed and replaced with a small MailScanner graphic to note that a web bug has been removed. Removal is fairly accurate, but there is always a chance one may be missed.

• Messages with entirely external message bodies (a message that tries to connect to the Internet to pull up the entire message body from a remote location) are rejected; the message is bounced back to the sender with a note on why the message was rejected.

• If the message contains object codebase or form tags, the tags may be removed and the message is delivered per the domain settings.

• Banned attachment types cause the message to be bounced back to the sender with a note about why the message was rejected. If a user needs to send a banned attachment type, they should compress the file or files and the message will go through. For outgoing mail the process is similar, except:

• All outgoing mail is typically scanned for viruses and spam regardless of incoming mail domain settings. Viruses are immediately deleted by default. Spam may be scored and sent on. If real spam is sent from a domain on your server, it will be easy to track back to the source this way. • Outgoing mail is not subject to your domain spam white- or blacklists.

Although this is typically how MailScanner handles mail, MailScanner is constantly updated with new and improved features and your web host will have complete control over the process, so it may be different than described here. Contact your web host if you have questions.