Help Glossary

Authenticated Received Chain allows intermediaries that modify and forward emails to attest to the validity of the original message by adding the SPF, DKIM and DMARC test results to the message header and sealing it with their own digital signature. Downstream message handlers can rely on this chain of attestations and choose to deliver the message even when it fails the receiving server's own email authentication checks.

A set of digital signatures that help preserve email authentication results in a verifiable format which can be reused by downstream message handlers to validate the email even if it fails the receiving system's own SPF, DKIM or DMARC checks.

Indicates the Internet media type of an email attachment. For example, executable files have "application/octet-stream" MIME type.

The MIME type is harder to spoof than the file name (e.g., renaming an EXE file to DOC), so it provides more reliable information for file type detection.

Email authentication tests provide a way to verify that the email comes from the person it claims to be from, and that the message has not been tampered with.

Authentication tests generally have lower precedence than whitelists: once an email is whitelisted, it cannot get blacklisted by failing an email authentication test.

ORF performs the action of your choice on emails that get blacklisted by an email authentication test. For instance, a blacklisted email may get rejected or tagged.

Snapshots store an ORF configuration state, so you can revert to previous configurations anytime. Automatic Snapshots (as the name implies) are created automatically whenever the configuration is saved.

ORF keeps only the last 20 Automatic Snapshots, the rest is deleted automatically. Converting them to Baseline Snapshots allows keeping them indefinitely.

Snapshots store an ORF configuration state, so you can revert to previous configurations anytime. Marking a snapshot as Baseline means they will never get deleted automatically and can be kept indefinitely.

The first stage of the SMTP email transmission monitored by ORF. Corresponds to the step when sender specifies the recipient (RCPT TO: command). This filtering point is executed for each recipient.

Email contents are not yet transmitted at this point. Due to this, certain tests (e.g. Keyword Blacklist) and blacklist actions (e.g. tagging) are not performed here.

Blacklisting is flagging an email "unwanted". Emails can be blacklisted by a blacklist test, such as the Keyword Blacklist or the SPF Test.

Blacklists generally have lower precedence than whitelists: once an email is whitelisted, it will not get blacklisted.

ORF performs the action of your choice on a blacklisted email. For instance, a blacklisted email may get rejected or tagged.

A configuration snapshot stores an ORF configuration state. It is created automatically when the configuration is saved.

Snapshots enable reverting to previous configuration states anytime, which is useful if you want to experiment with alternative configurations or want to recover from an unexpected configuration change.

The Comma-Separated Values (CSV) format is used to store tabular data in which numbers and text are stored in plain-text form. It is widely supported by spreadsheet applications (like Microsoft® Excel® or OpenOffice.org™ Calc) and database management systems.

The CSV format is loosely specified and semicolons (;) are often used instead of commas as separator, so ORF offers both separator types.

In Demo Mode, ORF works exactly as it would normally do, but does not carry out any of the configured actions (i.e. it does not reject, tag or otherwise modify emails).

This enables testing ORF without risking email loss. Performance data can be collected from ORF logs and reports.

DomainKeys Identified Mail prevents the contents of an email from being compromised by enabling domain owners to digitally sign their messages and to publish a DKIM public key record. Email recipients can verify the integrity of the email content by verifying the signature using the published public key record.

A DKIM domain is an attribute for the DKIM signature, specified in the "d=" tag in the "DKIM-Signature" header field. It is the domain of the signing entity under which the public DKIM key record is published. The domain name is used to form the DNS query for the public key, which is used by DKIM verifiers to validate the DKIM signature.

A DKIM selector is an attribute for the DKIM signature, specified in the "s=" tag in the "DKIM-Signature" header field. It is an arbitrary name under the "_domainkey" namespace, indicating the location of the signing domain's public key in DNS which is used by DKIM verifiers to validate the signature. For example: selector._domainkey.example.com

Domain-based Message Authentication, Reporting & Conformance prevents the forgery of the visible „From:” address by enabling domain owners to publish a DMARC policy that specifies how to validate the sending domain in the From: header field and what to do with emails that fail authentication checks.

The header is a part of the email and describes various properties of the message. These include the email subject, sender and recipient address information (the so-called "MIME" sender and recipient) and email delivery hop history (Received: headers).

It is available at the On Arrival filtering point only.

ORF uses this directory of Exchange 2007 and newer versions for sending email notifications, statistics reports and resubmitting emails for whitelisted recipients.

It is vital to have this path configured properly in ORF, otherwise some whitelisted emails may be lost.

External Agents are command-line software attached to ORF for filtering emails. ORF can pass the email to the agents and blacklist the email based on the agent exit code.

Short for Fully Qualified Domain Name, which is domain name that specifies its exact location in the tree hierarchy of the Domain Name System (DNS). It specifies all domain levels, including the top-level domain and the root domain.

For example, example.com and subdomain.example.com are FQDNs, but somedomain is not.

Every SMTP email transmission begins with the sender's introduction (SMTP HELO or EHLO command). During this introduction, the sender identifies itself with its hostname, e.g. "mailserver.example.org". This hostname is called the "HELO/EHLO domain" in ORF.

Spammers and malware authors often pay little attention to getting the hostname right (e.g. they use malformed hostnames or spoof the recipient hostname), giving ORF a chance to detect certain patterns using the HELO Blacklist test.

Intermediate hosts are email delivery hops between your network perimeter and the ORF server. These are typically secondary (backup) MXs, non-transparent firewalls and other security gateways.

The Intermediate Host List of ORF enables "looking behind" these hosts in the email delivery history to find the original sender computer IP that connected to your network. This information is crucial for a large number of tests in ORF.

Private intranet, IPV6 link-local and IPv6 unique local IP addresses are always treated as Intermediate Hosts in ORF.

The Lightweight Directory Access Protocol (LDAP) is an application protocol for querying distributed directory information services (such as the Microsoft® Active Directory®) over the network.

Localization (in ORF configuration synchronization) is overriding certain settings from the configuration publisher with the local settings of the subscriber server.

ORF allows localizing features and file system paths as well.

ORF installations with enabled Remote Access can be managed from remote client computers with the Management Tool package installed.

The package includes the Administration Tool, the Log Viewer and the Reporting Tool.

The second stage of the SMTP email transmission monitored by ORF: this is when the sender has just transmitted the email and waits for acknowledgement (end of the DATA or BDAT SMTP commands).

Email contents are already available at this point, which enables full access to the ORF filtering arsenal.

A plus tag is a suffix added to local-part of the email address (<local-part>+<plus tag>@example.org) that allows dynamic aliasing and automatic filing of incoming emails into the mailbox folders of email recipients.

Not all mail servers support plus addressing.

Private Local Databases are database files maintained by the internal database engine of ORF. These files have .abs extension.

The contents of these database files cannot be viewed or modified, and the database cannot be shared between ORF instances (as opposed to External SQL databases).

Querying the PTR DNS record for an IP address returns the hostname associated with that IP. Most active IP addresses have PTR information, but due to poor configuration even a few legitimate email server IPs may lack PTR data.

An ORF instance that publishes its configuration for other ORF instances (Configuration Subscribers).

Regular expressions or regexes provide concise and flexible means for matching strings of text. They are similar to wildcard expressions (e.g. *.exe) but support more complex operations, such as boolean operations (e.g. "or") and quantifiers (e.g. "match if character occurs X times").

Sender Policy Framework prevents email forgery by enabling domain owners to publish SPF policies which specifies who is authorized to send emails in their (domain) name. Email recipients can check the email source against the published SPF policy of the claimed sender.

An ORF instance which receives some or all of its configuration from a remote Configuration Publisher ORF instance.

Delays the SMTP responses sent to blacklisted hosts, slowing the email transfer. Useful if you are flooded with spam from a single source, but it can also backfire by keeping too many connections alive and keeping your server busy.