Mail Server Design | Part-6 | Incoming Spam Filter Deployment

There are several ways we can deploy or integrate spam filtering application for an organization. We have Opensource and proprietary both solutions to integrate with the existing mailing system. Anti spam Software’s configuration, troubleshooting and management needs good level of knowledge. We can install the Anti spam software to any server, Or purchase a Hardware appliance Or we can take the service from 3rd party service provider. Choosing a deployment option will depend on several things like volume of mail, resource availability, deployment plan and investment also. Before we choose a deployment method, we need to fix our design goal which will meet our service level requirements. some of the deployment scenarios discussed below:

1. On premise deployment, If we want to manage our own systems, we can Purchase a Spam Filter Appliance and deploy with the existing servers Or We can install the software at any physical server or virtual machine, if we are deploying for large organization, if the mail volume is too high, it would be better to use dedicated hardware for this, Or even multiple server can be necessary to handle the Incoming Load. virtual appliance deployment can suffice most small organization needs.

2. Deploying at Local Provider, We can deploy Spam filtering Sever/Appliance at Our Local ISP, as we are directly connected and taking various IT Services offered by them. server co-location and VPS rent are common service offered by them and we used to get high bandwidth up to the servers, we can host our own Server Or Vps there and use it like a local System. If the Provider provides Hosted Spam filtering solution we can Use their service too, normally these services are subscription based and for large organizations and huge volume of mail, it is not an efficient solution because of cost involved.

3. Cloud based deployment, Cloud providers has so many offers, Hosted filtering solutions and lots of deployment options too, like physical appliances, virtual appliances, managed VPS, Dedicated hardware all are there for renting. Hosted Filtering Solutions are totally Provider managed and subscription based.

Lets discuss the Design and requirements of the deployments at these three places.

Design-1,  On Premise  Deployment


This is the most simplistic form of on premise deployment, just to get the idea, we designed like this, on premise deployment for large organization consists of many different type of hardware. Here, “” can be a Physical Server, a Physical Appliance Or a Virtual Appliance.

Why should we deploy on Premise:

1. We are managing our own Servers.
2. Our organization is big, we have high volume of Incoming mail. no rented solutions are cost effective for us.
3. We are a Service provider, we need to scan millions of mail per hour.

How This Design will Work:

1. our organizations domain name is
2. We deployed a server (either physical or virtual) to scan Incoming Email, server’s host name is “”
3. at the domain’s DNS server, we set an MX record and points to this server’s IP. (for example
4. Now, any mail sent to “”  will come to this server.
5. Server will scan the email for spam & viruses and deliver the clean mail to the Primary Server (
6. Filtering server can be multi homed with 2 lan card, one for Public Network to receive mail from the internet and another for delivering mail to the local Mail server with Private IP.

This is a very common scenario for anti spam server deployment, If we understood the design, we can use the same server for scanning multiple domain’s mail, by pointing this server as the MX at the DNS’s. and by configuring “email routing” we can deliver emails to their respective servers. We can even load balance here, by placing multiple server as the scanner and we can load balance through DNS RR, you can read further to understand, how incoming mail load balancing works by reading my another blog post here

Design-2,  Spam Filter at ISP


Why Spam Filter at ISP:

1. We want to manage our application & services but not the Physical Host/Power/Cooling, that’s why co locating the Box.
2. We do not want to invest on Hardware, that’s why Renting a VPS at the ISP and Managing it.
3. Our organization is small, we have few accounts and low volume of Incoming mail to scan, that’s why using their Spam filter.

How This Design will Work:

1. If we co-locate Our Physical Box at the ISP Or Rent a VPS, Our design will work like the on premise deployment. Just, we need to Set the MX record of our Domain’s DNS to ISP Server IP, but that server cannot be multi homed like before and the server must route mail to our Organizations Mail Server, Our mail server must be configured with a Public IP to receive mail from the ISP.
2. If we Use ISP’s Mail Server Or Hosted Mail Scanner, We must Set our MX record points to their server Hostname/IP, so that they can receive our domain’s mail, after scanning they will deliver mail to our Local Server.


Design-3, Spam Filter in the Cloud


Why Cloud Hosted Spam Filter:

1. We do not want to invest on Hardware, that’s why Renting a VPS from the cloud provider and Managing it.
2. we do not want to manage our own spam Filter, Rather we choose a Hosted Solution By the Cloud Provider.
3. We like the payment method (bulk /volume based /pay per mail basis ) of the provider
4. We liked Other facility provided by the Provider like Redundancy, High availability, archiving etc…

How This Design will Work:

1. VPS rented from ISP or Cloud Provider will work like the on premise deployment. We need to Set the MX record of our Domain’s DNS to the Cloud VPS IP, VPS must route mail to our Organizations Mail Server, Our mail server must be configured with a Public IP to receive mail from the ISP.
2. If we Use Cloud hosted Scanner, We must Set our MX record points to the respective scanning systems Hostname/IP, after scanning they will deliver to our Mail Server.

To Understand the Scenarios Clearly Please Watch This Video.

Leave a Reply

Your email address will not be published. Required fields are marked *