Think Twice: Know how Zoho Mail protects you from spam

In the first two parts of the Think Twice series we discussed email spam, those uninvited guests who wreak havoc at your email party, as well as types of email spam and tips to prevent it. Now that you know all about the trouble spam brings, you might be curious to know what reputable email service providers (ESPs) are doing to help protect users from spam of all types. 

One of the challenges ESP's face is correctly identifying whether an email is spam or legitimate. Zoho Mail does this by studying community data—how and which users mark an email as spam or not spam. With the help of community data and pre-defined conditions, our servers can automatically identify half a million spam emails per hour on average with an admirable success rate. The use of community data in spam processing extends further.

Zoho mail spam protection

Say a user is sending an email from a third-party email server to a Zoho Mail user. For that email to get delivered to the recipient's inbox, the sender's IP should hold a positive reputation. The reputation score of an IP is dependent on the number of spam and non-spam emails generated from that IP. When a source with low reputation places an email transfer request to the Zoho Mail server, we will either reject the email or deliver it to the recipient mailbox's spam folder, depending on the user settings.

Please note that all the below mentioned filtering is applicable only for illegitimate emails with malicious spam fingerprints or emails you (the user) marked as spam. Zoho Mail does not filter your legitimate emails automatically.

Let spam stand in the bay:

If the nuances of classifying the right emails as spam is a challenge, determining the right approach for bulk emails is a bigger challenge. Though our filters can recognize and sift out emails with spam fingerprints—attachments masked with malware, phishing links, malicious executable macros, non-RFC compliant emails, unsolicited bulk emails, and more—the approach we need to take for each of them differs. While we filter out phishing emails more vigorously, reducing the false positives, we take a more user-specific approach concerning bulk emails, given that a bulk email can be spam to one user and of interest to another.

With the help of user-centric and organization-wide spam control settings, administrators can customize and choose what kind of emails they want Zoho Mail to deliver to their inbox. Starting from choosing which parts of an email you want us to analyze using our filters, administrators can choose to show sender-based alerts, process spam based on specific languages, and quarantine or reject emails based on authentication framework (SPF, DKIM, DMARC, and DNSBL) verification. The administrator can also add specific emails, domains, and IP addresses to their lists like Allowed list, or Blocked list to receive or not receive emails from certain senders. Apart from the administrator maintaining an organization-wide list, each user can customize their own anti-spam lists to block or allow users of their choice.

Combat phishing with added accuracy:

In our previous post, we discussed the technique spammers use to phish for personal data: copying the user interface and experience of a legitimate organization, including the domain address. For example, say you maintain your finances at a bank named Woods, and "" is their domain address. Now a spammer might phish using a domain—"" or ""—that looks like the legitimate address by changing a few letters to deceive recipients.

While our spam filters are capable of spotting such emails, you can also take additional spoof control measures for the domains that are significant to your organization by verifying all cousin domains of that respective domain. And it doesn't stop there. You can protect your organization members from spoofed emails and prevent this fraud from happening with the help of Zoho Mail's Display Name Spoofing feature.

Spam processing is not without its flaws because as ESPs improve their filtering mechanisms and block spam emails with higher accuracy, spammers also become more advanced in their masking techniques by using reputed services. Some spammers have started following RFC rules, SPF and DKIM authentication protocols, among others to escape spam processing. This new, evolved spam can sometimes slip through the filters and end up the recipient's inbox.

This is why we're constantly updating the Zoho Mail server to learn new fingerprints even with a small sample size. And don't worry: even if one or two spam emails escape our wall of filters, our post-delivery spam check can identify and mark those emails as spam automatically.

Given all the challenges in identifying and processing spam, we at Zoho Mail place our users' safety and security before every other priority. We have already added a ton of new spam control features to our all-new admin console. As we move forward, we'll continue refining our techniques even further to improve your experience.

We hope the Think Twice blog series has helped you learn more about email spam and ways to prevent it! Give Zoho Mail's anti-spam features a try and let us know what you think.


17 Replies to Think Twice: Know how Zoho Mail protects you from spam

  1. Hello Yamine, I using personal Zoho Mail for almost 4 years and I'm so proud. I decided to add my domain and start using Zoho business email. SPAM control features that you mentioned like quarantine or reject emails only works on domain-based email or can I control SPAM over my personal Zoho Mail too by this way? Thank you, Hasan

    1. Hello Hasan, I am happy to know you have been enjoying our services. Spam control features like Quarantining, customizing the type of spam processing, and so on are only available for organization-based ie. domain-based accounts. But, you can use spam control features like Anti-spam Lists to effectively control your spam emails from your personal account as well.

      1. Hello Joseph, We would love to help you out. Please contact our support by writing an email to support(at)zohomail(dot)com.

        1. Buenas tardes Hágame un favor. necesito anclar el correo a escritorio pero no he podido. Me pueden ayudar al respecto. Y segundo como puedo colocar mi firma en los correo de salida Gracias Jose Fidel Suarez

  2. I love the SPAM control features, they are ingenious! And I have not seen such a customizable functionality on any other service. One of the reasons I recommend Zoho Mail to everybody ;) I am only missing a "Clear all" button in the quarantine zone, as I have already mentioned to Zoho support twice. It is very difficult to empty the quarantine zone if it is full with thousands of spam mails. So the only option left is letting it get fuller and fuller. Can't wait to see the new admin console! Thank you for your awesome service! Ben

    1. Hello Ben, Thank you for your support. It's customers like you who keep us going. Regarding the "Clear All" functionality, we heard your suggestions and it will be available soon in the new Admin Console.

  3. Thanks for this info. Coincidentally, I'm suddenly not receiving emails from myself, or at least from a mailchimp email campaign (my work employer uses mailchimp, not my choice). I use to receive these emails but no longer. They also aren't showing up in my spam folder. Are they being completely blocked by Zoho spam filter somehow? If so, how do I change that? Many thanks again for this information.

    1. Hello Sam, I am glad you found the information useful. Regarding the emails you seem to not receive, I recommend you write an email to support(at)zohomail(dot)com, so we can look further into it.

      1. I'm having the same problem with MailChimp emails. When I send out a campaign mailer (i.e. to my High School Reunion list) I do not receive it and it is not in my Spam folder or Quaranteen list. When I have time, I will write to support. Just wanted you to know Sam is not alone in this.

Leave a Reply

Your email address will not be published.

The comment language code.
By submitting this form, you agree to the processing of personal data according to our Privacy Policy.

Related Posts