The interface and the service are spartan, opting for efficiency over beauty. A number of built-in spam rules (L1, L2, L3, L5 and VS) are always running and cannot be edited directly. The first rule is signature checking, based on a central database of known spam.
Mail passing L1 is checked for similarity to other mail in a short period to detect new attacks. L2 is a signature database generated from user-reported spam.
L3 uses RBL checking against known open relays while L5 is an RBL of known spammers, covering the blacklist bases. Bayesian filtering (L4) is cited in the documentation, but it was not available for our account. VS determines that the sending email address is valid.
This is a comprehensive set of filters, but EMF keeps configuration firmly out of the customer's hands.
Separate rules can be configured to quarantine mail, but they act independently of the spam rule sets and result in mail being delivered to a different holding area. These rules are more like standard mail searches than spam filters as they look for keywords and headers.
EMF delivered excellent performance. Connections set up instantly and mail whizzed through the filters, delivering throughput higher than any other services.
The spam filters were not especially effective, letting through more spam than some others, but there were no false positives, which is certainly more important.
The quarantine interface is simple, but powerful: a web interface which builds SQL queries to run against the mail. Trapped mail is kept for a month, then expired into a cut-down log of just the most pertinent information.
We would like to see the anti-spam rules more open to customer configuration, but the technology is all there and delivering a strong performance. This a good service with great potential.