Home Page

VPN & Cryptography


Email & Spam

Security Topics


Email Spam

Zero Day Window


Bayesian Algorithm

Content and Connection control

Directory Harvesting Attacks

Email Encryption

Email Archiving

File attachments

Image scanning

Port forwarding and MX records

Reputation filters

Encrypted attachments

Grey Listing

Email Monitoring

Internal Email Security

Open Relay

Per user quarantine area

Reverse DNS lookup & SPF

RFC Compliant emails


Email Throttling

What is Spam

Whitelists and Blacklists



Port Forwarding Emails


You can use either of the following methods to route email messages to your anti-spam security solution as detailed below:

• MX records are used to route emails on the public network to the anti-spam security solution when it is located in a DMZ with a public routable IP address

• If the anti-spam security solution is behind a corporate firewall running Network Address Translation (NAT) then Port forwarding is used to route SMTP traffic (on port 2) to the anti-spam security service

How email is routed over the internet

Email servers send and receive emails to and from specified domains. The following provides some of the key terminology used when working with emails:


DNS – is used to identify where emails should be delivered. A minimum of two DNS records are used when delivering email.

MX records – Specify which email servers should accept email for each domain

A records – Identifies the IP addresses of each email server.

With the records above configured, email messages can then be routed between email servers over the internet.


Changes required facilitating routing of email messages

The following provides the details of changes required to route email over the internet:

1 Create a DNS entry for your anti-spam solution.

The following example shows a DNS entry for an anti-spam firewall with a name of 'firewall' and an IP address of '':

firewall.company.com               IN           A


2 Change your DNS MX Records.

The following example shows the associated MX record with a priority number of 5:

IN        MX      5          firewall.company.com


If you are intending to host your own anti-spam security solution and domain, then you would need to register a domain with an ISP, purchase some public IP addresses and either give a public address directly to the anti-spam security solution itself or use port forwarding via the corporate firewall to forward traffic to your anti-spam solution. If you have a public address on the corporate firewall and are intending to use port forwarding, then you would not need any more public addresses. You would need to specify the relevant MX and A records via your ISP, usually done via a control panel on the ISP website. This is to tell the world where to route the company's emails destined for that particular domain.

Further Reading

Wikipedia's guide to Port Forwarding