Reflexion Defenses

Reflexion users have access to a broad range of email defenses, which can be blended to provide exceptional inbox control. Default and custom configurations simplify deployment, while providing the versatility that is needed to address the widest range of user requirements.

Reflexion Defenses | Spam Handling Options | Deployment Options | Administration | Other Email Services


SMTP Enforcement Reflexion uses its LDAP sync capabilities to maintain a database of known users at each customer domain. This database enables the system to deny delivery of mail to unknown users after receiving the "To:" address from the message envelope. This approach provides protection against directory harvest and denial of service attacks (DHA and DoS, respectively), and saves considerable bandwidth.

Recipient Checking In cases in where Reflexion has not been provided with a list of users for an enterprise, the system automatically queries the customer's MTA to determine if a recipient is legitimate.
Allow Lists (Whitelisting) Users can get started by using Reflexion's Outlook Contact Harvester to build a list of their email correspondents. This utility collects Outlook contacts and addresses from messages in the Sent Items folder. Automated "Allow List on first outbound" and "Allow List on reply" features keep one's Allow List current over time. Allow Lists can include individual addresses or entire domains, and support enterprise-wide entries.
Block Lists (Blacklisting) The Block List is used to block email from specific addresses or domains. A Block List entry can be created through either the in-message Control Panel or the Reflexion Message Center user interface. Enterprise-wide entries may be added to the Block List.
Content Filtering Reflexion may be deployed transparently by utilizing content filtering to screen messages from senders who are not on a recipient's Allow List, and which have passed prior tests, such as permitted countries and permitted languages. Filtering provides simple, transparent set-and-forget protection, although users may choose to inspect their quarantine or receive a daily summary of messages in the quarantine. Reflexion provides a simple means for the user to tailor the sensitivity of the filter for their specific preferences.
Protective Addresses™ / Address on the Fly™ (AOTF) Reflexion makes it easy for users to employ multiple addresses for a single inbox. We refer to these addresses as Protective Addresses, because they provide both a means of protecting the integrity of one's primary email address and of protecting access to one's inbox. Reflexion's Address-on-the-Fly enables users to spontaneously disclose a purpose-specific address on a Web site, in a discussion forum, in print or conversation, etc., without interacting with the system. These addresses take the form of a root name plus a suffix of the user's own choosing. For example, to register on eBay, Jane Doe might disclose the address This email address is being protected from spambots. You need JavaScript enabled to view it., where the ".ebay" suffix serves as an "email PIN" that assures delivery of email sent to this address. Addresses are independently controllable by policy, so that legitimate users of the address can be "locked down" in the event the address is ever harvested and abused by a spammer.

Granular Security States Reflexion's granular inbox access control flows in part from the range of security states that can be applied to a specific sender and address. For example, if an Address-on-the-Fly starts to attract spam, users can first identify who is sharing their email address, and then exert varying degrees of control over future use of the address – they can (a) block the specific abusing sender, (b) lock down the address, reserving its future use solely for the existing community of legitimate senders, (c) restrict future use to senders at the domain of the sender to which it was initially disclosed, (d) restrict use even further to just the party to which it was initially disclosed, or (e) disable the address, in which case all future incoming mail on the address will be blocked, flagged or challenged. These options are implemented very simply through the User Control Panel.
User Control Panel As an option, Reflexion automatically inserts a control panel at the bottom of incoming messages, and removes it on Forward or Reply. This control panel provides a means of communicating with users, for example, to inform them when one correspondent appears to have shared their address with a third party. It also provides a simple means for users to update their access preferences for a specific sender and address, by clicking on the intuitive in-message links that are provided. Reflexion's control panel is available in English, Spanish, French, German, Brazilian Portuguese, Dutch, Italian and Chinese, with Russian and Hebrew on the way.
Alternate Outbound Addresses (AOA) Our experience shows that even the use of just two addresses provides significant improvements in inbox control. The increase in effectiveness is based on the simple, but powerful, insight that legitimate senders will never knowingly share your address with spammers. By using an Alternate Outbound Address, conversations started with new correspondents take place on an address to which no spam is sent, so no filtering is required, thus eliminating all chance of false-positives.
Reflexion Permitted Languages (RPL) This capability augments traditional content filtering by blocking messages in any language other than those specifically approved for delivery at the enterprise and individual user levels.
Reflexion Permitted Countries
This capability further augments content filtering by blocking messages from any country other than those specifically approved for delivery at the enterprise and individual user levels. Delivery decisions are based on the IP address of the sending server. While some organizations may not be able to use this capability, many domestic businesses may not ever want to receive email that can be determined to have originated outside their home country or geographic area of operation.
Total Control Total Control provides maximum control over access to one's inbox – we believe there is no more powerful solution on the market today. In this mode, Reflexion expedites the creation of the user's Allow List, then utilizes an automatic challenge-response for every new inbound correspondent, asking them to resend their message to a Protective Address with a suffix automatically assigned by Reflexion. By establishing correspondent-specific To – From address pairs, each controllable by policy, Reflexion deprives spammers of their primary technique – if they spoof the From address, they must associate it with the proper To address in order to reach the user's inbox, and the chances of this are negligible. Hence the name Total Control.
Anti-Virus Reflexion scans both incoming and outgoing email for viruses, worms, and other malware.

Blended Defenses Reflexion enables users to mix-and-match various defenses to suit their specific preferences. Our experience shows that blending Protective Addresses with traditional methods produces a stronger defense that also avoids the pitfalls of traditional defenses used independently.
Reflexion Outbound Mail Auditing (ROMA) Reflexion blocks outbound email that contains spam and viruses, and provides a means of rate-limiting outbound email volumes. We use these features to identify and alert on open relay conditions and potential compromised, "zombie" PCs, in order to prevent our customers from inadvertently spamming their contacts and to avoid IP address blacklisting, with the business disruption that accompanies that unpleasant outcome.

<Back to Top>


Spam Handling Options

A variety of options exist to respond to individual or organizational preferences.
Flag and Deliver Users who don't have a serious spam problem may elect to have spam delivered to their inbox with a spam tag in the subject line. This avoids the need to examine the daily spam digest or inspect the quarantine, and enables the recipient to identify a false-positive immediately.
Quarantine Spam can be delivered to a Web-based quarantine folder for periodic inspection by the intended recipient.
Daily Spam Digest Users may elect to receive a daily summary of the new mail diverted to their quarantine folder. The summary includes the sender, subject line, date and time, and links to either release a message to one's inbox, or release the message and add the sender to the Allow List, so that future mail from the sender will be delivered directly to the recipient's inbox.
Delegated Spam Folder Spam may also be diverted to a folder managed by someone other than the recipient. For example, an administrative assistant might manage the spam folder for an entire department, or someone in IT might do it for the entire organization.

Vaporize After becoming comfortable with the accuracy of Reflexion's protection, some users elect to vaporize spam rather than quarantine it. Alternatively, one may elect to vaporize only those messages with a score that exceeds a pre-specified threshold – everything else goes into the quarantine. When utilizing Address-on-the-Fly, users may find that specific merchants or Web sites share their address. When this happens, the user may "lock down" the AOTF, reserving its use for senders at the domain at which it was originally disclosed, and vaporize all other mail arriving on the address, thereby removing it from their quarantine.
Challenge-Response In order to minimize the risk of false-positives, users may elect to send a Challenge to the sender of any incoming message that fails a delivery test (with the exception of the unknown user and virus tests). While spammers generally don't respond to Challenges (creating the presumption that their email can be properly quarantined or vaporized), this precaution gives legitimate senders the opportunity to identify themselves and have their message delivered. The Challenge may take two forms: it can give the sender a means of adding themselves to the user's Allow List by clicking on a link, or it can direct them to resend their message to a new Protective Address automatically created for their use. This approach dramatically reduces the amount of "backscatter" because Challenges are triggered by a small fraction of the overall volume of incoming email. (While some users love the effectiveness of Challenge/Response, others are concerned about sending challenges to innocent parties whose email addresses have been hijacked by spammers. We see this as a choice for the user to make.)

<Back to Top>


Deployment Options

Solution providers and ISPs have full on-demand configuration control for their customers and subscribers. Each customer, or user, can be deployed separately depending on the nature of their spam problem. Four basic modes are recommended for rapid deployment.

Basic Security (Default)
Quick and easy;
"Set it and forget it protection."
  • Optimized Content Filtering
  • Allow List on first outbound message ("Intelligent Whitelisting")
  • Vaporize Messages to Unknown Users
  • Quarantine Spam and send Daily Quarantine Summary
  • AOTF
  • In-message Control Panel (optional)
  • Message Center access (optional)
  • Anti-virus protection.
Blended Security
Protection tailored to the user's specific needs and preferences.
This mode provides more information and interactivity for users that seek a more compelling email experience. Reflexion provides step-by-step instructions and some automated support for users of this mode.
  • Content Filtering (with user adjustable scoring thresholds)
  • Outlook Contact Harvester utility
  • Allow List on first outbound message ("Intelligent Whitelisting")
  • Use of Alternate Outbound Address for outbound communication
  • AOTF
  • Option for flagging, bouncing or quarantining spam, daily quarantine email
  • Optional delegated spam folder
  • In-message Control Panel
  • Limited Message Center access / user Landing Page
  • Anti-virus protection.
Total Control
The most effective inbox protection available, anywhere.
Maximum performance and full forensics; ideal for users who cannot tolerate the limitations of content filtering.
  • Outlook Contact Harvester utility
  • Allow List on first outbound message / "Intelligent Addressing" (optional)
  • AOTF
  • Use of Alternate Outbound Address (a secondary alias) for outbound communication
  • Automatic Change of Address (CoA) messages, customizable for each organization
  • Optional filtering for Protective Addresses that have started to attract spam
  • Option for flagging, bouncing or quarantining spam, daily quarantine email
  • Optional delegated spam folder
  • In-message control panel
  • Full user-level Web access to Message Center
  • Anti-virus protection.
Custom Any combination of the available options.

<Back to Top>



Reflexion includes a range of tools to help email administrators, solution providers and ISPs manage the email environment and troubleshoot issues.
LDAP Integration Reflexion's LDAP Exporter can be run on any LDAP server to synchronize the configuration of users and domains automatically on the Reflexion server.
Unified Log The unified log consolidates information from various sources to simplify the process of diagnosing a potential delivery issue.
History and Reports The Reflexion Message Center provides an extensive history system, with searchable and sortable pages to identify sharing events or enforce policies, such as who can use a particular Protective Address, or who is part of a community Allow List able to send email to a specific address.
X-Headers "Recipient To" and "Filter Score =, Result =" headers are available to users and solution providers for special email handling.
Open Relay Detection Reflexion's outbound mail auditing capability enables the system to block mail to and from the same user, which is indicative of an open relay condition.
Graphs and Statistics The Reflexion Message Center provides a capability to graph various email statistics over time, such as the volumes of mail sent to unknown users, spam, and legitimate outgoing mail.

Other Email Services

Email Continuity When a customer's local email server experiences an outage, as would occur when there is a power failure, Reflexion automatically queues all incoming mail for up to seven days until the server comes back on line, at which point all queued mail is delivered.
Outbound Disclaimer of Messages Reflexion provides an ability to add a disclaimer or custom signature block to outgoing messages without having to interact with the local email server.
Marketing Campaign Tracking By using a Protective Address for responses to a marketing campaign, Reflexion makes it simple to determine the source of incoming leads.

<Back to Top>