WatchGuard Support Center

Knowledge Base - Article

 spamBlocker Data Retention FAQ

spamBlocker uses a combination of rules, pattern matching, and sender reputation to accurately identify and block spam messages before they reach your email server. In Fireware v12.5.4 and higher, spamBlocker uses Cloudmark, a cloud-based service from Proofpoint, to improve spam detection.

This Knowledge Base article answers a number of questions about spamBlocker data retention in Fireware v12.5.4 and higher.

Question: What is sent and scanned by spamBlocker?
Answer: spamBlocker reviews the header and body of the email message to identify and block spam. The email header can include the HELO domain, sender, recipient(s), connecting IP, and the reverse DNS of the connecting host. To determine whether the message is spam, spamBlocker also scans graphical data included in the email message and attachments. 

All emails that are scored by the spamBlocker engine are sent to Cloudmark for scoring in their cloud service via a TLS connection. For SMTP and POP3 proxies, the Firebox sends the first 100 Kilobytes of the message body for scoring by Cloudmark, and for IMAP proxy, the Firebox sends all of the message. Attachments are part of the message body. 

Question: Why does spamBlocker send the entire email to be scanned? Is it secure?
Answer: Sending email content provides more effective spam scoring than the previous hash-based approach. All email messages are sent via a secure TLS connection.

Question: Does spamBlocker retain my email messages?
Answer: Emails are deleted automatically, but they may be retained for up to 30 days after submission to be used in subsequent analysis by the engine.

Question: Can I select the data center to send emails to?
Answer: The Firebox sends spamBlocker requests to the nearest server data center by default. You can select  a different data center location. 

On the Settings > Advanced tab, select a Server Region from the drop-down list:

Any — Uses an FQDN that resolves to the closest IP address.
NA/America — Uses an FQDN that resolves to the US-West data center.
EU/Europe — Uses an FQDN that resolves to the Ireland data center.
AP/Asia — Uses an FQDN that resolves to the Tokyo data center.

Question: What is spamBlocker's data protection policy?
Answer: WatchGuard has a Data Processing Addendum (DPA) in place with Proofpoint, the third-party responsible for scanning. The DPA provides guarantees that Proofpoint implement appropriate technical and organizational measures to protect data sent for analysis. 

Question: Is spamBlocker GDPR compliant?
Answer: Yes. For GDPR compliance in the EU, the DNS used by spamBlocker always links to a data center in Europe, when EU/Europe is selected. For WatchGuard’s official GDPR statement, see: