Antispam protection incorporates multiple technologies (RBL, DNSBL, Fingerprinting, Reputation checking, Content analysis, Rules, Manual whitelisting/blacklisting, etc.) to maximize detection of email threats.
ESET Mail Security Antispam is cloud based and most of the cloud databases are located in ESET data centers. Antispam cloud services allow for prompt data updates which provides quicker reaction time in case of an emergence of new spam. It also allows incorrect or false data to be removed from ESET blacklists. Communication with Antispam cloud services is done over a proprietary protocol on port 53535, whenever possible. If it is not possible to communicate through ESET's protocol, DNS services are used instead (port 53). However, using DNS is not as effective because it requires multiple requests to be sent during spam classification process of a single email message.
Normally, no email messages or their parts are sent during spam classification process. However, if ESET LiveGrid® is enabled and you have explicitly allowed samples to be submitted for analysis, only message marked as spam (or most likely spam) may be sent in order to help thorough analysis and cloud database enhancement.
If you want to report spam false positive or negative classification, see our KB article for details.
In addition, ESET Mail Security can also use Greylisting method (disabled by default) of spam filtering.