Back to Docs

OpenSpacy Architecture Documentation

Next-Generation Email Security Platform

Version 2.0 | Last Updated: November 2025

Table of Contents
  1. Overview
  2. Three-Tier AI Filtering System
  3. How the Tiers Work Together
  4. VIP Module: Executive Protection
  5. Paid Modules & Premium Features
  6. Technical Architecture Highlights
  7. Deployment Models
  8. Why OpenSpacy?
  9. Getting Started

Overview

OpenSpacy is a next-generation email security platform that combines artificial intelligence, behavioral analysis, and real-time threat intelligence to protect organizations from sophisticated email-based attacks. Built on a modular, three-tier architecture, OpenSpacy provides comprehensive protection while maintaining high performance and low false-positive rates.

Three-Tier AI Filtering System

Tier 1: Core Protection (Essential Layer)

The foundation of OpenSpacy's security infrastructure provides essential authentication and validation for every email.

Authentication & Validation

  • SPF/DKIM/DMARC Verification - Validates sender authenticity using industry-standard email authentication protocols
  • DNS Integrity Checks - Ensures sender domains are properly configured and not spoofed
  • Real-Time Blacklist (RBL) Checking - Cross-references sender IPs against global threat databases
  • Antivirus Scanning - ClamAV-powered malware detection for all attachments and embedded content
Why It Matters: These fundamental checks stop the majority of basic spam and impersonation attempts before they reach your inbox, blocking emails from known-bad sources and malware-infected messages in real-time.

Tier 2: Standard Detection (Threat Intelligence Layer)

Advanced pattern recognition and behavioral analysis identify sophisticated threats that bypass traditional filters.

Threat Detection Modules

  • Phishing Detection - Identifies credential harvesting attempts, fake login pages, and social engineering tactics
  • Business Email Compromise (BEC) Prevention - Detects executive impersonation, invoice fraud, and wire transfer scams
  • URL Reputation Analysis - Examines all links for malicious destinations, homograph attacks, and typosquatting
  • Marketing Spam Classification - Accurately identifies bulk commercial email without blocking legitimate business communications
  • Behavioral Baseline Analysis - Learns normal communication patterns and flags anomalies
  • Sentiment Analysis - Detects emotional manipulation tactics common in social engineering attacks
  • Multi-Language Support - Provides protection across 50+ languages with native pattern recognition
Why It Matters: Tier 2 protection catches the sophisticated attacks that traditional spam filters miss—targeted phishing campaigns, CEO fraud, and social engineering attempts designed to exploit human trust.

Tier 3: Advanced Detection (Specialized Intelligence Layer)

Cutting-edge AI modules tackle emerging threats and highly-targeted attack vectors.

Specialized Threat Detection

  • Display Name Spoofing Protection - Identifies mismatches between display names and actual email addresses
  • Thread Hijacking Detection - Recognizes when attackers insert themselves into existing email conversations
  • TOAD (Telephone-Oriented Attack Delivery) - Detects callback phishing and voice-based scam attempts
  • Brand Impersonation Prevention - Identifies lookalike domains mimicking trusted brands (Microsoft, Google, banks, etc.)
  • Document Analysis - Deep inspection of PDF and HTML attachments for embedded threats
  • Obfuscation Detection - Uncovers hidden content designed to evade traditional filters
  • Domain Entropy Analysis - Identifies randomly-generated domains used in phishing campaigns
  • Vertical-Specific Scam Detection - Specialized filters for funding scams, refund fraud, romance scams, and industry-specific threats

Adaptive Learning Engine

  • Conversation Pattern Recognition - Learns your organization's communication style and relationships
  • Entity Extraction - Identifies people, organizations, financial amounts, and legal references for context-aware filtering
  • Dynamic Threat Adaptation - Continuously updates detection patterns based on emerging attack trends
Why It Matters: Tier 3 represents the cutting edge of email security, protecting against zero-day attacks, highly-targeted spear phishing, and sophisticated social engineering campaigns that evolve daily.

How the Tiers Work Together

OpenSpacy's three-tier architecture operates as a composite scoring system where each tier contributes to a final spam confidence score:

  1. Sequential Analysis - Emails pass through all three tiers in under 2 seconds
  2. Weighted Scoring - Each module contributes points based on threat confidence
  3. Intelligent Thresholds - Context-aware decisions consider sender reputation, conversation history, and behavioral patterns
  4. Fail-Safe Design - If one tier misses a threat, subsequent tiers provide redundant protection
Decision Process
  • Score < 10: Email delivered normally (legitimate communication)
  • Score 10-20: Quarantined for user review (suspicious but possibly legitimate)
  • Score > 20: Blocked immediately (high-confidence threat)

VIP Module: Executive Protection & Critical Communication Monitoring

Overview

The VIP Module provides real-time SMS alerts when important senders email key personnel, ensuring critical communications never go unnoticed—even when emails are caught by spam filters or executives are away from their desk.

Key Features

Real-Time SMS Notifications

  • Instant mobile alerts when VIP senders contact specific recipients
  • Configurable alert conditions per sender/recipient pair
  • Mobile delivery via enterprise SMS infrastructure

Smart Alert Management

  • Quiet Hours - Respect time zones and work schedules; no alerts during off-hours
  • Rate Limiting - Prevent notification fatigue with configurable alert frequency limits
  • Spam Score Filtering - Only alert on legitimate emails; skip notifications for spam from compromised VIP accounts
  • Conversation Threading - Optionally alert only on new threads, not every reply

VIP Sender Configuration

  • Define VIP senders per recipient (executives, board members, key clients, regulators)
  • Custom mobile numbers for alert delivery
  • Per-sender alert preferences and thresholds
  • Easy management through web interface

Billing & Transparency

  • Clear per-alert pricing ($0.20/delivered alert)
  • Monthly billing reports with detailed delivery logs
  • Track sent, delivered, failed, and rate-limited alerts
  • Invoice-ready reports for client billing

Use Cases

  • Executive Protection: Board members, investors, and regulators never miss critical communications
  • Client Relationship Management: Sales teams get instant alerts when key accounts reach out
  • Regulatory Compliance: Legal teams notified immediately of court orders, regulatory inquiries, or audit requests
  • Crisis Management: Instant alerts during security incidents or emergency situations
Why It Matters: Email has become unreliable for time-sensitive communications due to spam filters, overflowing inboxes, and notification fatigue. The VIP Module ensures your most important communications cut through the noise with instant, mobile-delivered alerts that respect your preferences and protect your time.

OpenSpacy's modular architecture allows organizations to activate advanced features as needed:

AI Assistant (Premium)

Natural Language Email Management

  • Query your email using conversational commands ("Show me invoices from last month over $10,000")
  • AI-powered intent recognition and query building
  • Automated email classification and tagging
  • Smart search that understands context, not just keywords

Ideal For: Executives, legal professionals, and knowledge workers who need rapid access to specific communications

Compliance Tracking (Enterprise Add-On)

Legal & Financial Entity Extraction

  • Automatically extract case numbers, docket numbers, and court names
  • Track financial amounts, payment deadlines, and invoice references
  • Monitor debtor/creditor relationships across email communications
  • Generate compliance reports for audits and legal discovery

Ideal For: Law firms, financial institutions, regulated industries, government contractors

Advanced Analytics (Enterprise Add-On)

Threat Intelligence & Trend Analysis

  • Predictive threat modeling based on your organization's attack profile
  • Custom reporting with scheduled delivery
  • Attack trend visualization and threat actor tracking
  • Executive dashboards for security posture monitoring

Ideal For: Security teams, CISOs, managed service providers

Legal Alerts (Professional Add-On)

Real-Time Keyword & Entity Monitoring

  • Configurable alert rules for specific legal terms, case names, or entities
  • Instant notifications when critical communications arrive
  • Pattern-based alerting for regulatory inquiries or litigation communications
  • Multi-channel delivery (email, SMS, webhook)

Ideal For: Legal departments, compliance officers, risk management teams

Technical Architecture Highlights

Performance & Scalability

  • Sub-2-Second Processing - Average email analysis completes in under 2 seconds
  • 120-Second Total Timeout - Maximum processing time ensures no email delivery delays
  • Redis-Backed Queue - Asynchronous database operations prevent bottlenecks
  • Multi-Tenant Architecture - Single installation serves unlimited organizations with complete data isolation

Security & Privacy

  • Role-Based Access Control - Admin, domain admin, client, and viewer roles with granular permissions
  • CSRF Protection - Industry-standard cross-site request forgery prevention
  • Rate Limiting - 30 requests/minute per user prevents abuse
  • Fail2ban Integration - Automatic IP blocking for brute-force attempts
  • Session Management - Configurable timeouts with mobile device support
  • Data Isolation - Multi-tenant architecture ensures complete separation between organizations

Integration & APIs

  • RESTful API - Comprehensive API for email management, configuration, and reporting
  • Postfix Integration - Seamless content filter integration with enterprise mail servers
  • Webhook Support - Real-time event notifications for third-party integrations
  • SMTP Relay - Compatible with any upstream mail server (Microsoft 365, Google Workspace, on-premise Exchange)

Adaptive Learning

  • Conversation Pattern Recognition - Learns communication styles and relationships over time
  • Behavioral Baselines - Establishes normal patterns and detects anomalies
  • Feedback Loop - User actions (whitelist, blacklist, release, mark spam) continuously improve accuracy
  • Zero-Day Protection - Behavioral analysis catches threats before signature updates

Deployment Models

Cloud-Hosted (Managed Service)

OpenSpacy manages infrastructure, updates, and monitoring while you focus on email security policy.

Benefits:
  • No hardware or maintenance costs
  • Automatic updates and threat intelligence
  • 99.9% uptime SLA
  • 24/7 monitoring and support

On-Premise (Private Cloud)

Deploy OpenSpacy within your own infrastructure for maximum control and data sovereignty.

Benefits:
  • Complete data control and privacy
  • Integration with existing authentication systems (LDAP, Active Directory)
  • Customizable retention policies
  • Air-gapped deployment options for high-security environments

Hybrid Deployment

Combine cloud threat intelligence with on-premise email processing.

Benefits:
  • Real-time threat intelligence from global network
  • On-premise email storage for compliance
  • Flexible scaling during high-volume periods

Why OpenSpacy?

Beyond Traditional Spam Filters

Traditional filters rely on static rules and blacklists—OpenSpacy uses AI, behavioral analysis, and threat intelligence to catch sophisticated attacks

Lower False Positives

Adaptive learning reduces false positives by 70% compared to static rule-based systems. Conversation awareness understands ongoing business relationships.

Faster Threat Response

New threats detected and blocked within hours, not days or weeks. Behavioral analysis catches zero-day attacks before signature updates.

Transparent & Explainable

Every email includes a detailed analysis report showing exactly why it was flagged. No "black box" AI—you understand the decision logic.

Built for Modern Threats

Designed specifically for BEC, phishing, and social engineering—not just spam. Continuously updated for emerging attack vectors (QR code phishing, AI-generated scams, deepfake threats).

Getting Started

OpenSpacy's modular architecture allows you to start with core protection and add advanced features as your needs grow:

  1. Start with Three-Tier Protection - Comprehensive security for organizations of all sizes
  2. Add VIP Module - Protect executives and critical communications
  3. Enable Paid Modules - Activate AI Assistant, Compliance Tracking, or Advanced Analytics as needed
  4. Customize & Scale - OpenSpacy grows with your organization

Support & Documentation

  • Technical Documentation: Comprehensive API docs, integration guides, and best practices
  • 24/7 Support: Enterprise customers receive around-the-clock technical support
  • Training & Onboarding: Dedicated training sessions for administrators and security teams
  • Community Forum: Connect with other OpenSpacy users and security professionals at forum.openefa.com

OpenSpacy is developed and maintained by OpenEFA, a leader in open-source email security solutions.

License: Enterprise License (Paid Modules) / Open Source Core (GPLv3)

← Back to Documentation Index ← Back to Home