Show/Hide Toolbars

Navigation: Reference

Spamfilter

Scroll Prev Top Next More

The VPOP3 spamfilter is a component which helps to reduce unwanted email messages (or 'spam').

The spam filter works by processing each incoming and outgoing message through a 'script'. The script assigns a 'score' to each message, and that score is used to determine whether the message is spam or not.

The spam filter scripting language is documented on our wiki here. It is possible for administrators to create their own scripts for the spam filter to use. If you have a spamfilter subscription from us, then VPOP3 will periodically download updated script files to handle new spam attacks. These downloaded script files are encrypted, but VPOP3 will read plain text script files as well.

The scripts have many tests, such as:

Checking for certain words & phrases in the message

Bayesian filtering

Checking for certain attachments or links

Checking in user-defined white & blacklists

Because it uses a scripting language rather than a simple list of words & phrases to check for, it can perform more complex checks, such as 'check if the message asks you click a link to reset your password while claiming to be from a bank, but the link is not a link to that bank', and so on.

 

The tests are grouped into different 'rules', such as checking for phishing attacks, or adult material, or certain types of phrases etc. VPOP3 tracks what 'score' is given to each rule that is tested for, then it multiplies each rule's score by the 'weight' for that rule to calculate a final score. This weight mechanism lets administrators adjust the spam filter so that certain checks are given more or less importance depending on the situation. For instance, pharmaceutical companies may want to reduce the weight of the 'PossibleDrugs' rule because that will check for words like 'viagra' which are rarely seen in most users' legitimate messages, but may be quite common for a pharmaceutical company.

VPOP3 also has two different weights for each rule. The first is if the Bayesian Filter thinks the message is unlikely to be spam, and the second is if it thinks the message is likely to be spam. This allows some potentially benign checks to be given a higher ranking if the Bayesian Filter already thinks the message is spam.

The spam filter script writes the final score results to a message header called X-VPOP3-Spam as below

X-VPOP3-Spam: 65 - BulkMailer1(50.0) htmlonly(6.0) WebBug(9.0)

This header can be useful to diagnose what the spam filter is thinking. For instance, the above line indicates that the final score was 65 which is made up of scores from three rules - BulkMailer1, which had a score of 50; htmlonly, which had a score of 6, and WebBug, which had a score of 9.

If a message has a final score which is over a certain threshold (the default is 100), then it may be quarantined depending on the global and user settings.

It is possible for rule weights to be negative as well as positive - for instance, the 'whitelist' rule (which checks the sender address against a whitelist of known good senders) has a weight of -100, so that if a message's sender is in the whitelist it is almost impossible for the message to be marked as spam (unless the sender is also in the 'blacklist' which may cancel out or override the whitelist)

 

If you think this help topic could be improved, please send us constructive feedback