The SafePoint Anti-Spam Firewall system utilizes a number of different methods and layers to detect and filter out Spam/UCE and other unwanted email messages. This multi-layer Spam Filtering Technology results in a highly accurate spam detection rate with only a very small number of “false positives” (legitimate email being detected as Spam/UCE).
When an email message is received by your SafePoint system it is subjected to several layers of email filtering and defense, these include Spam Fingerprint Checking, and a comprehensive rule-based Spam Scoring System incorporating Content Analysis (Heuristics) and Bayesian Analysis.
An extensive rule-based scoring system determines whether a particular email message is spam or not-spam. Thousands of rules are run against every email in the space of a few milliseconds.
A complex algorithm optimizes the rule-based scoring by using an archive of millions of spam and non-spam messages to determine the scores for the individual rules. When combined, these individual scores give each email an overall “Spam Scoring Level”.
Altogether these layers form a smart filtering technology which in it’s default “out of the box” configuration is able to detect and block or tag up to 98% of all Spam/UCE and other unwanted email messages processed by the system. This detection rate can be further increased as the system is utilized to filter and manage your email.
The Spam Scanning & Filtering engine on the SafePoint system also incorporates a number of automatic “self-tuning” and “auto-learning” mechanisms including Bayesian Analysis and Learning which are able to automatically increase accuracy and sensitivity of the system over time.
It is also possible to increase the percentage of Spam/UCE detected and either blocked, quarantined or tagged by modifying the “Spam Score Levels” in the Spamfilter Config screen of the SafePoint control panel.
Spam Scoring Levels
The configuration and management of the Spam Scanning & Filtering engine is carried out via the “Spamfilter Config” screen under the “Spam Control” section of the SafePoint system control panel.
Spam/UCE scanning is enabled by default on your SafePoint system and a number of default “Spam Scoring Levels” have been pre-configured to reflect a basic optimum setting which will detect and filter up to 98% of all Spam/UCE and other unwanted email.
The Spam Scanning & Filtering engine on the SafePoint system examines the content of each message received and assigns it a “spam level” score according to how much a “looks like” Spam/UCE based on a comprehensive set of rules and algorithms derived from analyzing millions of known Spam/UCE messages.
When a potential Spam/UCE message is detected by the system depending on the “Spam Scoring Levels” set in the Spamfilter Config screen of the SafePoint control panel the message is either “passed clean” as non-spam, “tagged” with the **SPAM** tag and forwarded on to the recipient, or blocked from delivery to end users.
Emails that are blocked by the system are delivered to the Spam Quarantine, which you as the administrator of your SafePoint system will have access to via a web-based email interface at the “http://SafePoint.yourdomain.com/webmail/” URL. Alternatively, these quarantined messages can be forwarded to an another offsite (not on the SafePoint system) email account that you may specify in the Spam Quarantine screen of the SafePoint system control panel.
Appending the **SPAM** tag to the subject line makes it easy for end users to identify email detected as Spam/UCE.
Messages detected as likely Spam/UCE and forwarded on to the end user recipient can be further acted on by the end users email client, which on detecting the **SPAM** type tag or keyword in either the subject line or the “X-Spam-Status” type tag in the message header of an email message can be set up to re-direct these “tagged” or “flagged” email messages to an alternative “spam” mailbox or “junk” folder.
Microsoft Exchange, MS Outlook and most other email clients have this capability. This “spam” or “junk” folder or mailbox can then be checked at the discretion of the end user recipient for possible legitimate emails or an expected message that may have been incorrectly identified as Spam/UCE.
You may notice that the “full headers” of email messages you receive which have been processed by your SafePoint system include header tags of “X-Spam-Status”, “X-Spam-Level” and “X-Spam-Flag”.
These email headers are usually not visible unless you use the “show full headers” option in your email program. When the SafePoint system identifies an email as Spam/UCE it marks and identifies the message as such by appending tags to the message header, “Subject” line, or both.
Unless something has been set up on the receiving email server or email client end these headers do not have any effect on anything. However they can be used as detailed previously to detect and divert any messages “tagged” as Spam/UCE to a “spam” or “junk” folder or mailbox at the discretion of the end user recipient.
Here are some example “headers” from a Spam message:
From: “Margaret Knox” < email@example.com >
To: “noc” < firstname.lastname@example.org >
Subject: ***SPAM**As everyone maunabo
Date: Sat, 26 May 2007 12:47:50 +0100
X-Mailer: Microsoft Outlook Express 6.00.2462.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
X-SPAM-VIRUS-Scanned: Anti-Spam Firewall Ver 1.3 at SafePoint.isecure.net
X-Spam-Status: Yes, hits=13.803 tagged_above=2 required=5 tests=BAYES_99,
DCC_CHECK, DNS_FROM_RFC_POST, HELO_DYNAMIC_DHCP, HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET, TVD_FUZZY_SYMBOL, UPPERCASE_25_50
As you can see, this particular message has been detected and marked as “**SPAM**” and the “X-Spam-Status”, “X-Spam-Level” and “X-Spam-Flag” tags have been added to the email headers along with their related values and associated processing and scoring information.
The “X-Spam-Status” tag indicates whether an email has been detected as Spam/UCE based on the current “Spam Scoring Levels” set in the Spamfilter Config screen of the SafePoint system.
The “X-Spam-Status” tag of this example email indicates that this message was detected as Spam/UCE (“Yes”) and that the Spam Scoring Level (the number of “hits”) was “13.803”.
The “X-Spam-Status” tag also indicates at what Spam Scoring Level the “X-Spam-Status” and “X-Spam-Level” headers are set to be added to this email message, this being “2”, and also the Spam Scoring Level “required” to add the “**SPAM**” tag to the “Subject” line of the message, this being “5”.
There is also an “X-Spam-Level” tag containing a number of “star” characters, the higher the number of stars indicating the greater probability of a message being Spam/UCE.
This particular message received a Spam Level Score of “13.803” as a result of the various checks and tests which were performed on the message by the system. Some of these are detailed in the “X-Spam-Status” tag line, these being BAYES_99, DCC_CHECK, DNS_FROM_RFC_POST, HELO_DYNAMIC_DHCP, HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET, TVD_FUZZY_SYMBOL, UPPERCASE_25_50.
These would only be a few of the many thousands of possible tests, checks and filters run against messages processed by the Spam Scanning and Filtering engine on the SafePoint system.
As this example email message received a “Spam Score” of under 15, which was below the “Action Level” set on the SafePoint system that processed the message, it would have been delivered on to the end user recipient but marked with the “**SPAM**” tag for easy identification.
|Next : Tuning your SafePoint System|