EmailArchitect Anti-Spam Service
Anti-Spam service provides two built-in modules to block junk emails. Content Filter rejects the obvious junk emails in SMTP service, and the junk emails will never be delivered to user mailbox. Differ to Content Filter, Junk Email Rules only filter the possible junk emails to "Junk folder" or add "*SPAM*" keyword in emails subject.
General Settings
Using this option can prevent Content filter blocks the normal message from well-known email servers.
First of all, please learn more detail about Sender Policy Framework (SPF) by the
following url:
http://www.openspf.org/
Therefore SPF is very good solutions to prevent faked email sender.
Because many spammers also set the SPF record, so do not put unknown domain to Trusted SPF records.
Content Filter
Junk Email Rules
How Junk Email Rules works
Junk email rules only works when the user enables in Web Mail logon -> Option -> Anti-Spam, then Anti-Spam filter. All single message sent to this user account will be checked by the anti-spam filter strictly. If a message is marked as junk email, it will be delivered to Junk* folder and an inquiring message will be sent to the sender. If the sender confirms the message was sent by him, the message will be moved back to Inbox. If no confirmation is received from the sender, the message will be deleted by system. (Notice: you have to choose " Send confirmation request email to sender " function in anti-spam service -> Junk E-mail Process to enable this feature, because since Emailarchitect server 9.0, the default "Junk E-mail Process" is "No more action".)
The following E-mail will never be marked as Junk
1. From the address which is in personal contacts or global contacts.
2. From the authenticated user.
3. From the trusted list.
4. From the auto-white list.
What is auto-white list?
EmailArchitect Anti-Spam module maintains a list of recent recipient address sent by authenticated user. All the addresses on the list are recognized as trusted address by Anti-Spam module, and email sent from the trusted address will never be marked as Junk email. Note that once you receive a spam, don't reply it, otherwise its sender address will be added to your auto-white list.
Using "Not Junk" action in User Customized Filter
If your company is selling a product named "XXX", and you receive emails querying
about your product everyday, you may not want the Anti-Spam filter to scan/delete
those emails. To bypass the scanning, you can add a rule in your customized filter
like this:
If Body Text contains "XXX" Then Not Junk
Note: the following section is only for server administrator or domain administrator.
How does EmailArchitect detect an email as spam?
If user chooses low anti-spam level, then it depends on the rules in Web Access- > Anti-Spam Service -> Low Level Setting ; If user chooses high anti-spam level, then it depends on the rules in Web Access -> Anti-Spam Service -> High Level Setting.
The rule expession
Rule = [built-in function]|[keyword]:[points]
If a message matches a specified rule, corresponding points will be added to this
message. Once the total point is greater than the point set in Anti-Spam service,
this message will be marked as spam.
Built-in Functions
Name | Description | Remarks |
{$fn_httplink} | Detects how many http links in body text. | {$fn_httplink}:3 means each link will be counted to 3 points |
{$fn_badcrlf} | Detects if there is bad CRLF in the message. | {$fn_badcrlf}:5 means if there is bad line-break will be counted to 5 points |
{$fn_nomime} | Detects if this is a non-mime message | Most email clients use MIME format. |
{$fn_bcc} | The message To/Cc header doesn't contain recipient's email. | Most newsletter won't contain the recipient in To/CC header. |
{$fn_badheader} | Message header doesn't contain From, To, Subject or Date. | |
{$fn_emaillink} | Detects if body text contains the mailto:[email address]?subject=* | Many spammer use this format instead of http link. |
{$fn_body:[keyword]} | Detects if body text contains the keyword. Wildcard(*,?) is supported. | e.g. {$fn_body:adult}:2 |
{$fn_bodyw:[keyword]} | Detects if body text contains the keyword. Wildcard(*,?) is supported. The matched content must be a word. | e.g. {$fn_bodyw:adult}:2 |
{$fn_subject:[keyword]} | Detects if subject contains the keyword. Wildcard(*,?) is supported. | e.g. {$fn_subject:adult}:2 |
{$fn_subjectw:[keyword]} | Detects if subject contains the keyword. Wildcard(*,?) is supported. The matched content must be a word. | e.g. {$fn_subjectw:adul?}:2 |
{$fn_headers:[keyword]} | Detects if headers contains the keyword. Wildcard(*,?) is supported. | e.g. {$fn_headers:x-mailer: bulk tool}:2 |
{$fn_headersw:[keyword]} | Detects if headers contains the keyword. Wildcard(*,?) is supported. The matched content must be a word. | e.g. {$fn_headersw:x-mailer: bu?k}:2 |
{$fn_subjectbodyw:[keyword]} | Detects if subject or body text contains the keyword. Wildcard(*,?) is supported. The matched content must be a word. | e.g. {$fn_subjectbodyw:gir?}:2 |
{$fn_regbody:[keyword]} | Detects if body text contains the keyword by regular expression. | e.g. {$fn_regbody:girl[s]?}:2 |
{$fn_regsubject:[keyword]} | Detects if subject contains the keyword by regular expression. | e.g. {$fn_regsubject:girl[s]?}:2 |
{$fn_regsubjectbody:[keyword]} | Detects if subject or body text contains the keyword by regular expression. | e.g. {$fn_regsubjectbody:girl[s]?}:2 |
{$fn_regheaders:[keyword]} | Detects if headers contains the keyword by regular expression. | |
{$fn_fbody:[keyword file]} | Detects if body text contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. | e.g. {$fn_fbody:c:\badwords.txt}:5 |
{$fn_fbodyw:[keyword file]} | Detects if body text contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. The matched content must be a word. | e.g. {$fn_fbodyw:c:\badwords.txt}:5 |
{$fn_fsubject:[keyword file]} | Detects if subject contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. | e.g. {$fn_fsubject:c:\badwords.txt}:5 |
{$fn_fsubjectw:[keyword file]} | Detects if subject contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. The matched content must be a word. | e.g. {$fn_fsubjectw:c:\badwords.txt}:5 |
{$fn_fheaders:[keyword file]} | Detects if headers contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. | e.g. {$fn_fheaders:c:\badheaders.txt}:5 |
{$fn_fheadersw:[keyword file]} | Detects if headers contains the keyword in a specified text file, each line in the text file represents a keyword. Wildcard(*,?) is supported. The matched content must be a word. | e.g. {$fn_fheadersw:c:\badheaders.txt}:5 |
{$fn_fsubjectbody:[keyword file]} | Detects if subject or body text contains the keyword. Wildcard(*,?) is supported. | e.g. {$fn_fsubjectbody:c:\badwords.txt}:5 |
{$fn_fsubjectbodyw:[keyword file]} | Detects if subject or body text contains the keyword. Wildcard(*,?) is supported. The matched content must be a word. | e.g. {$fn_fsubjectbodyw:c:\badwords.txt}:5 |
{$fn_fregbody:[keyword file]} | Detects if body text contains the keyword in a specified text file by regular expression. Each line in the text file represents a keyword. | e.g. {$fn_fregbody:c:\badwords.txt}:5 |
{$fn_fregsubject:[keyword file]} | Detects if subject contains the keyword in a specified text file by regular expression. Each line in the text file represents a keyword. | e.g. {$fn_fregsubject:c:\badwords.txt}:5 |
{$fn_fregsubjectbody:[keyword file]} | Detects if subject or body text contains the keyword in a specified text file by regular expression. Each line in the text file represents a keyword. | e.g. {$fn_fregsubjectbody:c:\badwords.txt}:5 |
{$fn_fregheaders:[keyword file]} | Detects if headers contains the keyword in a specified text file by regular expression. Each line in the text file represents a keyword. | |
{$fn_charset:[keyword]} | If message charset matches the keyword, then this rule is true. | |
{$fn_rcharset:[keyword]} | If message charset doesn't match the keyword, then this rule is true. | |
{$fn_attnullbody:[keyword]} | Detect if message contains one specified attachment and body text is null. | e.g. {$fn_att:*.pdf} |
{$fn_hasatt:[keyword]} | Detect if message contains the specified attachment. |
If you enter a word in the rule, it equals to {$fn_subjectbody:[keyword]}. e.g. advertisement:5.
Usage Example
1. If the low level points is 5, and you want to mark the message which has more than 2 http links as spam, then you can input: {$fn_httplink}:3 in the rules. The two link will be counted to 2*3=6.
Negative Rule
Negative rule can be used to split other rules.
Syntax: [built-in function]|[keyword]:-200
e.g.
There are two rules in Anti-Spam rules:
{fn_subject:no junk}-200
{fn_body: bad}5
Then every email whose subject contains "no junk" will not be detected as spam even
the email body contains "bad".
Manually Approve
By default, EmailArchitect Email Server will send a confirmation request to the sender if the message is marked as spam. However, you can choose "manually approve" instead of confirmation request. Once "Manually Approve" is chosen in the Anti-Spam Service, all the messages marked as spam will be forwarded to approver e-mail address. Note: approver MUST be a local user in current EmailArchitect Email Server, he/she must logon the Web Mail to "Approve" or delete this message. Once the message is approved, it will be delivered to the original recipient.
Advanced Junk E-mail Process
By default, Junk E-mail Process in Anti-Spam Service is for every domains.
However, if some domains requires the different Junk E-mail Process, the
administrator should use the following expression in Advanced Junk E-mail Process
to change it.
[domain]/[action]/[approver]
action: 0/1/2. 0. send confirmation request; 1. mauanlly approval; 2. just move
to junk folder.
e.g.
emailarchitect.com/0
emailarchitect.net/1/approver@emailarchitect.net
adminsystem.com/2
Delete Obvious Junk-Email in GFilters
To prevent obvious spam, using Block Sender may not be a good idea, as most spammer use faked and ever-changing email address as sender address.
The best way to stop obvious spam is to add filter in GFilters or Domain Incoming filters . Note: junk e-mail always contains contact information in email body text, such as their url, real e-mail address or telephone number, those keywords are what you need to filter.
Trusted Sender
If the sender address is in user contacts or trusted email address, RBLS or Greylisting will never block the IP address/Sender.
See Also
Quick Tutorial User Permissions Domain Administration User Administration Services Administration SMTP Service POP3 Service IMAP4 Service Remote Object Call Service Webmail Service SSL Configuration Realtime Black List Anti-Spam Anti-Virus List Administration Traffic Control DBConnector Mail Archive DomainKeys and DKIM signature Storage and User Mailbox Incoming/outgoing Filters Advanced Functions in Filter Templates
EmailArchitect Server
Website
EmailArchitect Server Community