Information technology tools and resources at the UW
How the Junk Email Function Works
Junk email filtering is a two-step process. Each incoming message is given a “spam score” and then either placed in your Inbox (if it has a score below your spam threshold) or placed in a junk-mail folder (if it has score higher than your spam threshold). You choose the spam score threshold value in the Email Delivery Manager (EDM.)
|When messages arrive at the UW, they are scanned with a system called Sophos PureMessage and given a “spam score” ranging between 0 (probably not spam) and 100 (almost certain to be spam). The spam score is added to the message in a special line in the message header. This line is usually not shown, but with most email programs you can see it if you want to.|
|The message then goes to the email servers.|
PureMessage looks for message characteristics that are common to spam messages, including the following:
- Key phrases such as “Special One-Time Offer,” “Call Now,” “Act Now,” “You Have Won…,” “Human Growth Hormone,” etc.
- Inconsistencies or errors in the header information
- Characteristics of the text, such as “shouting text” (all capitals)
- The email distribution agent used to send the message
- Characteristics of the route the message followed in the Internet to reach the UW
- “From:” and “To:” header fields being the same (often an indication of a fake From: address)
The scoring system is regularly updated by PureMessage to improve its effectiveness and deal with changes in the characteristics of junk email over time.
Many aspects of the message are considered in coming up with the final spam score. In practice, the scoring system has been found to be quite effective at identifying what most people consider to be junk email.
Still, just because a message looks like spam to PureMessage does not mean that it is spam. You may choose to receive marketing email messages from a company you purchased a new computer or a book from, for example. Also, some responsible organizations you may want to hear from use the same email distribution programs as spammers or might format their messages in spam-like ways. To be sure that you do not lose messages you want, it is important to regularly check your junk-mail folder once you turn on spam filtering. Any message in your junk-mail folder that is more than seven days old will be automatically and permanently deleted!
When PureMessage reviews a message, it adds a line to the message header. With most email programs, this small change will not be evident when you view the message because they usually show only a few header lines, like Date:, To:, From:, and Subject:.
If you would like to see the header line containing the spam score, you’ll need to have your email client program display the full details of the message headers. How that is done depends on which email client you use. If you need assistance, consult this list of instructions for common email programs.
Here is an example of what you might find:
X-Uwash-Spam: Gauge=XXXXXXIIIIII, Probability=66%, Report="MAILTO_TO_SPAM_ADDR, NO_MX_FOR_FROM, ONLY_COST, RAZOR2_CHECK, SPAM_PHRASE_02_03, SUPERLONG_LINE"
The spam score is indicated by “Probability=66%.” The “Gauge” is a Roman numeral representation of the spam score, which can be handy to use for comparisons in setting up filter rules. “Report” lists keywords for the message characteristics that determined the spam score. Some characteristics are good (characteristic of messages that are not spam) and some are bad (common to messages people consider to be spam).