The decisive factor in the evaluation of emails is the Spam Confidence Level (SCL). In the end, the SCL is the value that decides whether an email is declared as spam or not. But how does the SCL work in NoSpamProxy?
The Spam Confidence Level matters
The Spam Confidence Level (SCL) is the most important value in the evaluation of emails: If the SCL of an email is above a certain threshold value, this email is rejected. This value is 4 by default, but can be adjusted individually. An SCL of 0 means that an email has been classified as neutral. Values smaller than -10 or larger than +10 are limited to -10 or +10 respectively.
Filters and their influence on the Spam Confidence Level
The basis for calculating the SCL are the results of the filters that were applied to the respective email. Filters do the actual work of checking the email, as they assign SCL points based on the filter results. How many SCL points are awarded for each filter result can be customised for individual filters: For example, NoSpamProxy can be configured so that the reputation filter awards 4 SCL for an unsecured connection, but 5 SCL points for a failed SPF check.
The results of all active filters can be weighted using a multiplier: In this way, the filter’s score is offset against the multiplier and the influence of the individual filters within a rule is affected. This has a decisive influence on the final SCL value.
Example calculation of the Spam Confidence Level
This example is based on the following filter configuration:
- Emails are to be checked and rejected as soon as the SCL is greater than or equal to 4.
- Three filters are activated: Realtime Blocklists, Spam URI Realtime Blocklists and the word filter.
- The word filter is configured to search for the words sex, Viagra, Cialis etc. and assigns two penalty points per hit.
- The two blocklist filters are to award two points per hit.
- Level of Trust is switched off.
An email is processed that contains eight prohibited words and a prohibited link. The link is contained on a blocklist. Furthermore, the submitting IP address is on two blocklists.
Filter | Spam Confidence Level | Multiplier | SCL |
---|---|---|---|
Realtime Blocklists | 4 | 2 | 8 |
Spam URI Realtime Blocklists | 2 | 2 | 4 |
Word filter | 10 (limited because the value was >10) | 1 | 10 |
Total | 22 |
The email therefore receives an SCL of 22 and is thus rejected.
The modular structure of the rules in NoSpamProxy makes it possible to adapt filter configurations exactly to the needs. For a complete list of available filters, see Filters in NoSpamProxy.
Fighting False Positives with Level of Trust
It is possible that filter results lead to very high SCL values. This is the case, for example, if the word filter is active for a rule and the email contains several unwanted expressions. The SCL value can then quickly rise to over 4, especially if no other filter is active.
This is where Level of Trust comes into play, which can be activated individually for each rule. The Level of Trust system is a multi-layered concept that assesses the trustworthiness of a communication relationship or domain. In short, Level of Trust awards trust bonuses for the quality of the connection history. In doing so, NoSpamProxy incorporates various criteria. The two most important are listed below:
- Domain relationship: Regular outbound emails to a specific email domain are rewarded.
- Address relationship between sender and recipient: Outbound emails to certain external addresses are rewarded with a high trust bonus.
The idea behind this is simple: If there is mutual communication between two communication partners, the probability that one of the partners is a spammer is low.
Example calculation Spam Confidence Level with Level of Trust
Filter | Spam Confidence Level | Multiplier | SCL |
---|---|---|---|
Realtime Blocklists | 4 | 2 | 8 |
Spam URI Realtime Blocklists | 2 | 2 | 4 |
Word filter | 10 (limited because the value was >10) | 1 | 10 |
Level of Trust | -10 | 5 (=2+2+1) | -50 |
Total | -28 |
The email would have been delivered in this example because the SCL is less than 4 after including the Level of Trust.
Filters and Actions
In addition to filters, which influence the spam confidence level depending on the result, there are also actions in NoSpamProxy. Actions are fundamentally different from filters because they can also change emails: For example, they can add a footer or remove unwanted attachments.
Actions, however, can also reject emails that would actually pass after being evaluated by the filters. This means, for example, that a malware scanner can still reject the email even though it has not been detected as spam, because, for example, there is a sufficiently high level of trust value.
The actions available in NoSpamProxy are therefore higher-level settings with which filters can be overruled if necessary and over which the level-of-trust system has no influence.
32Guards can do both
The AI-based 32Guards occupies a special position. On the one hand, 32Guards is a filter that influences the calculation of the spam confidence level, and on the other hand, it is an action that can directly reject threats temporarily or permanently.
The evaluation of emails by 32Guards is based on the evaluation of email metadata. At the end, this evaluation results in a final assessment of the email. Examples of spam indicators are suspicious file names or the frequent occurrence of new or unknown URLs in a very short time.
Based on the analysed metadata, 32Guards creates a threat assessment, which in turn is used as a basis for further actions in NoSpamProxy.
Not yet using NoSpamProxy?
With NoSpamProxy you can reliably protect your company from cyber attacks. Request your free trial version now!