Skip to main content

The Anti-Spam Filter

Introduction

Stanford's spam filtering system works by scanning incoming email for spam before it gets delivered to your email Inbox. When the system finds email that matches verifiable spam message patterns, it adds a key word to the Subject line indicating how certain it is that the message qualifies as spam, and then delivers the email as usual. This lets you decide how to deal with spam.

You can automatically filter or delete incoming mail that has been tagged as spam at the server level (before it reaches your email Inbox), by using Webmail filtering. This can eliminate the need the need for your email client to do the filtering.

If you choose not to use Webmail filtering, you can use the built-in filtering functions of your email program.

The spam filter scans all email sent to @stanford.edu addresses from non-Stanford domains. However, email from a Stanford machine that is sent to the Stanford email gateways is not scanned. This means that outside mail sent first to a department server then forwarded to @stanford addresses will not be checked by the spam filter.

How will this affect my email?

  • By default, all mail judged to be spam with 100% certainty is discarded before it reaches your mailbox. Also, all mail marked with four # symbols is filed into a folder labeled "Junk" that can be accessed via Webmail or an email program configured for IMAP.
    To change the settings for email marked with four # symbols and below, see Create a Spam Filter in Webmail.

    IMPORTANT: Messages that are more than 30 days old are automatically purged from your "Junk" folder.
  • Email that might be spam will have a [SPAM:] tag added to its Subject line. For example:
     

    Before
    Subject: Get What You Want
    From:  eDiets Motivation <motivation@EDIETS.COM>

    After
    Subject: [SPAM:####] Get What You Want
    From:  eDiets Motivation <motivation@EDIETS.COM>

  • The number of "#" signs (pound or number signs) after the word "Spam:" indicates how sure the system is that your email qualifies as spam. To get one "#", the system must be 50% certain that it has found spam. Each "#" after that is another 5% to 10% of certainty.
  • Email that has been tagged as spam will carry a line of "X--Proofpoint-Spam-Details" evaluation in the header. This tells you what spam patterns were discovered by the system when evaluating your email. Here is an example:

    Subject: [SPAM:#####] Get What You Want
    From:  eDiets Motivation <motivation@EDIETS.COM>
    X-Proofpoint-Spam-Details: rule=spam policy=default score=100 spamscore=100 suspectscore=10
     phishscore=0 adultscore=0 bulkscore=20 classifier=spam adjust=0 reason=mlx
     scancount=1 engine=7.0.1-1402240000 definitions=main-1408270234
     

    The "spamscore" number represents how certain the system is that your email constitutes spam. 

Untagged spam and incorrectly tagged messages

Spammers are continually varying their techniques to get their messages past systems like ours. Our vendor delivers us continual updates to the spam detection definitions in order to keep the tagging as effective and accurate as possible. From time to time as spammers develop new techniques you may see a temporary increase in untagged spam arriving in your Inbox. You can go ahead and just delete these messages as they come in and expect that before long the vendor will have updated the product to catch these new flavors of spam. We no longer collect samples of these messages because we found the vendor was supplying updates for them on their own.

If you get a false positive that you want to keep — email that gets marked as spam but that you want to continue receiving — just configure your email program so that it makes an exception for that particular kind of email and does not filter it out.

The software doing all this work is from Proofpoint (www.proofpoint.com).

What if I need help?

If you have problems with and/or questions about these anti-spam procedures please submit a HelpSU ticket.

Last modified