How To Filter Spam Email

Posted on March 26, 2021 by Liquid Web | Updated: September 29, 2021

Category: Tutorials | Tags: Account Management, Common Questions, cPanel, Disable, Email, Email Hosting, Email Setup, Email Sync, Exim, Filter, IMAP, InterWorx, Junk, Linux, Mail, Mail Client, Mail Delivery, Mail Queue Manager, POP3, Qmail, SMTP, Spam, SpamAssassin, Spamming, SSL, Troubleshooting, WHM

Reading Time: 6 minutes

Introduction

Email. We all use it, and we all have spam issues from time to time. Whether you use Gmail, Outlook, Hotmail, Apple Mail, or another type of webmail software, spam is an annoyance that robs us of precious time that should be made available for more worthwhile pursuits. This article will demonstrate multiple methods for filtering out a significant portion of bothersome and inconvenient spam from our inbox.

Why Employ Spam Filters?

Let’s begin with a few statistics:

There are over 240+ million email users alone in the United States. (Source: Review42)
Gmail blocks, on average, 100 million spam email messages daily. (Source: Venture Beat)
The typical office worker receives 120 emails every single day. (Source: Campaign Monitor)
More than 55% of all emails are classified as spam. (Source: Statista)

Those receiving the very fewest emails (5 or fewer) were most likely to receive no spam at all (16% reported they received no spam, compared to 7% of all users), and those who received the very most email (over 100) were most likely to receive the highest percentage of spam (39% reported that more than 80% of their emails were spam, compared to 19% of all users).
Deborah Fellows, Pew Research Center

The statistics presented above are reason enough to employ spam filters, but with phishing attempts, malware links, tracking pixels, or additional efforts to manipulate us into a situation where we may experience identity theft in some form, spam filters are a necessity.

How Do Spam Filters Work?

The spam filters employed at larger corporations usually use a web-based email service that handles the bulk of the software to scan and analyze incoming and outgoing emails.

These filters search for and detect any potential spam based on a ruleset that is triggered when an email should be flagged. This ongoing analysis is scored based on multiple criteria. The more pattern matches the email meets increases the email’s probability of being labeled as spam.

Many small and midsized companies rely on the SpamAssassin software found on most email servers. SpamAssassin depends on a ruleset that is defined by a scoring system, as shown below.

Users can see the scores by running the following command.

[root@host ~]# grep -R score /var/lib/spamassassin/* | less

One of the scoring rules may look like this.

/var/lib/spamassassin/3.004004/updates_spamassassin_org/72_active.cf:#score AC_SPAMMY_URI_PATTERNS1 4.0

SpamAssassin also allows users to customize the score in the /etc/mail/spamassassin/local.cf file. The main rules are located in the /var/lib/spamassassin/3.004004/updates_spamassassin_org/72_active.cf file.

In cPanel, the administrator can modify many of the SpamAssassin settings in WHM via Home » Service Configuration » Exim Configuration Manager under the advanced editor tab.

Normally, local SpamAssassin configurations will be placed in the site-specific area, typically either in the /etc/mail/spamassassin or /etc/spamassassin folders. If you are an end-user and do not have the ability to update or access the folders above, any specific configuration changes to the SpamAssassin parameters should be placed in your $HOME/.spamassassin/user_prefs file.

Along with SpamAssassin, open-source applications like Mailscanner and ASSP, in conjunction with external services like Spamhaus, multirbl.valli.org, Spamcop, and Talos, help prevent numerous spam messages from accessing your inbox.

10 Filtering Methods Used To Reduce Spam

Below are ten different filtering methods you can implement to reduce spam to your inbox.

1. Blacklist

Blacklists are where domains or IPs that have been tagged as “spammy” will be listed. Many email software applications check these lists continuously to ensure that offending spammers are listed.

2. Whitelist

A whitelist is a local repository where users can add emails to an approved senders list. If a client initially reported a previous email to be spam and the user found it not to be spam, an administrator can add an email, domain, or IP to a local whitelist on the server.

3. Greylist

An email that is greylisted will be "temporarily rejected" by the email software if it does not recognize an email from a sender. If the email is legitimate, the originating email server will attempt to resend the message again after a delay. If enough time has passed, the email will be accepted and sent to the receiver.

4. Realtime Blackhole List

A Realtime Blackhole List (or RBL) is a service that uses a simple DNS query where email servers can verify whether a sender’s IP address is contained on an IP address blacklist purported to send spam email. Most email software is initially configured to check over one or more blacklists. Typically, the email server will reject or, at the very least, flag a message if it is on an RBL site.

5. List-Based Filters

A list-based filter essentially works with blacklists and whitelists, either allowing or disallowing the delivery of an email sent from a specific source or sender.

6. Content-Based Filters

A content-based filter assesses inbound email messages by appraising the chance that a message is legitimate or not. Unlike several other filtering methods, content filtering uses statistically significant characteristics based on samples of other authorized messages or spam-like messages to make a determination.

7. Word-Based Filters

This type of filter is one of the most simple and oft-used. It scans the body of an email message for particular content or specific terms in which have been identified as being related to spam. For example, if we add the word "sex” to the email body, the filter will block all the emails containing that word.

8. Heuristic Filters

A heuristic filter is a technique that uses a scanning engine to sort through email messages for characteristics and behaviors that are generally associated with spam messages or qualities. These attributes can be unique as a fingerprint in many cases.

9. Bayesian Filters

Bayesian filtering is premised on the Bayes' Theorem. This theory identifies the chance of something happening again, based on previous events, when certain conditions are met. It indicates that the chances of an event occurring again are high if the same conditions exist. This theory provides the basis on which we can state the probability an email is a spam message.

10. Additional Miscellaneous Filtering Methods

The methods found in this section are not used often but still provide valuable insight.

Collaborative Filters

This is also known as behavioral clustering. It is a system that builds a data model based on past traits or other similar historical activity.

Challenge/Response System

Initially implemented in 1997, the challenge-response scheme is used to send an automated response that includes a challenge to the email sender. In reply, the sender must perform a simple action to confirm the delivery of the original message. Otherwise, the email is not delivered. This system is typically used when a message is received from an unknown sender.

DNS Lookup

Using this filter, specific DNS records are used to verify the sending domain. These records can include MX, SPF, DKIM, DMARC, TXT, or RDNS lookups. These essential records all play a part in the verification of the sending domain.

Conclusion

Utilizing multiple filtering methodologies improves the outcome in the reduction of the number of spam emails received. Luckily, many of these features are already built into today’s server software.

Applications like SpamAssassin, Mailscanner, ASSP, in conjunction with external services like Spamhaus, multirbl.valli.org, Spamcop, and Talos, deny millions of spam messages and domains access to your inbox.

Our Premium Business Email utilizes multiple filters to ensure the email messages you send and receive are automatically examined by the system and proven to be a safe alternative to other similar services.

Liquid Web takes spam seriously and has worked with federal, state, and local law enforcement to pursue spammers who have tried to game the system and failed. We take pride in these coordinated efforts and the accomplishments they bring, as it demonstrates our overall commitment to the safety and security of our clients and the platforms they run on.

If you have any questions about information found in this article, our Premium Business Email, or would like information regarding one of our many plans, our Most Helpful Humans in Hosting are available 24 hours a day, 7 days a week, and 365 days a year via phone at 800.580.4985, or email, or a LiveChat. Test text addition for revisions. Another test text addition for revisions.