skip to content
Home

Computing

 

Spam filtering

Spam filtering

How Cambridge spam filtering works

The majority of email to @cam.ac.uk and @SOMETHING.cam.ac.uk addresses (including DAMTP, DPMMS and Statslab email) passes through the central email server ppsw.cam.ac.uk. This server puts a "tag" on each mail message, indicating how likely it is to be spam (that is, unsolicited and unwanted mail). The spam is not blocked by the university, but instead users can themselves easily arrange for appropriate action to be taken automatically, depending on the tag. Viruses and other malware are blocked.

The tag is added to the message by the insertion of extra header lines. Most mail programs have an option to allow you to see the header lines in a message; for example, in pine, pressing the "h" key makes them visible. Here is an example of lines that you might see:

X-Cam-ScannerAdmin: mail-scanner-support@ucs.cam.ac.uk
X-Cam-AntiVirus: Not scanned
X-Cam-SpamDetails: not spam, SpamAssassin (score=5.1, required 10,
        GAPPY_SUBJECT, HTML_60_70, HTML_IMAGE_ONLY_02, HTML_MESSAGE,
        MIME_HTML_ONLY, PLING_PLING, REMOVE_PAGE, SUBJ_FREE_CAP)
X-Cam-SpamScore: sssss

The crucial lines are the third and fourth. The third says the message scored 5.1, giving reasons why this score was reached (eg the message was written in HTML, a typical spam feature). The phrase "not spam" means only that the score was less than 10; this message is still very likely to be spam. The fourth line is the important one for filtering purposes: it gives a string of letter "s"s whose length is the score. This line is easily checkable by filtering programs, which can then take appropriate action. Usually this involves saving email which looks like junk in a folder called "spam".

How to filter spam on Exchange Online

Please refer to the UIS webpage here to learn how to set up spam filters. Exchange Online also has the facility to quarantine messages. Learn more about this (and access your personal quarantine page) here.

How to filter spam on Maths email - 2020 server

Using filters configured in the Roundcube webmail system.

  • select Settings from the Application Bar then Filters in the left hand column
  • click Create at the top of the right-hand column
  • choose X-Cam-Spamscore in the Rules menu and type a number of 's' characters to define the score for filtering...
  • choose 'Move messge to' in the Actions menu and select your Junk folder.
  • click Save

More information about the Maths mail server.

Scoring - when to reject?

It is impossible for any computer program to be 100% reliable at distinguishing spam from genuine email, since spammers are constantly searching for new ways to sneak past the filters. The higher a message's score, the more likely it is to be spam.

The default threshold is 5 or 6, at which level real email is very seldom misclassified as spam but quite a lot of spam is missed. Reduce the number of esses in the Exim filter, or the numeric threshold on Hermes, if you want to catch more spam; this will increase the risk of real mail going into the spam folder. Four esses is fairly safe and kills most spam. Note, though, that genuine email is likely to score at least one if it is in HTML format (as is typical with, say, mail sent from a hotmail account). Likewise, mail from a mailing list can score positively under some circumstances.

Please check through your spam folder regularly

Please check through your spam folder regularly, both to stop it from filling up our disks with spam, and because there will typically be one genuine message in this folder. I've seen quotes that this sort of spam-tagging is more than 99% reliable; that of course means that if you use this method, for every hundred emails in the spam folder, there will be one genuine email that you wished to receive.

Your spam folder works just like any other email folder and is read in the same way. For example, Pine users should press L to list folders then select "spam" from the list.

How to filter spam on Hermes

This is set up via Hermes webmail.

  • select Settings from the Application Bar then Mail Processing in the left hand column
  • select Junk Email and specify the threshold (score) above which you wish to have mail filtered. Filtering is enabled by default but the default threshold is 10 which lets a lot of spam through. Try setting it to 5 initially or 4 if you are still getting too much spam.
  • select Update

Much more detail about spam filtering on Hermes

Study at Cambridge

About the University

Research at Cambridge