Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
Accounts
Network, Phone & TV
Software
Email, Calendar, Mobile
Cyrus Email & Andrew Calendar
Using Cyrus Email
Manage Email
Spam Filtering
Options
Accept and Filter Mail Lists
Maintain Your Spam Folder
How the Spam Filter Works
Secure Your Computer
Clusters & Printing
Web Services
Academic Technology Services
Technical Support & Services
Training & Education
Campus Partners
Information Security Office (ISO)
Media Technology Services

How the Andrew Spam Filter Works

The Andrew Spam Filter is implemented using a product called PureMessage by Sophos. PureMessage is a mail filter that uses a rule base to perform tests on email and identify spam. The PureMessage software works in conjunction with our Cyrus mail server and performs these tests on all mail received by the server.

Note: If you send mail using the Andrew outgoing mail server to a "userID@cmu.edu" address, that mail is sent to the cmu.edu server and then to the Cyrus mail server. Because the Cyrus mail server receives the mail from a server other than the Andrew outgoing mail server, that mail will be evaluated and scored by the Andrew Spam Filter.

Following is an overview of how the Andrew Spam Filter handles your incoming mail.

  1. All mail received by the Cyrus mail server is scanned by the Andrew Spam Filter.
    All incoming email received by the Cyrus mail server is scanned for signs that it may be spam. This scan is performed regardless of whether you have enabled the spam filter. The Andrew Spam Filter contains a series of conditions or rules that it checks against each piece of mail.
  2. The Andrew Spam Filter offers a percentage score for your email.
    Each condition or rule within the Andrew Spam Filter has a grade. The total score for a piece of email is the sum of the grades for each of the conditions that the mail matches. PureMessage then takes this score and converts it into a percentage likelihood that the message is spam.
  3. If an email has a percentage of 50 or higher, a line containing the score and reason for the overall score is inserted in the header of the "spam" message.
    Following is an example of the information that might be added to the header of your mail message. The information within parenthesis includes the reasons for the overall score for the message (in this case, 92%).

    X-Spam-Warning: 92% (URI_CLASS_HEALTH_DOMAIN 8, CTYPE_JUST_HTML 0.848, LIMITED_TIME_ONLY 0.461, BIG_FONT 0.146, CLICK_HERE_LINK 0.131, HTML_50_70 0.092, CLICK_BELOW 0.089, __CTYPE_IS_HTML 0, __UNUSABLE_MSGID 0, __CLICK_BELOW 0, __CLICK_HERE_LINK 0, __TAG_EXISTS_BODY 0, __MIME_HTML 0, HTML_FONT_COLOR_YELLOW 0, __MIME_HTML_ONLY 0, __TAG_EXISTS_HTML 0, __TO_MALFORMED_2 0, __MIME_VERSION 0, __EVITE_CTYPE 0, __CT 0, __CTYPE_HTML 0)
  4. Depending on which spam filter option you selected, mail messages with a percentage less than 50 are delivered to your INBOX. Depending on which spam option you chose, the Andrew Spam Filter either discards or files email messages with an overall percentage score of 50 or greater into your INBOX.spam folder (or another folder that you designated) with the FOLLOWING EXCEPTIONS:
    • If mail is sent via the Andrew outgoing mail server but is not directly delivered to the Cyrus mail server it is scanned by the Andrew Spam Filter. This is the case if you use the Andrew outgoing mail server to send mail to a "userID@cmu.edu" address. The mail is first sent to the cmu.edu server. The Cyrus mail server then receives the message from cmu.edu and the message will be evaluated and scored by the Andrew Spam Filter.
    • Unless you selected the option to DISCARD spam, conditions set using your Accept list are checked before email is filed into your spam folder. If an email meets one of the Accept list criteria, it is automatically delivered to your INBOX regardless of its score.
    • Likewise, conditions set using your Filter list are also checked before email is delivered to your INBOX. If an address or domain has been added to your Filter list, the mail is automatically filed in your spam folder OR discarded, even if it has not been flagged as spam. (Unless the address is also on your Accept list. Unless you selected the option to DISCARD spam, the Accept list takes precedence over conditions set in the Filter list.)

Last Updated: 10/14/10