Filtering On Probability Ranges

Any application that you develop using the Anti-Spam SDK will need to handle messages based on the returned spam probability. The anti-spam engine is set, by default, to recognize spam at or above a 50% threshold (a spam probability range of 50% to 100%). A message with a spam probability under 50% is considered legitimate. Sophos recommends that your applications should treat messages with a greater than 90% spam probability as being "definitely spam," which can then be discarded or rejected as appropriate. Messages that return a 50% to 90% spam probability should be treated as "likely spam," which can then be tagged, stored in a folder, quarantined, etc.

The following example defines a set of sample probability ranges based on the suggested spam probability ranges, with filtering actions becoming stricter as the spam probability range increases.

Example Filtering Actions Based on Spam Probability Ranges

  • 0-49%: Add an X-Sophos-AntiSpam: header to the email message with the probability appended. Deliver the message to envelope recipients.
    Adding a header to a message is useful for testing and debugging purposes. For example, if a message is determined to be a false negative (spam delivered as legitimate email), reviewing the header easily reveals the spam probability of the message.
  • 50-90%: Add an X-Sophos-AntiSpam: header to the email message. Append a '#' mark for every 10% calculated over a probability of 50%. For example, a message with a probability of 60% will have an X-Sophos-AntiSpam: # header added. A message with a 70% probability will have an X-Sophos-AntiSpam: ## header added. Add an X-Sophos-AntiSpam-Hits: header to the email message to identify the spam features that contribute to the message's spam probability. Modify the message's Subject: header, and then deliver the message to envelope recipients. Envelope recipients can then filter messages into different folders on their mail client by using substring matches on the '#' mark.

    A Resulting Message Header with an 88% Spam Probability:

    Received: ...
    From: fooey@spammer.ick
    X-Sophos-AntiSpam: ### (88%)
    X-Sophos-AntiSpam-Hits: AMAZING_STUFF, APPLY_ON_LINE, RCVD_IN_CBL, ...
    Subject: [SPAM: 88%] original subject line
  • Over 91%: Send the email messages to a spam directory or quarantine. Notify envelope recipients of the blocked spam messages. Allow recipients to access and release blocked messages.
Thresholds, email modifications, and filtering actions are only suggested uses for the returned email message spam probability. Your host application may have different message-filtering attributes.