Spam Filtering at the SSCC

The problem of unsolicited commercial email, or "spam" requires no introduction to anyone with an email account. The SSCC uses a program called SpamAssassin to identify and filter incoming spam.

How SpamAssassin Works

SpamAssassin uses a large number of tests to determine whether a message is spam or not. Failing any single test will not get a message marked as spam. Instead, each test a message fails gives it a certain number of points, and if the total points for a message is higher than a certain threshold then the message is marked as spam. This makes false positives (real messages mistakenly marked as spam) extremely rare.

If a message is marked as spam, it is placed in your spam folder (so you should look there if you believe a real message was mistakenly marked as spam). Messages in your spam folder are automatically deleted after 15 days.

Put Unfiltered Spam in your "not legit" Folder

The most powerful test for identifying spam is the "Bayesian" test. SpamAssassin keeps a large database of the words used in the email it filters, and keeps track of how often each word occurs in real email and in spam. It then checks new mail against this database, and assigns it a probability of being spam based on the words it uses. However, that means that when SpamAssassin misclassifies a message it also misclassifies the words that message uses.

You can improve the database by putting any misclassified messages in two special folders. The not legit folder is for messages SpamAssassin thought were legitimate but are in fact spam. The not spam folder is for messages which SpamAssassin thought were spam but are in fact legitimate (though this is extremely rare). Every night SpamAssassin examines these folder and corrects its database. Messages in not legit are then deleted, and messages in not spam are returned to your inbox. In the long run, if everyone puts their unfiltered spam in their not legit folder rather than just deleting it, SpamAssassin will get better at identifying spam. However, please don't expect immediate results. Just because you put a message in not legit does not mean SpamAssassin will be able to identify messages that are "just like it" as spam with 100% accuracy.

What to Expect from SpamAssassin

In fact SpamAssassin will never achieve anything like 100% accuracy. Sending spam is a very profitable (though very unethical) business and those who send spam spend a great deal of time and effort on finding ways to fool filters like SpamAssassin. The SpamAssassin community then creates new tests to identify the new types of messages, and the cycle continues.

However, the reality is that some spam will always get through. SpamAssassin is typically about 95-98% accurate. Unfortunately it's not unusual to get 50-100 spam messages a day, which means you may see several spam messages in your inbox each day as well.

Spam Filtering on Forwarded Accounts

If you forward your SSCC email to a different address, SpamAssassin will filter your email before it is forwarded. If it did not, it would appear to the world that the SSCC is a sender of spam, and our email server could be blacklisted. However, we have set the threshold for identifying spam much higher for forwarded mail so false positives should simply never happen. If you do suspect that a message to you has been mistakenly identified as spam, you can log in to your SSCC email account using our web mail program and look for it in your spam folder.

Opting Out of SpamAssassin

We consider spam filtering to be practically a necessity for using email. But if you do want to opt out of using it, contact the Help Desk and we can prevent SpamAssassin from filtering your mail. If you are forwarding your SSCC email to another address, you cannot opt out of SpamAssassin, as we cannot allow the SSCC's email server to be blacklisted as a spam source.

Last Revised: 4/5/2007