SpamAssassin analyzes email messages, evaluates their likelihood of being spam, and logs the results — then spam can be filtered using thresholds and rules.
Managing Your Apache SpamAssassin Configuration in the Nexcess Cloud
An Introduction to
If you have a website and host email, you are likely to receive spam email messages. Several tools are available on the market that can help prevent spam from reaching your inbox.
For example, customers with or plans can manage the configuration using the Nexcess Cloud SiteWorx control panel at no additional charge. If you are on a or plan, reach out to reach out to our Support Team.
Apache SpamAssassin — What is It & How Does it Work?
The Apache SpamAssassin system analyzes email messages, evaluates their likelihood of being spam, and reports their results. This point-based tool compares different aspects of an email message using a wide range of rules, and each of these adds or removes points. The points are tallied for each email message, and the sum represents the message’s spam score. The user is able to choose a threshold value. Any message with a spam score higher than the threshold is considered spam and delivered according to further rules the user configures.
How Does Apache SpamAssassin Detect Spam?
Apache SpamAssassin runs over 700 tests on each email message in the following categories to detect spam:
- Subject Line
- Email Header
- Body Content & Formatting
- Character Set
- Message Encoding
- Sending IP Address
In addition, Apache SpamAssassin uses Bayesian Filtering, blocklists/blacklists, online databases, external programs, DNS attributes, and fuzzy checksum techniques to check if the email is spam, Then, Apache SpamAssassin applies a scoring framework to calculate the Apache SpamAssassin Spam Score for every email message, determining if it is spam or not.
Apache SpamAssassin runs over 700 tests on each email message with regard to how likely an email message is to be spam. Each test has a positive or negative number associated with it, if not given the neutral value of zero:
- A negative number indicates the email is unlikely to be spam, reducing the overall Apache SpamAssassin Score.
- A value of zero is considered in neutral, meaning that the result of the test has little impact on the spam determination calculation.
- A positive number indicates possible spam, thus increasing the overall Apache SpamAssassin Score.
The numbers resulting from each individual test are small such as positive 0.2 or negative -0.2.
Apache SpamAssassin tallies a total overall score, ranging from 0 to 10, which is the sum of all individual test results. Positive scores suggest probable spam, while negative scores suggest non-spam. The higher the overall Apache SpamAssassin Score for an email message, the is more likely it is to be spam.
Most system admins keep the default thresholds, where scores above a value of 5 — those Apache SpamAssassin Scores between and 5 and 10 are categorized as spam. However, system admins may adjust this score setting to be lower or higher than 5, so non-spam email should be composed ideally in such a way as to achieve scores that significantly the below the score of 5.
Nexcess Client Portal
Log in to your Nexcess Client Portal and pick the product plan you have with Nexcess.
What Do You Need?
Your login credentials. Click the link on the login page if you cannot locate them.
- An existing Nexcess Cloud Account using a or a . See for more information.
- Your email account must already have the local mail delivery option enabled. If you need to enable local mail delivery for your domain's email account, refer to How to configure a remote mail server.
If you are experiencing issues with spam, a good first step to getting your spam issue under control would be to adjust your SpamAssassin configuration settings to be more aggressive when applying the spam filters.
Log into Your Nexcess Client Portal
1. Click on the Plans option from the menu.
2. Either click the name of your Magento or Flex Cloud Plan service or select the Plan Dashboard option from the menu.
3. From the dashboard, select Menu > Control Panel.
Launch the SiteWorx Control Panel
1. Click on the Launch Control Panel button. And your browser will redirect you to the Cloud SiteWorx Control Panel page.
Next you will need to review and confirm the SpamAssassin Configuration settings after navigating to the page showing them.
1. From the SiteWorx main menu, navigate to Administration Options > Mail Options > Spam Filter.
2. Choose the domain name from the Managing Domain list that needs SpamAssassin configuration.
Spam Setting: SpamAssassin Status
This option allows you to enable or disable SpamAssassin. Once SpamAssassin is enabled, the configuration options become available for use.
This option allows you to choose how a spam message should be delivered to you that SpamAssassin has filtered:
- Deliver to IMAP Spam Folder (if one exists) or Inbox: By choosing this option, the messages that exceed the threshold score are filtered out into a dedicated Spam Folder (for you to further review or not) rather than automatically deleting them. If you do not have a Spam folder, the messages are delivered to your inbox.
- Delete Spam scored higher than this value: By choosing this option, messages with a spam score higher than the configured threshold value are deleted and are not delivered, even to your Spam Folder.
Spam Score Threshold
This Spam Score Threshold is a user-configured value. The system admin can decide what total spam score should be considered spam. If SpamAssassin scores an email above the threshold value, it will modify the email header identifying the email message as spam. Email messages with scores below this value will not be identified as spam.
- Spam Score Threshold = 5 (Aggressive) — More restrictive the spam filter
- Spam Score Threshold = 7 (Less Aggressive) —Default level spam filter
- Spam Score Threshold = 10 (Conservative) — Lenient level the spam filter
- Spam Score Threshold = 0-10 (Custom) — A custom level spam filter
The lower the Spam Threshold Score, the more restrictive the spam filter will be, resulting in less spam arriving in your inbox. However, this could also cause more legitimate emails to be identified as spam (and these might not reach the expected recipients).
In contrast, the higher the Spam Score Threshold you set, the weaker the filter, resulting in fewer false positives but more spam in your inbox.
Rewrite Message Subject
- Do not change the message subject —This option will not alter the message's subject line, if spam was detected by SpamAssassin.
By choosing the second option, SpamAssassin alters the subject line of the Email Header by adding the word "[SPAM]" in it. The result will make spam email messages easier to spot when viewing a list of email messages and some email clients allow filtering based on subject lines.
Example subject line: “[SPAM] INSTANT ACCESS, NO DEPOSIT NECESSARY”
Message Attachment Policy
- Make no changes to the body of the email message: This option does not add the SpamAssassin header to the body of the email. Nevertheless, you can see the spam report by viewing the email header.
- Create a new report message and attach the original spam message as an attachment (default): If spam is detected, the SpamAssassin Header is added to the body of the email. In addition, the original content of the message will be added as an attachment.
- Create a new report and attach the original spam message in text only. This may make it more difficult to extract or view the original spam message: Similar to the second option, a SpamAssassin Header is added to the body of the email message with the original message as an attachment, preventing a warning to the user when opening the message.
Advanced SpamAssassin Custom Options
Within the Advanced Spam Custom options area, you can add blacklist or whitelist or more preferences to your email address or for your domain. For example, as a result, if you are receiving spam from a specific domain, you can add a preference to have SpamAssassin automatically mark messages from this domain as spam. Alternatively, if SpamAssassin flags an email message from a known good sender as spam, you can add a preference to whitelist the sender.
This feature not only allows you to blacklist and whitelist emails and domains but also lets you do more to fine-tune your filters. The Preference dropdown menu gives you various options to choose from.
View the Apache SpamAssassin documentation for syntax and options specific to each preference.
Creating a Spam Preference
To create a new Spam Preference in the system, following these steps:
1. Click on the Add Spam Preference, so that the user interface takes you to another window with options.
2. Type: Specifies whether the custom rule applies to the entire domain or just a particular email addres.
3. Add Preference For: A domain or email address that should be covered by rule.
4. Preference: The type of SpamAssassin custom rule. Refer to the Apache SpamAssassin documentation for syntax.
5. Value: The value can be an email address, domain name, or ISP. If you are adding a domain name, it is recommended you add it as wildcard *.domain.net.
Global Default Spam Preferences: SpamAssassin settings can be set by your server administrator. These preferences will override any global settings.
What is a SpamAssassin Header?
In scanning an email message, SpamAssassin applies a series of tests to it. Each test carries a score. If the cumulative score for an email message crosses a specified threshold (7 is the default), it is classified as spam. If a message is identified as spam, SpamAssassin adds the header to the message, which lists all of the tests that matched, along with their corresponding scores.
Example of a SpamAssassin Header
Here is an example of a SpamAssassin Header. Taking a look at SpamAssassin's X-Spam-Status report, the Spam Score in this example is 8.4, and the Spam Threshold Score is set at 7.0. SpamAssassin then generates a header based on the email filtering performed.
Headers Set on All Email Messages Scanned
SpamAssassin sets these headers on all email messages it scans.
The X-Spam Score report in an email header may appear confusing at first glance. However, once you become familiar with the components, it becomes much easier to identify the SpamAssassin sections.
Listed below are some of the headers that will supply you with information about how SpamAssassin viewed the email:
Once SpamAssassin is enabled, it will automatically create two IMAP folders in your mailbox:
- “Learn Ham”
- “Learn Spam”
You can use these folders to instruct SpamAssassin on how to distinguish valuable emails from spam.
If you are using something other than our web-based mail clients like or that we provide, you would need to create two folders in your email account and call them "Spam" and "Ham" (non-spam) or subscribe to their IMAP folders. Refer to your email client program's documentation for instructions on subscribing to IMAP folders.
Training SpamAssassin to Identify Spam Takes Focus & Perseverance
It would be best if you established a new way of checking email regularly. You should begin moving new emails to one of these folders as soon as you receive them (and read them). Move good mail to the "Ham" folder. Put anything bad/spam that SpamAssassin check did not already catch in the "Spam" folder.
While this is the most challenging part of training correctly, it will yield the most effective results. The SpamAssassin test will take a while to collect tokens, but the more SpamAssassin checks, the more it will improve in accuracy.
Apache SpamAssassin Frequently Asked Questions (FAQ)
Are You Still Getting Spam After SpamAssassin is Enabled?
You can adjust the Spam Score Threshold value to a lower value for it to be more aggressive and to filter out more email messages from your inbox.
Are You Receiving Spam from a Particular Email Account or Domain?
If you are receiving spam emails from a particular email account, you can block the email address using the Advanced SpamAssassin Custom Options. As well, you can filter out email subjects and set the corresponding emails to be marked as spam automatically before they are delivered to your inbox.
Are Some Email Messages Filtered as Expected, but Do Not Come with a Renamed Email Header Containing "[SPAM]" or the Defined Text String?
The rewrite_header process will not alter the Email Header unless the email's score is above the required_score. The best way to investigate this kind of scenario is to fetch the email header of the corresponding spam message, and then to review what the SpamAssassin Spam Score is. With this information, you may want to adjust the Spam Threshold Score value lower. The lower the Spam Threshold Score setting, the more aggressive the filtering is.
Build Better Sites and Stores With Fully Managed Hosting from Nexcess
Faster Speeds, Stronger Security, Inherent Scalability and Trusted Support.
Our range of hosting plans caters to any business scale. We do all the heavy lifting for you to focus on growing your business. In addition, we automatically update ore components and plugins to the latest version and ensure your hosting environment is properly optimized, secured, and updated.
Nexcess infrastructure was specially designed to keep up the best speed and performance in the industry. No traffic surge can threaten your website to go down thanks to our autoscaling technology which adds more resources to your server to handle the load. In addition, we offer always-on security monitoring and support from web hosting experts 24/7/365 and .
Need a No-Code Website Building Solution?
Are you on an accelerated schedule and already ready to move forward? If you need to get started with your Nexcess StoreBuilder Solution sooner rather than later, check out these resources:
Next Steps with a Nexcess Cloud Hosting Solution?
Read more about the Fully Managed Cloud Environment by Nexcess and its benefits for your business.
A Cloud Hosting Solution That Lets You Do Business Your Way
We believe in the promise of cloud: scalability, security, performance, and ease of use. Together with our team, clients, and partners, we’ve built something better.
Choose From Multiple Applications
Whether you’re a small business or a high-traffic eCommerce store, our cloud hosting solutions are designed around your needs: auto scaling, PCI compliance, and comprehensive development tools provide you with maximum dynamic flexibility in a fully managed cloud environment.
We make applications easy with environment optimizations for:
And there are many more!
We also have a variety of Nexcess support articles about how best to implement our product offerings housed in the Nexcess Knowledge Base, including how to get your site going with a number of different configuration options. These resources include a great article on setting this up for Migrating to Nexcess with managed WordPress and managed WooCommerce hosting.
If you need any assistance with the above-mentioned, don't hesitate to reach out. For 24-hour assistance any day of the year, Nexcess customers can contact our support team by email or through your Client Portal.
Why Choose Nexcess?
Because we're different! Chris Lema captures "the why" in his passionate and stirring recount of a Nexcess support-related story.
Resources for More Information
Need more help? The Website Management > .htaccess, and , , , , and sections within the Nexcess Knowledge Base are important resources for those seeking additional knowledge. The Applications section also contains valuable insights for those seeking additional knowledge about our other various hosted applications and platforms. Check out our related video playlists and articles below:
New Customers: Fully Managed Hosting Solutions
- Global DNS Checker
- Buy an SSL Certificate
- What is a temporary or dynamic IP address?
- What are the benefits of dedicated IP addresses?
- What is SpamAssassin?
- How to manage spam with SiteWorx and SpamAssassin
- How to retrieve email headers
- Email protocols: IMAP versus POP3
- How to create and modify email accounts in Nexcess Cloud
- Magento & Flex Cloud: Mailbox for Secondary Domain