spamBlocker Actions, Tags, and Categories

You configure the action that spamBlocker takes based on the spam category of each email message.

spamBlocker Actions

The Firebox uses spamBlocker actions to apply decisions about the delivery of email messages. When a message is assigned to a category, the related action is applied. When the spamBlocker service is unavailable, you can select to Allow or Deny messages. Not all actions are supported when you use spamBlocker with the POP3 and IMAP proxies.

Allow

Allows the email message to go through the Firebox.

Add a subject tag

Allows the email message to go through the Firebox, but inserts text in the subject line of the email message to mark it as spam or possible spam. You can use the default tags or you can customize them, as described in the next section. You can also create rules in your email reader to sort the spam automatically based on the subject tags, as described in Create Rules for Your Email Reader.

Quarantine (SMTP only)

Sends the email message to the Quarantine Server. The Quarantine option is supported only when you use spamBlocker with the SMTP-proxy. The IMAP and POP3 proxies do not support this option. If the Quarantine Server cannot be contacted, the message is temporarily rejected.

Deny (SMTP only)

Stops delivery of the email message to the mail server. The Firebox sends this 571 SMTP message to the sending email server: Delivery not authorized, message refused.The Deny option is supported only when you use spamBlocker with the SMTP-proxy. The IMAP and POP3 proxies do not support this option.

When you select Deny as the Virus Outbreak Detection (VOD) action in an SMTP proxy action, the Firebox sends an SMTP 554 Transaction Failed response to the source of the message.

Drop (SMTP only)

Drops the connection immediately. The Firebox does not give any error messages to the sending server. The Drop option is supported only if you use spamBlocker with the SMTP-proxy. The IMAP and POP3 proxies do not support this option.

spamBlocker Tags

If you select the spamBlocker action to add a tag to a category of email messages, the Firebox adds a text string to the subject line of the message. You can use the default tags provided, or you can create a custom tag. The maximum length of the tag is 30 characters.

This example shows the subject line of an email message that spamBlocker classifies as spam. The tag added is the default tag: ***SPAM***.
Subject: ***SPAM*** Free auto insurance quote

This example shows a custom tag: [SPAM]
Subject: [SPAM] You've been approved!

spamBlocker Categories

spamBlocker assigns each email message to a category or ignores the message as not spam.

Confirmed Spam

The Confirmed Spam category includes email messages from known spammers.

If you use spamBlocker with the SMTP-proxy, select the Deny action for this category.

If you use spamBlocker with the IMAP or POP3 proxy, select the Add a subject tag action for this category.

Bulk

The Bulk category includes email messages that are not from known spammers, but are mostly legitimate mass email messages. An example is an email newsletter that the recipient requested or agreed to receive. For this category, select the Add subject tag action, or the Quarantine action if you use spamBlocker with the SMTP-proxy.

Bulk categories are supported in Fireware v12.1.3 and lower, and Fireware v12.2.x to Fireware v12.5.3.

Suspect

The Suspect category includes email messages that appear to be associated with a new spam attack. Frequently, suspected spam messages are legitimate email messages, but appear in this category as false positives. Unless you have verified that most messages in this category are not false positives for your network, you should consider a suspect email message as not spam, and select the Add subject tag action for suspect email, or the Quarantine action if you use spamBlocker with the SMTP-proxy.

Suspect categories are supported in Fireware v12.1.3 and lower, and Fireware v12.2.x to Fireware v12.5.3.

See the spamBlocker Category for a Message

After spamBlocker categorizes a message, it adds the spam category to the full email message header as a spam score. To see the spam category, you must review the full email message header.

To find the spam score for an email message in Microsoft Outlook 2010 and higher:

  1. In an open email message, select the File tab.
  2. Click Properties.
  3. In the Internet headers text box, review the message header information.

In the Internet headers text box, the spam score shows in this line:

X-WatchGuard-Spam_Score:

Spam Score in the Message Header

Here is an example of how the spam score shows in the email message header:

X-WatchGuard-Spam-Score: 0, clean; 0, virus threat unknown

The first number on this line is the spam category.

In Fireware v12.5.4 and higher or Fireware v12.1.4 to Fireware v12.1.x, there are two spam categories: 

0 — Clean

100 — Spam

In Fireware v12.1.3 and lower and Fireware v12.5.x to v12.5.3, the spam category number has one of these values:

0 — Clean

1 — Clean

2 — Suspect

3 — Bulk

4 — spam

Virus Outbreak Detection is supported in Fireware v12.1.3 and lower, and Fireware v12.2.x to Fireware v12.5.3.

If you enable Virus Outbreak Detection (VOD) in your spamBlocker configuration, the spam score in the email message header has a second number, the VOD category. This number has one of these values:

0 — Virus threat unknown

1 — No virus

2 — Virus threat possible

3 — Virus threat high

See Also

spamBlocker Requirements

About the Quarantine Server

Activate and Configure spamBlocker

Enable and Set Parameters for Virus Outbreak Detection (VOD)