You configure the action that spamBlocker takes based on the spam category of each email message.
The Firebox uses spamBlocker actions to apply decisions about the delivery of email messages. When a message is assigned to a category, the related action is applied. Not all actions are supported when you use spamBlocker with the POP3 and IMAP proxies.
Allows the email message to go through the Firebox.
Add subject tag
Allows the email message to go through the Firebox, but inserts text in the subject line of the email message to mark it as spam or possible spam. You can use the default tags or you can customize them, as described in the next section. You can also create rules in your email reader to sort the spam automatically based on the subject tags, as described in Create Rules for Your Email Reader.
Quarantine (SMTP only)
Sends the email message to the Quarantine Server. The Quarantine option is supported only when you use spamBlocker with the SMTP-proxy. The POP3-proxy does not support this option. If the Quarantine Server cannot be contacted, the message is temporarily rejected.
Deny (SMTP only)
Stops delivery of the email message to the mail server. The Firebox sends this 571 SMTP message to the sending email server: Delivery not authorized, message refused.The Deny option is supported only if you use spamBlocker with the SMTP-proxy. The POP3-proxy does not support this option.
When Deny is selected as the Virus Outbreak Detection (VOD) action in an SMTP-proxy action, the Firebox sends an SMTP 554 Transaction Failed response to the source of the message.
Drop (SMTP only)
Drops the connection immediately. The Firebox does not give any error messages to the sending server. The Drop option is supported only if you use spamBlocker with the SMTP-proxy. The POP3-proxy does not support this option.
If you select the spamBlocker action to add a tag to certain email messages, the Firebox adds a text string to the subject line of the message. You can use the default tags provided, or you can create a custom tag. The maximum length of the tag is 30 characters.
This example shows the subject line of an email message that was found to be spam. The tag added is the default tag: ***SPAM***.
Subject: ***SPAM*** Free auto insurance quote
This example shows a custom tag: [SPAM]
Subject: [SPAM] You've been approved!
spamBlocker assigns one of three categories to each email message.
The Confirmed Spam category includes email messages from known spammers.
If you use spamBlocker with the SMTP-proxy, select the Deny action for this category.
If you use spamBlocker with the POP3-proxy, select the Add subject tag action for this category.
The Suspect category includes email messages that appear to be associated with a new spam attack. Frequently, suspected spam messages are legitimate email messages, but appear in this category as false positives. Unless you have verified that most messages in this category are not false positives for your network, you should consider a suspect email message as not spam, and select the Add subject tag action for suspect email, or the Quarantine action if you use spamBlocker with the SMTP-proxy.
The Bulk category includes email messages that are not from known spammers, but are legitimate, mostly welcome mass email messages. An example is an email newsletter that the recipient requested or in some other way agreed to receive. For this category, select the Add subject tag action, or the Quarantine action if you use spamBlocker with the SMTP-proxy.
See the spamBlocker Category for a Message
After spamBlocker categorizes a message, it adds the spam category to the full email message header as a spam score. To see the spam category, you must review the full email message header.
To find the spam score for an email message in Microsoft Outlook 2010:
- In an open email message, select the File tab.
- Click Properties.
- In the Internet headers text box, review the message header information.
To find the spam score for an email message in Microsoft Outlook 2007:
- Open the email message.
- On the Message tab, in the Options group, click .
The Message Options dialog box appears.
- In the Internet headers text box, review the full message header.
In the Internet headers text box, the spam score appears in this line:
Spam Score in the Message Header
Here is an example of how the spam score appears in the email message header:
X-WatchGuard-Spam-Score: 3, bulk; 0, no virus
The first number on this line is the spam category. This number has one of these values:
0 — Clean
1 — Clean
2 — Suspect
3 — Bulk
4 — spam
If you enable Virus Outbreak Detection (VOD) in your spamBlocker configuration, the spam score in the email message header has a second number, the VOD category. This number has one of these values:
0 — No virus
1 — No virus
2 — Virus threat possible
3 — Virus threat high