You configure the action that spamBlocker takes based on the spam category of each email message.
Firebox or XTM devices uses spamBlocker actions to apply decisions about the delivery of email messages. When a message is assigned to a category, the related action is applied. Not all actions are supported when you use spamBlocker with the POP3-proxy.
Allows the email message to go through the Firebox or XTM device.
Add subject tag
Allows the email message to go through the Firebox or XTM device, but inserts text in the subject line of the email message to mark it as spam or possible spam. You can use the default tags or you can customize them, as described in the subsequent spamBlocker section. You can also create rules in your email reader to sort the spam automatically based on the subject tags, as described in Create Rules for Your Email Reader.
Quarantine (SMTP only)
Sends the email message to the Quarantine Server. The Quarantine option is supported only when you use spamBlocker with the SMTP-proxy. The POP3-proxy does not support this option.
Deny (SMTP only)
Stops delivery of the email message to the mail server. The Firebox or XTM device sends this 571 SMTP message to the sending email server: Delivery not authorized, message refused.The Deny option is supported only if you use spamBlocker with the SMTP-proxy. The POP3-proxy does not support this option.
Drop (SMTP only)
Drops the connection immediately. The Firebox or XTM device does not give any error messages to the sending server. The Drop option is supported only if you use spamBlocker with the SMTP-proxy. The POP3-proxy does not support this option.
If you select the spamBlocker action to add a tag to certain email messages, the Firebox or XTM device adds a text string to the subject line of the message. You can use the default tags provided, or you can create a custom tag. The maximum length of the tag is 30 characters.
This example shows the subject line of an email message that was found to be spam. The tag added is the default tag: ***SPAM***.
Subject: ***SPAM*** Free auto insurance quote
This example shows a custom tag: [SPAM]
Subject: [SPAM] You've been approved!
spamBlocker assigns one of three categories to each email message.
The Confirmed Spam category includes email messages from known spammers.
If you use spamBlocker with the SMTP-proxy, select the Deny action for this category.
If you use spamBlocker with the POP3-proxy, select the Add subject tag action for this category.
The Suspect category includes email messages that appear to be associated with a new spam attack. Frequently, suspected spam messages are legitimate email messages, but appear in this category as false positives. Unless you have verified that most messages in this category are not false positives for your network, you should consider a suspect email message as not spam, and select the Add
The Bulk category includes email messages that are not from known spammers, but do match some known spam structure patterns. For this category, select the Add subject tag action, or the Quarantine action if you use spamBlocker with the SMTP-proxy.
After spamBlocker categorizes a message, it adds the spam category to the full email message header as a spam score. To see the spam category, you must review the full email message header.
To find the spam score for an email message in Microsoft Outlook 2010:
To find the spam score for an email message in Microsoft Outlook 2007:
In the Internet headers text box, the spam score appears in this line:
Here is an example of how the spam score appears in the email message header:
X-WatchGuard-Spam-Score: 3, bulk; 0, no virus
The first number on this line is the spam category. This number has one of these values:
0 — Clean
1 — Clean
2 — Suspect
3 — Bulk
4 — spam
If you enable Virus Outbreak Detection (VOD) in your spamBlocker configuration, the spam score in the email message header has a second number, the VOD category. This number has one of these values:
0 — No virus
1 — No virus
2 — Virus threat possible
3 — Virus threat high
About the Quarantine Server
Enable and Set Parameters for Virus Outbreak Detection (VOD)