Improve Your Spamassassin Filter: Scoring & Training

With all of our Plesk web hosting packages you have the ability to enable spam protection using the Spamassassin scoring system. There are a few tweaks you can do to the spam settings in Plesk to improve spam recognition.

Note: If you’re using the older Plesk 9 and prefer video, scroll to the bottom of this article for a video guide. Otherwise, read on!

Enable Spam filtering

  1. If you’re a Websavers customer, login to the Client Centre. On the Dashboard, choose Manage beside your hosting plan, then choose Open Control panel or Acess Plesk to login to your Plesk hosting panel. If you’re not a Websavers customer, then log into Plesk using the URL and credentials your web host gave you.
  2. If you have more than one hosting account, select the correct subscription using the drop down at the top of the page.
  3. Go to the Mail tab
  4. Select the mail account you wish to configure from the list
  5. Choose the Spam Filter tab
  6. Select the option to “Switch on spam filtering for this email address”
  7. Choose what you wish to do with spam when it is detected. We recommend the option to “Move spam to the Spam folder”
  8. Click OK and your spam filter will now be enabled.

Configure Sensitivity

Follow steps 1-7 above, then expand the Advanced Options section. Here you can set your Spam Filter threshold. Although 7 is the default, we find it to be extremely conservative.

If you’d like Gmail or Hotmail-level spam filtering where occasionally legitimate messages get filtered to Spam, but you get very little in your inbox, enter a value of 1.5.

If you want a nice balance where some spam might reach your inbox and legitimate email is unlikely to be filtered to Spam, enter a value of 3.

How does it work?

If you’ve configured Plesk to mark the message (change the subject), then when an incoming email is believed to be spam, the subject of the email will be prepended with “*****SPAM*****” or whatever text you specify.

If you’ve configured Plesk to move the spam to the “Spam” folder, then it will do exactly that. Note that the Spam folder is only visible via webmail or if you connect to the email server via IMAP. If you wish to train your spam, but connect via POP, then you’ll need to do your training in webmail.

If you’re on a Plesk 9 server, you do not have the option to automatically move the message to a Spam folder. You will need to create a rule in your email program (like Outlook) specifying that any email with *****SPAM***** in the subject line be moved to the correct junk folder.

The spam filter will check all your incoming emails against a massive database of common attributes often found in spam. Each attribute is paired with a weight indicating roughly how often that attribute is found in spam emails. For example, if an email with the word ‘viagra’ is found to be spam 98% of the time, but an email with the phrase ‘weight loss’ is only confirmed to be spam 40% of the time, the word ‘viagra’ will carry a higher weight. This also works in reverse – if there are positive attributes to your email, that are rarely (or never) found in confirmed spam, then those attributes will be a negative weight.

All of these scores are added up at the end of the checks to give the message its final spam score. The lower the score, the less likely the message is spam. If the score breaches the threshold you set above in the sensitivity section, then the message is either moved to the Spam folder or marked as spam according to your configuration (see above).

Note that you can adjust the threshold score by following the directions above to reach the Spam Settings and selecting “Show Advanced Settings”.

But, clever spammers can get around this…

There’s just one major problem with how this works. Since the spammy attributes are public knowledge, all a spammer must do to get around the filter is to avoid those attributes when sending out emails.

As an example, let’s say that most of the spam emails you receive are trying to sell you premium software like Microsoft Office for Businesses, but because the spammer has avoided spammy attributes, the messages only score a 1.0 when your threshold is 3. Thus every time they send you an email, it’s never marked as spam and your premium software spam starts collecting in your inbox. How do we fix this? Training.

Training your spam filter

By training Spamassassin, you’re giving it information about what kinds of spam and what kinds of non-spam email you normally receive. This way it can start to detect patterns specific to your spam (and non-spam).

All you must do is move any spam messages you received into the folder called “Spam”. All messages moved to the Spam folder will be automatically scanned and trained nightly. This means you must leave the Spam messages in the Spam folder for 24 hours before removing them.

If you connect to your email account via POP, you won’t be able to train in your mail application. You may train the spam via webmail or switch to an IMAP connection instead.

Troubleshooting

Head here to learn how best to troubleshoot ongoing issues with spam, after you’ve already completed at least a week’s worth of training as described above.


Using Plesk 10 or older? Manual training required [Legacy]

1. As above, head on over to the Spam Filter option for your email account in Plesk
2. Choose the “Training” tab

In the list you will see all emails found within your inbox. Simply check off all emails that are spam, then click the “It’s spam” option at the bottom. That’s it! Keep repeating this as often as possible until you have at least 100 spam emails and 100 non-spam emails trained. The more you train, the better it will be at correctly categorizing your email.

If you don’t see any messages in the list, it’s because you’ve already moved them out of the inbox either by deleting them, or by moving them to another folder. You must leave email in your inbox until you have trained them for this to work. Once you have completed training, you can delete them or move them to another mail folder as you normally would.

Happy training!

Once you’ve trained about 100 emails you should start to see some positive results. Use the comments below to let us know how effective this was for you!

Each of your Plesk 9 email accounts have their own login to Plesk that’s limited to just managing their own mail account’s settings. You can send your email users to your server’s Plesk URL and have them login with their email address and email password so they can train their own spam. Your Plesk URL can be found in your address bar once you’re logged in; for our shared servers it looks something like: https://thyme.websavers.ca:8443

Enable Spam Filter in Plesk 9 Video Guide

Jordan is a computer, security, and network systems expert and a lover of all things web and tech. Jordan consults with project management for software companies. Jordan is a founder and managing partner at Websavers Inc.