These tests look at the message body for spammer tricks as described below. For combinations of these individual tests resulting in an overall score for the message that can be tested, read the section on heuristic filtering.
|
Purpose: |
Check to see if there are characters whose font color is the same or close to the background color, rendering them invisible or very hard to see. |
|
Action: |
Quarantine if such characters are found. |
|
Default state: |
Enabled |
|
False Positive: |
Low incidence of personal messages being rated as spam since people do not resort to such tricks, but some listserver messages may contain nearly invisible characters. |
|
Other notes: |
Add listserver addresses to the approved listserver address list to eliminate false positives from their automated system. |
|
Purpose: |
Check to see if there are characters whose font size is very small, rendering them nearly invisible. |
|
Action: |
Quarantine if such characters are found. |
|
Default state: |
Enabled |
|
False Positive: |
Low incidence of personal messages being rated as spam since people do not resort to such tricks, but some listserver messages may contain nearly invisible characters. |
|
Other notes: |
Add listserver addresses to the approved listserver address list to eliminate false positives from their automated system. |
|
Purpose: |
Check to see if message contains some variable information defined in the Variable info in Message Text list, such as the email address of the recipient. |
|
Action: |
Quarantine if found. |
|
Default state: |
Disabled |
|
False Positive: |
Usually low incidence, depending on the list entries. |
|
Other notes: |
By default, the list entries define what to search for in the message. Examples include the recipient address when preceded by special characters such as slash or equal sign. These are typically used as an identifier opting out of future mailings. |
|
Purpose: |
Check to see if links contain IP address instead of domain names, or encoded text. |
|
Action: |
Quarantine if found. |
|
Default state: |
Enabled |
|
False Positive: |
Low incidence of personal messages being rated as spam since people do not resort to such tricks, but some listserver messages may contain nearly invisible characters. |
|
Other notes: |
Add listserver addresses to the approved listserver address list to eliminate false positives from their automated system. This test is also performed on non-HTML message body text. |
|
Purpose: |
Check to see message mainly contains profanity as specified in the Banned Profanity list. |
|
Action: |
Quarantine if found. |
|
Default state: |
Disabled |
|
False Positive: |
This may be a cause for false positives since informal and personal email may contain profanity. |
|
Other notes: |
None |
|
Purpose: |
Check to see message mainly contains URL references with gibberish text. |
|
Action: |
Quarantine if found. |
|
Default state: |
Disabled |
|
False Positive: |
Very low incidence since personal messages never contain encoded HTML segments. |
|
Other notes: |
None |
|
Purpose: |
Check to see if there Base64 encoded components. |
|
Action: |
Quarantine if such characters are found. |
|
Default state: |
Disabled |
|
False Positive: |
Very low incidence since personal message never contains encoded HTML segments. |
|
Other notes: |
None |