[KB3459] Antispam scoring and email filtering in ESET products

Details

Unsolicited email, called spam, ranks among the greatest problems of electronic communication. Spam represents up to 80 percent of all email communication. Antispam protection serves to protect against this problem. Combining several efficient principles, the Antispam module filters incoming messages to keep your inbox as free of spam messages as possible.

Solution

Antispam scoring

The Antispam engine available in various ESET products assigns a spam score to each email message it scans. A score of 0 to 100 is applied to every scanned message. Using the score assigned to each email, the ESET Antispam engine will classify the emails into one of four groups:

  • Messages evaluated as NOT SPAM (0–10): Message's spam score is equal to or lower than the value set for Spam score to treat message as not spam
  • Messages evaluated as probably NOT SPAM (11–50): Message's spam score is lower that the value set for Spam score threshold to treat a message as probably spam or probably clean
  • Messages evaluated as probably SPAM (51–89): Message's spam score is equal to or higher than the value set for Spam score threshold to treat a message as probably spam or probably clean
  • Messages evaluated as SPAM (90–100): Message's spam score is equal to or higher than the value set for Spam score to treat message as spam

This score is derived from many sources, including: mail reputation authorities, past emails scanned by the ESET product installed on that computer, rules, whitelists/blacklists, keyword matching, and address lists.

The score for each email is then logged in the Antispam protection log.

ESET Endpoint Security and ESET Smart Security Premium users

Scores are not logged in the Antispam protection log, by default. In ESET Mail Security for Microsoft Exchange, messages with a score below 50 will not appear in the Antispam protection log.

 

Email filtering

 Depending on how antispam scoring is defined in a given product, and on a given message's antispam score after it is scanned, scanned messages will be: 

  • Delivered to the recipient's inbox
  • Delivered to the recipient's inbox and logged to the Antispam log
  • Delivered to the SPAM or JUNK email folder
  • Delivered as SPAM

Only emails in the Messages evaluated as SPAM category, or emails with a score of 90 and above, will be affected by the ESET Antispam engine. All other emails will not be moved. If the email is in the Antispam protection log, check the action taken on the email.

 

ESET Endpoint Products/ESET Smart Security Premium
  • Moved to spam folder – Email was identified as spam by the Antispam engine or designated as spam by the user. The email will be moved to the spam folder by default, or an alternative location if designated in settings.
  • Moved to inbox – Email was not designated as spam by the user. The email was moved from the spam folder to the inbox.
  • Marked as SPAM – Email was designated as spam by the user. The email will be handled based on the antispam protection settings.
  • Marked as NOT SPAM – Email was not designated as spam by the user. The email was moved from the spam folder to the inbox.
ESET Mail Security
  • No action – Keep the message even if it is marked as spam
  • Quarantine message – Send messages marked as spam to the quarantine mailbox
  • Reject message – Reject messages marked as spam
  • Drop message silently – Delete messages without sending NDR (Non-Delivery Report)