Header checking
The header checking module analyses the individual fields in a header. This module makes reference to SMTP and MIME fields. SMTP fields are specified by the mail server, whereas the MIME fields are specified by the email client (which encodes the mail to MIME).
The configuration of anti spam identification based on e-mail headers is done from the Anti Spam > Header Checking node. Right-click on this node to bring up the Header checking properties.
Header checking properties (1)
General anti spam header checking options
The General tab in the Header Checking Properties dialog contains the following options:
1. `Checks if the email header contains empty MIME From field': This feature checks if the sender has identified himself in the From: field. If this field is empty it's an almost sure sign that the mail is sent by a spammer.
2. `Checks if the email header contains a malformed MIME from: field'. This feature checks if the MIME from field is a correct notation, i.e. it matches the RFC. Spammers often include a wrong or wrongly specified from address.
3. 'Marks emails with recipient lists of more then X recipients as spam'. This feature marks mails with large recipient lists as spam. Mails with large recipient lists tend to be joke lists, chain e-mails or simply 'junior' or inadvertent spammers.
4. `Marks email with different SMTP to: and MIME to: fields in the email addresses as spam'. This feature checks whether the SMTP to: and MIME to: fields are the same. The spammers email server will always, as part of the email process have to include an SMTP to: address. However, this to: email address is often not included in the message header or is different. This feature is very effective at identifying spam, but has one drawback. Some old list servers use the same technique to send to lists of recipients and their messages will be marked as spam too. Ideally subscribe to lists that use more modern ways of sending out newsletters. Alternatively specify the domains of these valid newsletter mailers using the `Add list' function in the white list.
5. Check if email contains remote images only: To circumvent keyword filters, spammers are now sending out `image only mails'. GFI MailEssentials can flag mails which have only have images and a minimal amount of text as spam.
Header checking continued
6. `Verify if sender domain is valid' This feature will do a DNS lookup on the domain specified in the MIME from field and verify it the domain is valid. If the domain is not valid it's a sure sign of spam.
7. Check if emails contain more then X numbers in the MIME from. Frequently, more then 3 numbers in the mime from means that the sender is a spammer. The reason for this is that spammers often use tools to automatically create reply-to: addresses on hotmail and other free email services. Frequently they use 3 or more numbers in the name to make sure the reply-to: is unique.
8. 'Checks if email subject contains first part of recipient email address' To `personalize' a spam mail, spammers frequently include the first part of the recipient email address in the subject. Be careful using this feature with generic email addresses such as sales@company.com. A customer that replies to an auto-reply with a subject `Your mail to sales', would be marked as spam. To avoid this, you can specify email addresses for which this check should not be done, using the Except button.
Excluding an email address
Language detection
Language detection
The languages tab in the Header Checking Properties dialog contains the language detection options. Many spam mails are not even in your language, meaning that you can greatly reduce spam simply be blocking mail written in say Chinese or Vietnamese. Using the Languages tab you can block mail using certain character sets. (GFI MailEssentials can not distinguish between Italian or French for example because they use the same character set) MailEssentials can only detect languages written in different character sets.
Actions
After you have configured the header checking filter, you can configure what you wish to do with mail marked as Spam. Please see the actions paragraph for more information on the actions tab.
