Spam Filter

Every week the University's spam filter - a tool called SpamAssassin - keeps 1.5 million spam emails out of our inboxes! 

SpamAssassin scans and scores incoming emails for characteristics commonly found in spam messages. Emails that score more than 8 are rejected. For scores between 5 and 8, the email is delivered but with [SPAM?] added to the subject line.

Help improve the filter

If a spam email reaches you without the [SPAM?] flag in the subject line, you can help improve and refine the filter to recognise similar spam in future. Here's how:

  1. Copy the spam email's header information (find out how below)
  2. Forward the offending email
  3. Paste the header information at the start of the forwarded email
  4. Send to antispam@gla.ac.uk

Emails forwarded in this way will be examined, however please note that we may not be able to reply to individual items of spam forwarded.

How to obtain email header information

Email messages contain header information that is useful when determining the origin of a message. Details of the route the message has taken during delivery are also available. Most of the header information is hidden by default. However, it can easily be revealed...

Outlook 2016

  1. Open the message (double click)
  2. Select the File tab
  3. Select Properties button
  4. Copy the text in the Internet Headers window

Exchange Online

  1. Open the message (double click)
  2. In the Message window click the envelope and letter icon on the top row
  3. Copy the text in the Internet Headers window

WebMail

  1. Open the message (double click)
  2. On the Message tab in the Options group, click the Dialog Box Laucher symbol of a square with the arrow pointing to bottom right
  3. Copy the text in the Internet Headers window

IMP

  1. Open the message (click)
  2. Click Message Source
  3. Highlight everything and copy 

How SpamAssassin works

The SpamAssassin tool automatically recognises characteristics that are present in most spam emails.

These characteristics are derived from a large set of tests that have identified many common phrases and tricks that spammers use to mask their real identity. Each test (there are currently around 800) is assigned a pre-defined "score", which indicates its relative strength as a spam-indicator. Below are two examples of the tests applied to each incoming message:

  • An email message that mentions 'a limited time offer' within the body of the email would receive a score of 0.3.
  • A subject line contains the word "GUARANTEED" in uppercase receives a score of 2.9.
  • An email that claims to originate from Outlook Express, but is not in Microsoft format would also score 2.9.

The first test has modest correlation with spam, and is assigned a score of 0.3. The second is a stronger indicator of spam and is scored accordingly. No individual test is sufficient for a message to be rejected as spam. Rather, the individual scores are combined to produce an overall score for each message. The higher the score, the greater the likely hood that a message is spam. The following thresholds are applied: -

  • A score greater than 5 - subject line labeled [SPAM?] and the message is forwarded as normal.
  • A score greater than 8 - message is rejected.

Rejected mails are returned to sender with an explanation of what has happened. If it was a genuine message, the sender can then modify the message and resend it.

Find out more