beautypg.com

How spam is identified – Google Message Security for Google Apps Administration Guide User Manual

Page 172

background image

172

Message Security for Google Apps Administration Guide

This means:

If the message security service detects spam, the message goes to the
Message Centerm quarantine, not the Gmail Spam folder.

If the message security service does not detect spam, the message is passed
to Google Apps spam filtering. The message may still be quarantined in the
Gmail spam folder.

Note:

When using Message Security for Google Apps, spam filters apply to all mail

you send, including internal mail to the same domain.

Spam category filters are applied after all other filtering, including Content
Manager filters, and any applicable Approved Senders list (the user’s own list, or
one defined for the organization). Blatant Spam Blocking occurs before most
filters, but doesn’t block messages from approved senders. That means:

Approved senders bypass Spam Filters
Even if their messages contain spam-like content.

Messages with approved content bypass the category filters
But it will be blocked if it occurs in obvious spam detected by Blatant Spam
Blocking.

Messages marked as advertisements are blocked
If the Subject line of a message contains the prefix “ADV:” (for
“advertisement”), the message is considered spam, regardless of approved
content.

Virus Blocking overrides Spam Filters
Virus Blocking scans all messages that either pass through the spam filter,
are allowed to bypass spam filtering or are quarantined as spam. For
example, if a message is quarantined as junk, but also determined to be
infected with a virus, the message will be processed according to the virus
filter disposition.

How Spam Is Identified

As a message passes through the spam filters, the message service applies
hundreds of rules to the message envelope, header, and content, all in a matter of
milliseconds. Each rule describes some attribute typical of spam, and has a
numerical value based on the likelihood that the attribute indicates spam. An
equation is then formulated based on the weighted significance and combination
of all rules triggered, and the resulting value is the message’s spam score. This
score is measured against the sensitivity threshold set by the user’s spam filters,
and a decision is made: spam or valid email.

Specifically, a Bulk Email filter sets a base level for filtering all types of spam, and
individual category filters can be adjusted to filter a specific category of spam
even more aggressively. The Bulk Email filter and category filters work
independently of each other, but parameters from all filters collectively provide the
final spam score, which can categorize the message as spam. A category filter
thus multiplies the Bulk Email level and increases the number of messages that
get identified as spam.

See also other documents in the category Google Software: