SpamShock: the Anti-Spam Stack

 

SpamShock™ is an advanced filtering engine that analyzes email across multiple parameters to effectively stop spam dead, before it hits your inbox. SpamShock has been in use on our servers since 2012 and enables us to do business fast, efficiently, and with minimal noise.

SpamShock Components

SpamShock utilizes multiple layers to improve targeting effectiveness and reduce wasted processing by bypassing subsequent layers if an email is overwhelmingly spam— 3σ minimum. SpamShock incorporates a variety of open-source software including Postfix, SpamAssassin, Pyzor, TxRep, maildrop, and DCC in its layers.

Message delivery pathway

An unfiltered, unknown message arrives from a sender destined to an account protected by SpamShock.
SMTP Layer
Handshake Enforcement Email speaks a predictable exchange of commands that makes up its protocol. Failure to follow protocol, such as a simple, portable script built to impersonate a mail server, will result in rejection.
Deep Protocol Inspection DPI sends a sequence of commands that a normal mail server will respond to before accepting a message. Once the sender has completed this test, it is whitelisted for 48 hours. Failure to complete this standards-compliance test results in rejection.
DNS Blacklist Multiple DNS blacklists are used to check the sender against known sources of spam. If a sender matches on two public lists, then the message is rejected.
SpamAssassin Layer
Naive Rule Expressions Simple rules are checked and scores, based upon statistical probability, are computed for matching rules. An initial score is computed. This represents probability of spam, 0% to 100%.
Bulk Checksums Email is checked against trending subject patterns. Spam commonly recycles the same subject pattern. Subjects that match known bulk surplus are scored higher as spam.
Sender Reputation Sender history is checked for the recipient. If a prior relationship has been established (1 non-spam), then the message is downrated as non-spam. New senders have no effect.
Adaptive Learning Layer
Raw Score Calculation Message structure is normalized into tokens and checked using Bayesian calculations. Score is updated based upon probability of spam given its structure.
Token Readaptation Informative tokens are absorbed by the Bayesian data set creating a new data set by which future emails are calculated as spam or non-spam given its structure.
User-Driven Learning Users may submit an email as spam for further analysis. This changes the previous data set by enforcing that all tokens be relearned as spam. Helpful for correcting false negatives.
Delivery Layer
Sorting A final rejection occurs if and only if the calculated score is above the threshold score. Depending upon calculated probability, an email may be delivered to a "Spam" folder for quarantine or deleted to conserve storage.
Delivery
SpamShock filters over 175,000 emails a day. We rely on it as do other small-medium businesses. Check out our hosting options or drop us a line!