Intermedia mail filters inspect each email message and determine the probability of that message being spam. Email Protection puts special identifiers like X-Spam-Status, X-Spam-Score, X-Spam-Category, X-Spam-Reasons in the headers of the message, which is then used as a filtering mechanism in our email system. Read the Knowledge Base article on What are complete headers? How do I get them? for more information on message headers.

Using a rule base and a scoring system, a wide range of heuristic tests are performed on email headers and message body text by Email Protection for:

Each test produces a specified score associated with it. If the total score of the message exceeds the Email Protection sensitivity level, the email message is then considered spam and tagged with the spam identifiers.

The X-Spam section includes:

  • The successful spam tests identified
  • The email message total score or hits
  • Email Protection sensitivity level value

Inbound delivery

Header example #1, where the message is not spam:

To: <user@intermedia.net>
Subject: Regular Email
Date: Wed, 26 Feb 2009 14:05:47 -0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0040_01C2DDA0.292F5970"
X-Priority: 3
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Spam-Stopper-Id: 464bbb1a-1b86-4006-8a09-ce797fb56436
Spam-Stopper-v2: Yes
X-AES-Category: LEGIT
X-Spam-Score: 0
X-Spam-Category: LEGIT
X-Spam-Reasons: Cause=gggruggvucftvghtrhhoucdtuddrfeelhedrfedvgdejudcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucf
kpffvgfftoffgfffktedpggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhfffk
uffvtgesrgdtreertddtjeenucfhrhhomheplfhohhhnucffohgvuceothgvshhtmhgrihhlsghogiesghhmrghilhdrtghomh
eqnecukfhppedvtdelrdekhedrvddvfedrudekvd

Header example #2, where the message is spam:

To: <user@intermedia.net>
Subject: Spam Email
Date: Wed, 26 Feb 2009 14:01:16 -0800
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_002D_01C2DD9F.876C8590"
X-CMAE-Score: 0
X-CMAE-Analysis: v=2.2 cv=LI8WeNe9 c=1 sm=1 tr=0
a=ctIFYnCUkquRZw2sUIjZfA==:117 a=CzMw1X++/xlc1g5uwainNQ==:17
a=TieOQv/UJjrqJNn7Z5Wu6cFbKJU=:19 a=9+rZDBEiDlHhcck0kWbJtElFXBc=:19
a=Ijzf2uK6Hyf/1sLC3zsjixdf6ME=:19 a=IkcTkHD0fZMA:10 a=x7bEGLp0ZPQA:10
a=fJVlfalwfzoA:10 a=7mUfYlMuFuIA:10 a=KpiB70CGF-wA:10 a=drABX1JIE3oA:10
a=5zfHmZLnnEiyVHBuTWIA:9 a=QEXdDO2ut3YA:10
X-SPF-STATUS: neutral
X-RDNS-STATUS: pass
Spam-Stopper-Id: 93629700-ae83-427a-8141-46ce20e9f4a4
Spam-Stopper-v2: Yes
X-AES-Category: SPAM
X-Spam-Category: SPAM
X-Spam-Score: 300
X-Spam-Reasons: Cause=gggruggvucftvghtrhhoucdtuddrgedtiedrudefgdekjecutefuodetggdotefrodftvfcurfhrohhfihhlvge
mucdtuddrgedtiedrtddtpdfkpffvgfftoffgfffktedpggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedttdenucgoufh
prghmkfhpucdlfedttddmnecujfgurhepvffhuffkffgfgggtgfesthejredttdefjeenucfhrhhomhepffgrmhhonhcunfgvihgsvghrth
cuoegurghmohhnlhgvihgsvghrtheshigrhhhoohdrtghomheqnecukfhppeejvddrvdelrdekledrfedpvdegrdduleekrdejvdd
rudegvdenucevlhhushhtvghrufhiiigvpedt

You can see the following lines:

  • X-Spam-Score/X-CMAE-Score - score assigned by mailfilters
  • X-Spam-Reasons/X-CMAE-Analysis - encrypted line that contains the results of the checks
  • X-Spam-Category/X-AES-Category - category assigned by mailfilters. 

The categories can be Certain spam, Probable spam or Legitimate.

Probable spam can be identified with three levels of sensitivity: aggressive, moderate and relaxed. Scoring ranges are listed below:

  • Over 300 = Certain spam
  • 50 to 300 = Probable spam (aggressive)
  • 100 to 300 = Probable spam (moderate)
  • 150 to 300 = Probable spam (relaxed)

Anything that is less than the current score for probable spam is considered to be a Legitimate messageFor more information, please read the Knowledge Base article Email Protection: Understanding Categories.

Outbound delivery

Outgoing emails are being filtered when sent to Hotmail, AOL, Yahoo!, Gmail or other big providers. Below is an example of the message rejected by outbound mailfilters:

To: <user@intermedia.net>
Subject: Spam Email
Date: Wed, 26 Feb 2009 14:01:16 -0800
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_002D_01C2DD9F.876C8590"
X-Priority: 3
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Status: Yes, hits=10.6 tagged_above=-999.0 required=7.0 tests=BAYES_56,
CLICK_BELOW, EXCUSE_10, EXCUSE_14, EXCUSE_22, EXCUSE_23, EXCUSE_24,
EXTRA_MPART_TYPE, HTML_60_70, HTML_COMMENT_SAVED_URL, HTML_FONT_COLOR_BLUE,
HTML_LINK_CLICK_HERE, HTML_MESSAGE, HTML_TAG_EXISTS_TBODY, MAILTO_LINK,
OFFER, OFFERS_ETC, OPT_OUT, ORIGINAL_MESSAGE, RECEIVE_EMAIL, SMTPD_IN_RCVD

This information can be found in the Non-delivery report (NDR). Outgoing messages to large public providers with SPAM score more than 9 are rejected with a bounce-back message.