Back to Community Threads
Spam - The continuing battle!
Problem reported by YS Tech - 6/5/2026 at 2:41 AM
Submitted
As AI takes over the world, spam is becoming more of an issue. In the recent months i've seen a massive upturn in spam. Quite a lot of it being caught by my filters but also a lot getting through.
One big issue is that SM doesn't give me a multi-level approach to filtering, if it marks it as spam then that's it, it doesn't do any of your other filters.
It would be really handy if it would go through all of the processes as that would allow me to properly manage the ones caught in spam.

e.g. If an "Omaha Steaks" email comes in and its picked up as spam, it gets put into the spam folder, along with the other 100's of the same email, If I then have a content filter that says delete anything with "Omaha Steaks" or all the other spellings of it, then i would have all those spam emails filling up the spam folders.

It's getting harder to sift out the small amount of false positives in this massive forest of spam.
How is everyone dealing with this, are you all sitting there for an hour in the morning going through your spam folder?

Also what are the latest recommended spam settings, I know we have this one: https://portal.smartertools.com/kb/a2734/recommended-spam-settings.aspx but that was created in 2013 and only updated in 2023. A lot has changed since then.
t
terry fairbrother Replied
6/5/2026 at 4:18 AM
My recent approach which appears to be working well is to rely on routing rules first then custom spam filters 2nd.

My rules are

so rules top to bottom...
ignore first two, they are for inhouse auditing
OKOKOK... these are domain and emails that are known safe senders. Rule bypasses the rest of the filters
BOPBOPBOP... uses common phrases that the end users will send. rule bypasses the rest of the filters
CNN - currently experimental
delete - this is the known bad phrases and keywords, such as walmat steak CVS lowes Sams etc. instant delete
delete1 - testing out phrases until they are known to work without false positives then are moved to 'delete'
bounce - our use
last three, general phrases / domain names / emails etc to go to quarantine

Reason I have some rules in CAPs is that they stand out better in the routing rules logs.

so now I have a quarantine folder filling up...


I have requested a feature to add a subject line column to make search easier, but for the time being, I use Thunderbird and the "ImportExportToolsNG" addin to export the quarantine folder to the spam mailbox. I can import either by day or all folders. I tend to just go by day


which imports the emails


from here, I can see any false positives. If any are found, they are added the OKOKOK rule and then are resent from the quarantine. if the OKOKOK rule is set correctly, the email will continue to the end user.

Anything that still gets through then hit the spam checks..


again, trusted senders are given a very high weight to counter any RspamD weights and to also add weight where needed.

Next, the content filters look at the emails weight and if it's high, it's redirected to the spam@ mailbox. If it's medium, it goes to the end user with the subject prepended with [Junk E-Mail]

we are a low volume of emails, maybe 5000 or so a day across 103 mailboxes. The number of spam emails that get all the way to the end users are maybe 10 per week and they fwd those to me so that I update the filters.

However, my approach is still hands on. I need to check the quarantine daily, but it's a 5 minute job to review and update.
YS Tech Replied
6/5/2026 at 5:28 AM
Thanks for that Terry, very helpful. I think we are of a similar size albeit mine is probably double yours but still not large scale by any means. I'd not even considered using routing rules!
I'll look imto this area.
John Quest Replied
6/5/2026 at 11:31 AM
To be completely absolutely undeniably clear: If the war on spam was that easy, we would have won by now.
Nope because people want to treat spam and not cure it. There is no money in curing problems. There is money in treating a problem...

Thats why its not solved. If you cure cancer, what should happen to all the people and companies making huge profits from treatments??

Its super simple.
YS Tech Replied
6/6/2026 at 2:37 AM
Just adding the routing rules has made a massive difference, just saying!
Helpful comments are the way to go.
If you both have the answer then post away?
rick Replied
6/7/2026 at 6:28 AM
Smartermail isn't a spam filter. It's a mailserver with spam-blocking capabilities but its primary role is mailserver. In my opinion (doing this for over 30 years), you need a spam filter at the border... processing email before it hits Smartermail.
With Cloudflare and an external spam filter shielding Smartermail from hacking and junk email = happy email users and email admin(s).
Sébastien Riccio Replied
6/7/2026 at 9:07 AM
We also rely on a front mail gateway doing all the spam checks which then transmit a spam score using customer headers to SmarterMail,
We use then use some spam filter rules that use these headers to classify the spam either as high low/medium/high at SmarterMail level.

The only spam filters active on our SM are these custom headers check to give the mail a score for SM and the SPF/DKIM/DMARC checks, needed for the trusted senders to work correctly and to have the badge in the webmail that shows if these authentication tests passed.

Different reason for this
1) it removes the spam check CPU load from the main server
2) The incoming gateway is more efficient than the actual spam checks available on SM.

That being said, it looks like SmarterTools is adding a new service to SmarterMail for the spam checks but we have no information about it, only some clue, as there is a new service named "spamfoo" appearing in the services list (stopped).

administrator@MAIL01-2019 C:\Users\Administrator>smart service status
+-------------------+---------+
| Service           | Status  |
+-------------------+---------+
| spool             | running |
| smtp              | running |
| pop               | running |
| xmpp              | stopped |
| imap              | running |
| ldap              | running |
| exchangeretrieval | running |
| popretrieval      | running |
| imapretrieval     | running |
| indexing          | running |
| spamfoo           | stopped |
+-------------------+---------+
Kind regards.
Sébastien Riccio
System & Network Admin
rick Replied
6/7/2026 at 10:09 AM
@Sébastien Riccio - that is a clever setup. We don't use SM for any spam handling. Instead, everything is processed before email is ever handed off to SM. Cheap, and very effective.
√ Known junk gets rejected entirely.
√ Potential junk is held in quarantine where a report like this (below) is sent to the user up to 3X per day.

The report gives them the ability to View or Release a message if they want it. Works perfectly since 2007 and our users love it. Here's what a Quarantine report looks like:

I'm actually working on handing off to AI the resulting email messages (those that already went through the external spam filter) just to get AI's opinion if a message is potentially phish. No matter how strong the filtering, the spammers are able to slip a few through here and there... and AI is awesome at figuring that out.
Sébastien Riccio Replied
6/7/2026 at 10:32 AM
Hehe, yes we also built a dashboard on the gateway so we (or end users) can release a mail that was rejected.



We basically reject at SMTP level when the score is too high, so we never bounce, we either accept it and give it as score or reject it right away, but even if it was rejected, we can still find the mail in the quarantine for analysis or release, as we are rejecting after the DATA phase of the incoming SMTP session.

As for the AI stuff, it can be very efficient but we are not using it yet because we absolutely want that it is all processed locally with a local LLM and they are not as efficient at the moment.
The other thing is that we need to be sure that there can't be any prompt injection (in the mail bodies) that could result in catastrophic results, like for example jailbreak the model.

Kind regards
Sébastien Riccio
System & Network Admin
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Send User Spam Feedback Options in SmarterMailSmarterMail > Antispam and Antivirus
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Key Feature and Version Milestones in SmarterMailSmarterMail
Configure SmarterMail as a Backup MX ServerSmarterMail > Installation and Configuration