Signature Spam Scanner is not blocking obvious spam

  • 7019895
  • 22-Sep-2009
  • 07-Aug-2017


GWAVA using Signature Spam Engine Linux Appliance (SLES 10)


Signature Spam Engine is not blocking obvious spam.


The Signature Spam Engine relies on a signature/definition based system.  This makes it reactive to the appearance of new spam.  The way spam is detected is by definitions which keep unique records of individual emails.  Thus, what may be obvious spam to a human, is not so to a computer.  A term called "zero-day protection" is used to describe the amount of time from when a spam first appears until the definitions are updated to block it.  If you are using the Signature Spam Engine and obvious spam is getting through, there is a good chance that it is a new type of spam and it has not yet been listed in the definitions.  If you have spam that you would like to report, here is a DOC on how to do that. To combat the problem of zero-day spam, GWAVA recommends using the IP reputation system.  It is only available using an SMTP Scanner.  IP Reputation works similiar in nature to an RBL list, but incorporates a method of greylisting in conjunction with the definition update server.  It is capable of deterring spammers from connecting to your email system to deliver mail.

Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 1461.