How is the spam score calculated and emails categorized on my Email Security Gateway?

  • Date changed: 10 months ago

This solution applies to Email Security Gateways.



To measure the likelihood that an email is spam or not, a score is attributed to an email based on the characteristics of the email. Emails are scanned against Spam Definition updates that your Email Security Gateway receives automatically and, also, against the Bayesian database (if used).

You can adjust the aggressiveness of the spam scoring algorithm at any time. These changes can easily be made on:

Firmware 3.5.x and below ? Basic > Spam Scoring

Firmware 4.x and above ? Basic > Spam Checking

The spam score ranges from 0 (definitely not spam) to 9 or greater (definitely spam). Based on this score, the Email Security Gateway can take one of four actions.

Note: Setting the score to 10 for any of the settings below disables that option.

  • Allow ? Messages with a score below the Tag threshold are sent to the intended recipient(s).
  • Tag ? Messages scoring equal to or greater than the Tag threshold, but below the quarantine threshold if quarantine score is enabled (or block score if quarantine score is disabled) are delivered to the recipient email address. Tagged messages contain a subject line of the message with the text specified in the Subject Tag section under Spam Checking or Spam Scoring section. The text provided is prepended to the subject line.
  • Quarantine ? Messages scoring equal to or greater than the Quarantine threshold, but below the Block threshold are quarantined. By default the Quarantine category is disabled and the score is set to 10. To enable this category the score needs to be between Tag and Block score.
    After the quarantine score is enabled additional settings are required under:
    Model 300 and below under: Basic > Quarantine.
    Model 400 and above under Basic > Quarantine and also under Domains > Domain settings.
    Quarantine messages are sent to a designated Global Quarantine mailbox (specified in the BASIC >Quarantine), or into Per-User quarantine (if available).
  • Block ? Messages scoring equal to or greater than the block threshold are not delivered to the recipient. If the Send Bounce option is set to Yes in the Spam Bounce (NDR) Configuration section of the ADVANCED > Bounce/NDR Settings page, a non-delivery receipt (NDR/bounce message) is sent to the sender by the Email Security Gateway.

Recommended scores:
Tag = 3.5
Quarantine = 4.5 (if enabled)
Block = 5

Additional Notes:

Go to BASIC > Message Log.  Select the drop down for "Select Filter" and choose "SCORE" from the list.  The next box to the right defaults to "is equal to" Select the dropdown for this field and select  "in the range" once you have completed these steps type in number's in the next field to the right like this example "3.5,5" then click the search button.  This will give you a list of all the emails that have a score of between 3.5 and 5 from here you can browse the emails that have been listed and see if the look like spam or if they look like valid email.  If the messages are valid, see if you can identify the score where email stops being valid by either browsing manually through the list and or change the score range from 3.5,5 to either higher number's if you are seeing to many valid email's or lowering the score if you are seeing all spam and wish to lower the score more.  Once you are done reviewing these settings, I suggest you contact your user group and, let them know you will be changing things to block more spam and or allow more valid email (whichever the case may be)  allow them to communicate concerns and/or the fact they are getting more spam and/or they are not seeing the messages they expect to see.  After you have communicated this information, make the appropriate change on the BASIC > Spam Scoring TAB either raising or lowering the block, quarantine, and/or tag, score.


Then you will want to "pulse" your community of users about what they are experiencing.  You should get 1 of 2 answers.  Either they are getting too much spam getting through (additional or, still) or they are happy and are getting less spam.  The only concern would be if you have lowered the score too low you may be getting to much valid email blocked by score.  If this is the case again, you may have adjusted the score to low.  In this case you may need to simply raise the score a little.


This communication should help you determine the outcome of the changes you have made.

