IPQualityScore

SpamAssassin Plugin - Intelligent Spam Detection

IPQualityScore's SpamAssassin Plugin allows IPQualityScore customers the opportunity to integrate our advanced Email Validation API with the popular open-source spam detection software Apache SpamAssassin. Our plugin can improve spam detection rates, reduce false positives, and provide valuable additional data points to your existing SpamAssassin installation.


Download
Version SHA256SUM Download
1.0.0 268f175f76bb3c107ae88317496fcfeed7641e632a64337b56a6d47619cd5b55 IPQualityScore-SpamAssassin-1.0.0.tar.bz2
Installation

  1. Download the file and check the sha256sum.

  2. Extract the archive.

  3. Place the two files, and , into your site-wide SpamAssassin directory, e.g. . If you'd like, you can view this documentation locally in Perl's POD format:

  4. Change the owner of the plugin and files using chown:

  5. Instruct SpamAssassin to load the plugin by placing the following in your :

  6. Edit the configuration file in to suit you. The default settings will be fine for most users, but you must enter your IPQualityScore API key on the line indicated in that file or the plugin will not work.

  7. Finally, update the SpamAssassin matching patterns and compile them. This varies by platform. For example, if SpamAssassin is running as the system user , and and are located in , then you would run:

    Note: If you changed any rules while editing the configuration, you may wish to run spamassassin --lint before running the previous commands. This will confirm that there are no syntax errors and that the compilation will be successful.

  8. The plugin is now installed and will run automatically whenever SpamAssassin checks new messages.


Configuration

    The file contains details about each of the configuration options and rules available. Please review that file. Additionally, please refer to our Email Validation API documentation for details about the API and its responses.
    Here is a brief overview of the available user options.

  • ipqs_disable
    Disable the plugin. A disabled plugin will not send API requests or contribute towards message scores. The additional message headers will still be added, but they will not have values.

  • fraud_score
    Set the threshold at which the IPQS_FRAUD_SCORE rule will hit and the message's spam score will increase. Default is 75, which is suspicious but not necessarily fraudulent or spam.

  • fast
    When this parameter is enabled our API will not perform an SMTP check with the mail service provider, which greatly increases the API speed. Syntax and DNS checks are still performed on the email address as well as our disposable email detection service. This option is intended for services that require decision making in a time sensitive manner.

  • timeout
    Maximum number of seconds to wait for a reply from a mail service provider. If your implementation requirements do not need an immediate response, we recommend bumping this value to 20. Any results which experience a connection timeout will return the "timed_out" variable as true.

  • strictness
    Sets how strictly spam traps and honeypots are detected by our system, depending on how comfortable you are with identifying emails suspected of being a spam trap. 0 is the lowest level which will only return spam traps with high confidence. Strictness levels above 0 will return increasingly more strict results, with level 2 providing the greatest detection rates.

  • abuse_strictness
    Set the strictness level for machine learning pattern recognition of abusive email addresses with the "recent_abuse" data point. Default level of 0 provides good coverage, however if you are filtering account applications and facing advanced fraudsters then we recommend increasing this value to level 1 or 2.


Rules

  • IPQS_FRAUD_SCORE
    The sender's Fraud Score is above the threshold.
    Default score: 1.0 (medium)

  • IPQS_INVALID_EMAIL
    The sender's email does not appear valid.
    Default score: 1.0 (medium)

  • IPQS_NAME_UNKNOWN
    The first name associated with the sender is 'Unknown' (i.e. neither a name nor 'Corporate').
    Default score: 0.1 (very low)

  • IPQS_RECENT_ABUSE
    Recent abuse, including a chargeback, fake signup, compromised device, fake app install, or similar malicious behavior has been recently verified for this address in the past few days.
    Default score: 5.0 (spam)

  • IPQS_FREQ_COMPLAIN
    Frequent complainer. The sender frequently unsubscribes or marks messages as spam.
    Default score: 1.0 (medium)

  • IPQS_VALID_BUT_SUSPECT
    This value indicates if the mail server is currently replying with a temporary error and unable to verify the email address. This status will also be true for "catch all" email addresses as defined below. If this value is true, then we suspect the "valid" result may be tainted and there is not a guarantee that the email address is truly valid.
    Default score: 0.5 (low)

  • IPQS_DISPOSABLE
    Is this email suspected of belonging to a temporary or disposable mail service? Usually associated with fraudsters and scammers.
    Default score: 1.0 (medium)

  • IPQS_LEAKED
    Was this email address associated with a recent database leak from a third party? Leaked accounts pose a risk as they may have become compromised during a database breach.
    Default score: 0.1 (very low)

  • IPQS_COMMON
    Is this email from a common email provider? ("gmail.com", "yahoo.com", "hotmail.com", etc.)
    This rule is disabled by default (it's default score is 0.0). To enable the rule and reward messages sent from an address provided by a common provider, set its score to a negative number (e.g. -0.5).


Additional Headers

Each of the data points returned by each call to our API is added in its own header for each message checked by SpamAssassin. Please refer to the Email Validation API documentation for detailed descriptions of these data points.