1. Getting Started
your friends or clients
What should I expect from SpamPal?
SpamPal filtering your email
8. Changing your blacklists/whitelists
default SpamPal installs itself in your StartUp folder and will
always be present, when windows starts up.
can obviously, remove it from your StartUp folder to save boot up
time, however, you must remember to start SpamPal again, before
you check your email, otherwise you cannot receive your email.
If you're on a dial-up link then you may find a product like NetLaunch
a startup, SpamPal will install itself in your system tray and you
should see an umbrella icon, to indicate the fact that it's running:
time you check your email, your email program will invisibly use SpamPal
(although, while this process takes place, you should see the SpamPal
umbrella icon rotate).
your email program's mail filters/message rules will move any messages
that SpamPal has marked as **SPAM**, into
your spamtrap folder, which will help
keep your inbox clean!
SpamPal won't find and tag all
your spam, however, you should find that it will at least catch
90%, in normal use. If you want
to gain the extra % then you may
need to install one of the many SpamPal plugins, which can be found
Every so often,
perhaps make it a weekly task, you should skim through your spamtrap
folder to make sure that there's no mail you actually wanted to
read in there and then delete the rest.
is very configurable and most users will be happy with the default
settings. If however, you need to change the default settings, you
can tune SpamPal to your own personal needs using the Options dialog.
To access the Options dialog,
Right-click on SpamPal's umbrella tray icon, then click on Options.
In order to speed up the processing of your emails
and to prevent SpamPal from marking your friends or contact's emails
as spam, it's a good idea at this point to whitelist all your important
This can be done in four ways:
a) Use the pop3
automatic whitelist: this will whitelist non-spam
email's that you receive on a frequent basis
b) Use the smtp
automatic whitelist: which (if setup in 3.3)
will whitelist all email addresses that you send out
auto-whitelist function will only
auto-whitelist emails that haven't
been marked as **SPAM**
a spammer might forge the email address of someone who is in
your auto-whitelist - for example, a colleague or an alternate
email address or yours. While you don't want to put this person
in your blacklist because they send you lots of genuine email,
you don't want them to end up in your auto-whitelist and bypass
SpamPal's spam-checking features.
Clicking on the Exclusions
pane will bring up a window into which you can enter the email
addresses of people who should never be added to the auto-whitelist.
Just add your colleagues here and you won't have to worry about
spammers forging their addresses to bypass SpamPal's filtering.
You can even add your entire employer's domain - e.g. *@acme-widgets.com
you are using this, especially in a business, as this is recording
all outgoing addresses, some people might view this as an infringement
upon their privacy, (if you are in UK you need to tell staff
of this policy before you start collecting data)
the Add to Whitelist
option on SpamPal's system tray: to manually
whitelist your email addresses by typing in an address (or by using
the dropdown box; to select from a list of recently received address):
Use the SpamPal Whitelist
Email Addresses page to manually
whitelist your email addresses:
whitelist function only looks for email addresses in certain
headers of your email.
These headers are currently: From:,
you will notice that using SpamPal makes fetching your email a little
slower. This is because SpamPal has to check everything against
the DNSBL lists (Public Blacklists) to see which email's are from
a spammer and which aren't.
through it's Auto-Whitelist feature(s), SpamPal will quickly learn
about the people and machines that send you lots of email, and adds
them to a list of trusted senders. Because they're trusted, SpamPal
doesn't waste time any checking the DNSBL lists (Public Blacklists)
for them and so the more you use SpamPal, the quicker it will get.
There are more hints and tip on how to optimise SpamPal here
By using the SpamPal Status page (right
click on the Systray Umbrella and select Status),
you'll be able to see which of DNSBLs you are using and how effective
they have been during a recent session.
If you look at the statistics on SpamPal's
status screen, it will show you the hit rates being achieved
by the various DNSBLs you
are using for recent queries. You will probably notice that some
of the DNSBLs regularly give high numbers, 20-50%,
and others may be very low, or even zero hits.
Deselecting the ones with low
hit rates, will probably improve speed, without affecting your
spam detection capability.
For example, in the screen below, it looks like Spam-RBL has
caught little spam in this session and therefore, may be a good
idea to deselect this from your list of DNSBLs (public blacklists),
in order to save time.
the left window, note the words filtering operations summary.
This isn't the same as number of messages; if your
email program (Outlook Express is one example) fetches a preview
of your message first and then
the message itself, that's two filtering operations, so it counts
the right window, note the words Recent DNSBL Queries.
these numbers will get reset to zero every time you
restart SpamPal, e.g. when you reboot your machine.
are queries to the various public blacklists (and public ignorelists)
that you select to use from SpamPal's options window.
a positive result - for a public blacklist it means the message in question is
probably spam, for ignorelist
it means the
I.P. address in question will be ignored. Negative means
the opposite, and Hit Rate is
the number of positive queries divided by the total number of queries.
When SpamPal fliters an email message,
it extracts I.P.
Addresses from the headers (these indicate which computer
systems the message passed through before it hit yours), and for
each I.P. Address queues a DNSBL
query to each selected public blacklist (and ignorelist).
It doesn't mean the spam mails are being blocked
before they reach your computer; the statistics are just given
as a way for you to judge
which blacklists are catching the most spam for you.
Questions and Answers are a must
read to ensure you get the most out of SpamPal
much spam should Spampal catch?
As a guideline, it should be possible to get Spampal
to catch at least 90% of the spam,
without flagging any legitimate mail as spam. In practice, you can
probably catch 95% of the spam safely, and some people reckon they
catch 99% or more of the spam. However, as you become more aggressive
in your spam filtering, so too will you increase the chance of flagging
legitimate mail as spam, and no matter how good your anti-spam tools
are, there will always be one or two spams which sneak under the
barrier. Be realistic in your expectations.
Why didn't this
mail get flagged as spam?
To find out why spam is getting through you need
to look at your X-SpamPal header
in the email and find out what reasons it is giving for PASSing
the mails. You may have accidentally whitelisted something that
you intended to blacklist or you may have got your caching times
wrong. It may not give a reason, indicating that none of your existing
strategies or blacklists detected this as spam. Whatever the reason,
header is the starting point to improving spam detection
this page for more details about
Why did my mail get flagged
To find out why an email is being marked as spam
you need to look at your X-SpamPal
header in the email and find out what reasons it is giving for marking
the email as SPAM. You may have
accidentally blacklisted something that you intended to whitelistlist
or perhaps a public blacklist
(DNSBL) you have selected, seems to be too aggressive and blocks
too much legitimate email (because spam-friendly providers may
have non-spamming customers too!). Whatever the reason though,
header is the key to finding the solution, so
see this page for more details
about SpamPal headers and what they mean
Do I have
to keep adding addresses to my blacklist?
No. Please don't
use massive email address blacklists with SpamPal,
particularly not those from general purpose sites. Those are
intended for spam detecting systems which can't use DNS blacklists,
regular expressions or other advanced spam detection methods.
Using a massive blacklist is not usually productive, as spammers usually forge
their email address and never use the same address
twice. If you regularly get spam from the same address and for some reason
it is not being picked up by the public blacklists then it can be useful to
add it to your own personal blacklist.
|However, most people only have
a handful of addresses in their blacklists. If
you have too many you will slow down SpamPal quite significantly,
and be creating a lot of work for yourself without achieving anything
This reasoning also applies to email programs, such as Outlook and Outlook Express
that have the facility to block senders by email address (called Junk
Senders/Adult Content senders). It is usually better to stop using
those features and leave SpamPal to do it's job.
The first way to cut the spam with SpamPal is to adjust the
DNS blacklists. Using Easynet and SpamCop should
catch 90% of spam for most people. If you don't get at least that
high a detection rate, or want a higher rate, let
us know and we'll make more suggestions to help to improve the
Should I use all the DNSBLs?
No, you only need three
or four good DNSBLs to get good results. Adding more will
not necessarily improve matters. If
you've got them all ticked, that is overkill. It is also
using an unfair amount of resources. The people who provide these
DNSBLs are doing so free of charge and we'd all like it to stay
Some DNSBLs work better than others, and it also
depends on where you are in the world. Good general purpose ones
include SpamCop, Easynet
Blackholes and NJABL.
|During the installation of SpamPal
you are asked what level of filtering you want to use; Safe, Medium or Agressive.
You may want to change the setting you originally used and you can
do this by clicking on the
red arrow (Pre-created Filtering Strategies)
to bring up this screen, where you can default your DNSBL selection:
|If you look at the statistics on SpamPal's status
screen, that will show you the hit rates being achieved by the various
DNSBLs you are using for recent queries. You will probably notice
that some of the DNSBLs regularly give high numbers, 40-50%, and
others may be very low, or even zero hits. Deselecting
the ones with low hit rates will probably improve speed without affecting
your spam detection capability.
For example, in the screen below,
it looks like DSBL, Composite
Blocking list and VISI have
detected little spam in this session and therefore may be a good
idea to deselect these from your list of DNSBLs (public blacklists),
in order to save time.
You can also see that SORBS has
a slightly higher Average
Response time (0.421s)
than the other DNSBL's and also doesn't detect as much spam as Easynet, so may
also be a candidate for removal.
I'm still not catching enough spam: How
do I improve my DNSBL selection?
You could look at the country lists. At the time
of writing, a lot of spam seems to be routed through open relays
in China. If you are absolutely sure that you never
receive legitimate email from China, you could select this
country in the countries blacklist. However, you need to exercise
great consideration when blocking by country, for example,
if you're running a global business, you certainly don't want to
be using the blocking by county feature!
A more likely cause of poor DNSBL performance
is that you are checking your mail too
often. We have found that from the time a wave of spam starts,
it takes about 30 minutes before
the culprit IP numbers start appearing on the DNSBLs. If you are
checking your mail at one minute intervals then you are probably
downloading the spam before the DNSBLs have had a chance to react.
Change the settings in your mail program to only download mail at 30 minute
intervals or longer, or even just to download manually, and you should find
a big improvement in DNSBL performance. Despite what people often think, the
world will not end if you don't get your emails within a minute of someone
You should also look at the cache times on DNSBL
checks. The caching improves speed but may lead to slightly less
accurate results. Unless speed is a problem for your connection,
the best results will come from setting SpamPal to remember positive
(Spam) results for three days, and negative
(legitimate mail) results for zero days zero hours. These
settings can be found in the Advanced panel of SpamPal's options.
On the same page, you should have a DNSBL
time out setting of 10 to 20 seconds, and a maximum number
of simultaneous DNSBL queries of about
25 should be a good choice for most people.
I'm still not catching enough spam: how
do I improve SpamPal's performance?
If you are still not catching enough spam then
you are better trying alternative strategies, not just piling on
more DNSBLs. Look at the available plugins.
There is one called URLbody which will apply
DNSBL checks on the websites (URLs) listed in the spam mails. Although
spammers can disguise their email address and send the mail through
circuitous routes, they still need to advertise their website in
the spam they send you, so this plugin can be very effective at
RegEx will examine the body of mails for a whole
mess of different phrases and other good solid indicators of spam,
and both of those should pick up lots of spam, although I think
there is a slightly higher risk of false positives with RegEx patterns.
However, the latest version uses a combined scoring system which
should greatly improve its discrimination sensitivity. Some
people have reported catching well over 90% of the spam just using
RegEx and no DNSBLs at all.
The MX blocker is used to detect mails which
are sent through desktop MX programs on dial-up lines, a common
tactic of spammers. You may find this mops up lots of spam which
is escaping the DNSBLs. However, use with caution initially as
desktop MX is a legitimate tool which is used for legitimate purposes
so you may find you need to whitelist a few regular correspondents.
There is also a Bayesian plugin which takes a
completely different approach to detecting spam, although the nature
of it means it is perhaps more likely to get false positives to
begin with and it does need a period of training to learn the patterns
in your email.
For more details about plugins, see this page
As with DNSBLs, do
not just install everything at once because it will just be overkill.
Try the plugins one at a time and find out what is working best for you.
I have old spam email's in my inbox
that arrived before I started to use SpamPal, can SpamPal now
mark these as spam?
No. Retrospectively checking
headers on emails is not an option because blacklists are dynamic
entities. They say what the status of an IP number is now, not
what it was when you received the mail.
Why doesn't SpamPal bounce messages
back to the spammer like other products?
The usual reason people like to bounce messages back to a spammer, is that
they think a bounced message will tell the Spammer that an email account does
not exist and their address will be removed from the spammer's database and
therefore that they won't receive any more spam.
But in reality bounce
messages are normally useless because:
1. A Spammer
sends, in a few minutes, millions of emails at once. Why should
he spend time on deleting a few thousand addresses that do not
exist? Usually the same addresses are spammed again next time (it
does not cost the spammer any time or money, to send a few emails
more). Bounces from users will only increase traffic over the internet
and end up costing the user either time or money, to bouce back
a lot of messages, back to the spammer.
2. 99.9% of
the spam, has an invalid return address that has nothing to do
with the real spammer.
Here are a few "real world" examples:-
a) the sender
does not exist and the error message cannot be delivered.
So you return the (fake) message again and since
most Spammers can recognize that this is not a real error message,
you end up wasting time and money.
b) the (innocent)
sender exists and the spammer has used their email address for
Spammers often use email addresses of innocent
persons (very often they use addresses of persons who have tried
to stop the spammer by their complaints). As as reult, these persons
receive thousands of real bounces and additional bounces (ie. Fake)
sent by software that allows you to send fake bounce messages.
c) the sender
is the spammer (in a very few cases).
The spammer can verify that your account exists
(when he is clever enough to identify your error message as fake).
What do I do with spam that still gets
through undetected? Is this a bug in Spampal? Should I post the
spam to you so you can study it?
No, there is always going to be some spam which
gets through, no matter what antispam tools you use. We suggest
you sign up for a free spamcop.net reporting
account (also see this page
for more details on how to report spam), and report the spam there.
When the spam has been reported by several different people, it
will be added to the SpamCop DNSBL and then other SpamPal users
will benefit from your reporting.
But a spam STILL got through, this is
No, it isn't. The objective is not to kill every
last spam. The objective is to reclaim your inbox and to get rid
of the bulk of the spam with the absolute minimum of effort. Do
not become obsessive about spam!
will periodically check to see if a more recent version of the program
itself has been released. It won't update itself, but it will tell
you about it so you can download the new version if you want to.
It will also tell you about any new plugins that have been released,
and any updates to plugins that you have installed.
will also automatically update the list of DNSBL services (Public
Blacklists) every so often. So, should one of the DNSBL services
you are using, become permanently
unavailable, it will tell you about it and you can select an alternative
from the Options dialog.
there is a new version of SpamPal or a plugin available then follow
the this procedure to ensure
the process of upgrading, is as quick and smooth as possible.
you need to locate the directory where your Spampal configuration
files are stored, which will also
have settings for any plugins you currently use.
right click on the umbrella in the systray and select options. Now
select the advanced menu.
should now see at the bottom of that screen a box that says SpamPal's
configuration is stored in this folder.
This is the
directory that needs to be backed up.
Now, use windows explorer (or an archiver program) and backup the
You can stop SpamPal filtering any of your emails, without having
to change any of the setup in your email program, by using the disable
filtering option from the systray icon.
You can see when SpamPal won't filter any emails when the icon changes
While using Spampal your blacklists/whitelist
can get updated in various ways:
a) blacklist: using the systray manual blacklist
b) whitelist: using the systray manual whitelist, auto-whitelist
or smtp auto-whitelist
If you wish to look or edit these, just go to:
SpamPal Options, Blacklists, Email
Addresses and Edit
SpamPal Options, Whitelists, Email
Addresses and Edit as required