Click for SpamPal's Homepage
Contents > How to use SpamPal

Quick Index

1. Getting Started
2. Whitelist your friends or clients
3. SpamPal Status Screen
4. What should I expect from SpamPal?
5. Checking for Updates
6. Backup your settings
7. Stop SpamPal filtering your email
8. Changing your blacklists/whitelists

1. Getting Started

By default SpamPal installs itself in your StartUp folder and will always be present, when windows starts up.

You can obviously, remove it from your StartUp folder to save boot up time, however, you must remember to start SpamPal again, before you check your email, otherwise you cannot receive your email.

If you're on a dial-up link then you may find a product like NetLaunch useful.

On a startup, SpamPal will install itself in your system tray and you should see an umbrella icon, to indicate the fact that it's running:

Every time you check your email, your email program will invisibly use SpamPal (although, while this process takes place, you should see the SpamPal umbrella icon rotate).
Next, your email program's mail filters/message rules will move any messages that SpamPal has marked as **SPAM**, into your spamtrap folder, which will help keep your inbox clean!

Although SpamPal won't find and tag all your spam, however, you should find that it will at least catch 90%, in normal use. If you want to gain the extra % then you may need to install one of the many SpamPal plugins, which can be found here.

Every so often, perhaps make it a weekly task, you should skim through your spamtrap folder to make sure that there's no mail you actually wanted to read in there and then delete the rest.

SpamPal is very configurable and most users will be happy with the default settings. If however, you need to change the default settings, you can tune SpamPal to your own personal needs using the Options dialog.

To access the Options dialog, Right-click on SpamPal's umbrella tray icon, then click on Options.

2. Whitelist your friends or clients

In order to speed up the processing of your emails and to prevent SpamPal from marking your friends or contact's emails as spam, it's a good idea at this point to whitelist all your important email addresses.

This can be done in four ways:

a) Use the pop3 automatic whitelist: this will whitelist non-spam email's that you receive on a frequent basis
b) Use the smtp automatic whitelist: which (if setup in 3.3) will whitelist all email addresses that you send out

Note 1: auto-whitelist and **SPAM** message
the auto-whitelist function will only auto-whitelist emails that haven't been marked as **SPAM**
Note 2: Never Auto-Whitelist option
Occasionally, a spammer might forge the email address of someone who is in your auto-whitelist - for example, a colleague or an alternate email address or yours. While you don't want to put this person in your blacklist because they send you lots of genuine email, you don't want them to end up in your auto-whitelist and bypass SpamPal's spam-checking features.

Clicking on the Exclusions pane will bring up a window into which you can enter the email addresses of people who should never be added to the auto-whitelist. Just add your colleagues here and you won't have to worry about spammers forging their addresses to bypass SpamPal's filtering. You can even add your entire employer's domain - e.g. *
Note 3: Privacy: smtp automatic whitelist
If you are using this, especially in a business, as this is recording all outgoing addresses, some people might view this as an infringement upon their privacy, (if you are in UK you need to tell staff of this policy before you start collecting data)

c) use the Add to Whitelist option on SpamPal's system tray: to manually whitelist your email addresses by typing in an address (or by using the dropdown box; to select from a list of recently received address):

d) Use the SpamPal Whitelist Email Addresses page to manually whitelist your email addresses:
Note 4: Headers that the whitelist compares against
The whitelist function only looks for email addresses in certain headers of your email.

These headers are currently:
From:, Reply-To:, Sender:, Mailing-List: and Return-Path:

Initially, you will notice that using SpamPal makes fetching your email a little slower. This is because SpamPal has to check everything against the DNSBL lists (Public Blacklists) to see which email's are from a spammer and which aren't.

However, through it's Auto-Whitelist feature(s), SpamPal will quickly learn about the people and machines that send you lots of email, and adds them to a list of trusted senders. Because they're trusted, SpamPal doesn't waste time any checking the DNSBL lists (Public Blacklists) for them and so the more you use SpamPal, the quicker it will get.

There are more hints and tip on how to optimise SpamPal here

3. SpamPal Status Screen

By using the SpamPal Status page (right click on the Systray Umbrella and select Status), you'll be able to see which of DNSBLs you are using and how effective they have been during a recent session.

If you look at the statistics on SpamPal's status screen, it will show you the hit rates being achieved by the various DNSBLs you are using for recent queries. You will probably notice that some of the DNSBLs regularly give high numbers, 20-50%, and others may be very low, or even zero hits.

Deselecting the ones with low hit rates, will probably improve speed, without affecting your spam detection capability.

For example, in the screen below, it looks like Spam-RBL has caught little spam in this session and therefore, may be a good idea to deselect this from your list of DNSBLs (public blacklists), in order to save time.

Note 1: Filtering Operations Summary
In the left window, note the words filtering operations summary. This isn't the same as number of messages; if your email program (Outlook Express is one example) fetches a preview of your message first and then the message itself, that's two filtering operations, so it counts twice.
Note 2: Recent DNSBL Queries
In the right window, note the words Recent DNSBL Queries. these numbers will get reset to zero every time you restart SpamPal, e.g. when you reboot your machine.
DNSBL queries are queries to the various public blacklists (and public ignorelists) that you select to use from SpamPal's options window.

Positive means a positive result - for a public blacklist it means the message in question is probably spam, for ignorelist it means the I.P. address in question will be ignored. Negative means the opposite, and Hit Rate is the number of positive queries divided by the total number of queries.

When SpamPal fliters an email message, it extracts I.P. Addresses from the headers (these indicate which computer systems the message passed through before it hit yours), and for each I.P. Address queues a DNSBL
to each selected public blacklist (and ignorelist).

It doesn't mean the spam mails are being blocked before they reach your computer; the statistics are just given as a way for you to judge which blacklists are catching the most spam for you.


4. What should I expect from SpamPal?

The following Questions and Answers are a must read to ensure you get the most out of SpamPal
How much spam should Spampal catch?

As a guideline, it should be possible to get Spampal to catch at least 90% of the spam, without flagging any legitimate mail as spam. In practice, you can probably catch 95% of the spam safely, and some people reckon they catch 99% or more of the spam. However, as you become more aggressive in your spam filtering, so too will you increase the chance of flagging legitimate mail as spam, and no matter how good your anti-spam tools are, there will always be one or two spams which sneak under the barrier. Be realistic in your expectations.

Why didn't this mail get flagged as spam?

To find out why spam is getting through you need to look at your X-SpamPal header in the email and find out what reasons it is giving for PASSing the mails. You may have accidentally whitelisted something that you intended to blacklist or you may have got your caching times wrong. It may not give a reason, indicating that none of your existing strategies or blacklists detected this as spam. Whatever the reason, the X-SpamPal header is the starting point to improving spam detection performance. See this page for more details about SpamPal headers.

Why did my mail get flagged as spam!

To find out why an email is being marked as spam you need to look at your X-SpamPal header in the email and find out what reasons it is giving for marking the email as SPAM. You may have accidentally blacklisted something that you intended to whitelistlist or perhaps a public blacklist (DNSBL) you have selected, seems to be too aggressive and blocks too much legitimate email (because spam-friendly providers may well have non-spamming customers too!). Whatever the reason though, the X-SpamPal header is the key to finding the solution, so see this page for more details about SpamPal headers and what they mean

Do I have to keep adding addresses to my blacklist?

No. Please don't use massive email address blacklists with SpamPal, particularly not those from general purpose sites. Those are intended for spam detecting systems which can't use DNS blacklists, regular expressions or other advanced spam detection methods.

Using a massive blacklist is not usually productive, as spammers usually forge their email address
and never use the same address twice. If you regularly get spam from the same address and for some reason it is not being picked up by the public blacklists then it can be useful to add it to your own personal blacklist.

However, most people only have a handful of addresses in their blacklists. If you have too many you will slow down SpamPal quite significantly, and be creating a lot of work for yourself without achieving anything useful.

This reasoning also applies to email programs, such as Outlook and Outlook Express that have the facility to block senders by email address (called Junk Senders/Adult Content senders). It is usually better to stop using those features and leave SpamPal to do it's job.

The first way to cut the spam with SpamPal is to adjust the DNS blacklists. Using Easynet and SpamCop should catch 90% of spam for most people. If you don't get at least that high a detection rate, or want a higher rate, let us know and we'll make more suggestions to help to improve the success.

Should I use all the DNSBLs?

No, you only need three or four good DNSBLs to get good results. Adding more will not necessarily improve matters. If you've got them all ticked, that is overkill. It is also using an unfair amount of resources. The people who provide these DNSBLs are doing so free of charge and we'd all like it to stay that way.

Some DNSBLs work better than others, and it also depends on where you are in the world. Good general purpose ones include SpamCop, Easynet Blackholes and NJABL.

During the installation of SpamPal you are asked what level of filtering you want to use; Safe, Medium or Agressive. You may want to change the setting you originally used and you can do this by clicking on the
red arrow
(Pre-created Filtering Strategies) to bring up this screen, where you can default your DNSBL selection:
If you look at the statistics on SpamPal's status screen, that will show you the hit rates being achieved by the various DNSBLs you are using for recent queries. You will probably notice that some of the DNSBLs regularly give high numbers, 40-50%, and others may be very low, or even zero hits. Deselecting the ones with low hit rates will probably improve speed without affecting your spam detection capability.

For example, in the screen below, it looks like DSBL, Composite Blocking list and VISI have detected little spam in this session and therefore may be a good idea to deselect these from your list of DNSBLs (public blacklists), in order to save time.

You can also see that SORBS has a slightly higher Average Response time (0.421s) than the other DNSBL's and also doesn't detect as much spam as Easynet, so may also be a candidate for removal.

I'm still not catching enough spam: How do I improve my DNSBL selection?

You could look at the country lists. At the time of writing, a lot of spam seems to be routed through open relays in China. If you are absolutely sure that you never receive legitimate email from China, you could select this country in the countries blacklist. However, you need to exercise great consideration when blocking by country, for example, if you're running a global business, you certainly don't want to be using the blocking by county feature!

A more likely cause of poor DNSBL performance is that you are checking your mail too often. We have found that from the time a wave of spam starts, it takes about 30 minutes before the culprit IP numbers start appearing on the DNSBLs. If you are checking your mail at one minute intervals then you are probably downloading the spam before the DNSBLs have had a chance to react.

Change the settings in your mail program to only download mail at 30 minute intervals or longer, or even just to download manually, and you should find a big improvement in DNSBL performance. Despite what people often think, the world will not end if you don't get your emails within a minute of someone sending it.

You should also look at the cache times on DNSBL checks. The caching improves speed but may lead to slightly less accurate results. Unless speed is a problem for your connection, the best results will come from setting SpamPal to remember positive (Spam) results for three days, and negative (legitimate mail) results for zero days zero hours. These settings can be found in the Advanced panel of SpamPal's options. On the same page, you should have a DNSBL time out setting of 10 to 20 seconds, and a maximum number of simultaneous DNSBL queries of about 25 should be a good choice for most people.

I'm still not catching enough spam: how do I improve SpamPal's performance?

If you are still not catching enough spam then you are better trying alternative strategies, not just piling on more DNSBLs. Look at the available plugins.

There is one called URLbody which will apply DNSBL checks on the websites (URLs) listed in the spam mails. Although spammers can disguise their email address and send the mail through circuitous routes, they still need to advertise their website in the spam they send you, so this plugin can be very effective at trapping them.

RegEx will examine the body of mails for a whole mess of different phrases and other good solid indicators of spam, and both of those should pick up lots of spam, although I think there is a slightly higher risk of false positives with RegEx patterns. However, the latest version uses a combined scoring system which should greatly improve its discrimination sensitivity. Some people have reported catching well over 90% of the spam just using RegEx and no DNSBLs at all.

The MX blocker is used to detect mails which are sent through desktop MX programs on dial-up lines, a common tactic of spammers. You may find this mops up lots of spam which is escaping the DNSBLs. However, use with caution initially as desktop MX is a legitimate tool which is used for legitimate purposes so you may find you need to whitelist a few regular correspondents.

There is also a Bayesian plugin which takes a completely different approach to detecting spam, although the nature of it means it is perhaps more likely to get false positives to begin with and it does need a period of training to learn the patterns in your email.

For more details about plugins, see this page

As with DNSBLs, do not just install everything at once because it will just be overkill. Try the plugins one at a time and find out what is working best for you.

I have old spam email's in my inbox that arrived before I started to use SpamPal, can SpamPal now mark these as spam?

No. Retrospectively checking headers on emails is not an option because blacklists are dynamic entities. They say what the status of an IP number is now, not what it was when you received the mail.

Why doesn't SpamPal bounce messages back to the spammer like other products?

The usual reason people like to bounce messages back to a spammer, is that they think a bounced message will tell the Spammer that an email account does not exist and their address will be removed from the spammer's database and therefore that they won't receive any more spam.

But in reality bounce messages are normally useless because:

1. A Spammer sends, in a few minutes, millions of emails at once. Why should he spend time on deleting a few thousand addresses that do not exist? Usually the same addresses are spammed again next time (it does not cost the spammer any time or money, to send a few emails more). Bounces from users will only increase traffic over the internet and end up costing the user either time or money, to bouce back a lot of messages, back to the spammer.

2. 99.9% of the spam, has an invalid return address that has nothing to do with the real spammer.

Here are a few "real world" examples:-

a) the sender does not exist and the error message cannot be delivered.

So you return the (fake) message again and since most Spammers can recognize that this is not a real error message, you end up wasting time and money.

b) the (innocent) sender exists and the spammer has used their email address for his spam.

Spammers often use email addresses of innocent persons (very often they use addresses of persons who have tried to stop the spammer by their complaints). As as reult, these persons receive thousands of real bounces and additional bounces (ie. Fake) sent by software that allows you to send fake bounce messages.

c) the sender is the spammer (in a very few cases).

The spammer can verify that your account exists (when he is clever enough to identify your error message as fake).

What do I do with spam that still gets through undetected? Is this a bug in Spampal? Should I post the spam to you so you can study it?

No, there is always going to be some spam which gets through, no matter what antispam tools you use. We suggest you sign up for a free reporting account (also see this page for more details on how to report spam), and report the spam there. When the spam has been reported by several different people, it will be added to the SpamCop DNSBL and then other SpamPal users will benefit from your reporting.

But a spam STILL got through, this is a disaster!

No, it isn't. The objective is not to kill every last spam. The objective is to reclaim your inbox and to get rid of the bulk of the spam with the absolute minimum of effort. Do not become obsessive about spam!

5. Checking for Updates

SpamPal will periodically check to see if a more recent version of the program itself has been released. It won't update itself, but it will tell you about it so you can download the new version if you want to. It will also tell you about any new plugins that have been released, and any updates to plugins that you have installed.

SpamPal will also automatically update the list of DNSBL services (Public Blacklists) every so often. So, should one of the DNSBL services you are using, become permanently unavailable, it will tell you about it and you can select an alternative from the Options dialog.

If there is a new version of SpamPal or a plugin available then follow the this procedure to ensure the process of upgrading, is as quick and smooth as possible.

6. Backup your settings

First you need to locate the directory where your Spampal configuration files are stored, which will also have settings for any plugins you currently use.

Do a right click on the umbrella in the systray and select options. Now select the advanced menu.

You should now see at the bottom of that screen a box that says SpamPal's configuration is stored in this folder.

This is the directory that needs to be backed up.

Now, use windows explorer (or an archiver program) and backup the whole folder.

7. Stop SpamPal filtering your email

You can stop SpamPal filtering any of your emails, without having to change any of the setup in your email program, by using the disable filtering option from the systray icon.

You can see when SpamPal won't filter any emails when the icon changes to:

8. Changing your blacklists/whitelists

While using Spampal your blacklists/whitelist can get updated in various ways:

a) blacklist: using the systray manual blacklist
b) whitelist: using the systray manual whitelist, auto-whitelist or smtp auto-whitelist

If you wish to look or edit these, just go to:

SpamPal Options, Blacklists, Email Addresses and Edit as required
SpamPal Options, Whitelists, Email Addresses and Edit as required



Users can now annoate manual pages with their own hints and tips. To share your insights with your fellow SpamPal users, you can use the form of the bottom of the page.

Request to clarify
Note left by saimhe at 2006-07-11 12:28:46

You wrote:

"Next, your email program's mail filters/message rules will move any messages that SpamPal has marked as **SPAM**, into your spamtrap folder, which will help keep your inbox clean!"

However this scenario corresponds only to POP connection; most users that chose IMAP will also allow SpamPal to move tagged messages to inbox.spamtrap, therefore message rules won't be required.

It would be nice to provide scenarios for all types of connections.

(I used IMAP *only* for almost a year. Now I am considering additional POP connection and want to be sure that nothing unexpected happens. But it seems that this knowledge can be acquired only experimentally.)


Annotate this page

Unfortunately, owing to a high volume of attempted abuse, new annotations are no longer being accepted for this page. Please accept my apologies for any inconvenience caused.