[{"data":1,"prerenderedAt":12},["ShallowReactive",2],{"$f0J6RvYBe2ULwc9fzO446eHHeM5s5rLCUy83FMuOTo18":3},{"title":4,"slug":5,"excerpt":6,"category":7,"order":8,"screens":9,"html":11},"Spam filtering","spam-filtering","Protect your webhooks from unwanted emails with built-in spam filtering powered by Rspamd","settings",2,[10],"aliases","\u003Cp>EmailConnect provides built-in spam filtering powered by \u003Ca href=\"https:\u002F\u002Frspamd.com\u002F\">Rspamd\u003C\u002Fa> to protect your webhooks from unwanted emails. For Maker+ users, spam analysis is automatically enabled on all custom domains.\u003C\u002Fp>\n\u003Ch2>How spam filtering works\u003C\u002Fh2>\n\u003Cp>Every email sent to your Maker+ custom domains is automatically analyzed by Rspamd, which:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Checks SPF, DKIM, and DMARC authentication\u003C\u002Fli>\n\u003Cli>Analyzes email headers and content patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detects phishing attempts\u003C\u002Fstrong> (suspicious URLs, display text mismatches)\u003C\u002Fli>\n\u003Cli>Checks URLs against known phishing databases (OpenPhish, PhishTank)\u003C\u002Fli>\n\u003Cli>Assigns a spam score from 0 (ham) to 15+ (definite spam)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The spam score and analysis results are included in every webhook payload, giving you full visibility into email authenticity.\u003C\u002Fp>\n\u003Ch2>Phishing protection\u003C\u002Fh2>\n\u003Cp>EmailConnect automatically detects phishing attempts using multiple techniques:\u003C\u002Fp>\n\u003Ch3>What we detect\u003C\u002Fh3>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Technique\u003C\u002Fth>\n\u003Cth>Description\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>Display text mismatch\u003C\u002Ftd>\n\u003Ctd>Links showing "paypal.com" but pointing to "evil-site.com"\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Known phishing URLs\u003C\u002Ftd>\n\u003Ctd>URLs matching OpenPhish and PhishTank databases\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Suspicious redirects\u003C\u002Ftd>\n\u003Ctd>Short URLs and redirect services often used in phishing\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Brand impersonation\u003C\u002Ftd>\n\u003Ctd>Emails mimicking legitimate services (banks, tech companies)\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Ch3>How it works\u003C\u002Fh3>\n\u003Cp>Phishing detection analyzes the \u003Cstrong>content\u003C\u002Fstrong> of emails (URLs, HTML, text patterns) rather than sender IP addresses. This means phishing protection works reliably regardless of how the email was delivered.\u003C\u002Fp>\n\u003Cp>When phishing is detected, the spam score increases and a phishing indicator appears in the webhook \u003Ccode>symbols\u003C\u002Fcode> array:\u003C\u002Fp>\n\u003Cpre>\u003Ccode class=\"language-json\">{\n  "spam": {\n    "score": 6.5,\n    "symbols": [\n      { "name": "PHISHED_URL", "weight": 4.0, "description": "evil-site.com" }\n    ]\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Common phishing symbols include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>PHISHED_URL\u003C\u002Fcode> - URL matches known phishing database\u003C\u002Fli>\n\u003Cli>\u003Ccode>PHISHING\u003C\u002Fcode> - General phishing indicators detected\u003C\u002Fli>\n\u003Cli>\u003Ccode>PHISHED_DISPLAYED_URL\u003C\u002Fcode> - Display text doesn't match actual URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Phishing vs spam score\u003C\u002Fh3>\n\u003Cp>Phishing detection contributes to the overall spam score. A detected phishing URL typically adds 3-5 points, pushing the email into the "likely spam" or "very likely spam" range.\u003C\u002Fp>\n\u003Cp>You can use alias rules based on spam score to block suspected phishing emails:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Score >= 5 for moderate protection\u003C\u002Fli>\n\u003Cli>Score >= 7 for stricter protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>What's included in webhooks\u003C\u002Fh2>\n\u003Cp>When spam filtering is active, your webhook payload includes a \u003Ccode>spam\u003C\u002Fcode> object:\u003C\u002Fp>\n\u003Cpre>\u003Ccode class=\"language-json\">{\n  "message": {\n    "sender": { "email": "user@example.com" },\n    "subject": "Hello world",\n    ...\n  },\n  "spam": {\n    "score": 2.3,\n    "threshold": 15.0,\n    "isSpam": false,\n    "symbols": [\n      { "name": "DKIM_VALID", "weight": -0.1, "description": "example.com" },\n      { "name": "R_SPF_ALLOW", "weight": -0.2, "description": null }\n    ],\n    "authentication": {\n      "dkim": { "result": "pass", "domain": "example.com" },\n      "spf": { "result": "pass" },\n      "dmarc": { "result": "pass" }\n    },\n    "engine": "rspamd"\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Field\u003C\u002Fth>\n\u003Cth>Description\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Ccode>score\u003C\u002Fcode>\u003C\u002Ftd>\n\u003Ctd>The spam score (0 = clean, higher = more likely spam)\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ccode>threshold\u003C\u002Fcode>\u003C\u002Ftd>\n\u003Ctd>The threshold at which rspamd considers an email spam\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ccode>isSpam\u003C\u002Fcode>\u003C\u002Ftd>\n\u003Ctd>Whether the email exceeds the spam threshold\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ccode>symbols\u003C\u002Fcode>\u003C\u002Ftd>\n\u003Ctd>Array of detection symbols that contributed to the score\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ccode>authentication\u003C\u002Fcode>\u003C\u002Ftd>\n\u003Ctd>DKIM, SPF, and DMARC verification results\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ccode>engine\u003C\u002Fcode>\u003C\u002Ftd>\n\u003Ctd>The spam detection engine used\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Ch2>Controlling spam behavior with alias rules\u003C\u002Fh2>\n\u003Cp>While spam analysis runs automatically, \u003Cstrong>you decide what happens\u003C\u002Fstrong> based on the results. Use \u003Ca href=\"\u002Fhelp\u002Falias-rules\u002F\">alias rules\u003C\u002Fa> to define actions based on spam score:\u003C\u002Fp>\n\u003Ch3>Example: Block high-scoring spam\u003C\u002Fh3>\n\u003Cp>Create a rule to reject emails with a spam score >= 7:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Go to your alias settings\u003C\u002Fli>\n\u003Cli>Click "Configure rules"\u003C\u002Fli>\n\u003Cli>Add a condition: \u003Cstrong>Spam score\u003C\u002Fstrong> >= \u003Cstrong>7\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set action: \u003Cstrong>Block\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Optionally enable sender notification\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Example: Tag suspicious emails\u003C\u002Fh3>\n\u003Cp>For moderate spam scores, you might want to deliver but tag:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Add a condition: \u003Cstrong>Spam score\u003C\u002Fstrong> >= \u003Cstrong>5\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set action: \u003Cstrong>Tag\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Save the rule\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Tagged emails are delivered with an \u003Ccode>X-EmailConnect-Tagged: spam\u003C\u002Fcode> header and \u003Ccode>X-EmailConnect-Spam-Score\u003C\u002Fcode> header, allowing your webhook endpoint to handle them differently.\u003C\u002Fp>\n\u003Ch3>Example: Allow trusted senders regardless of score\u003C\u002Fh3>\n\u003Cp>Combine spam score with sender rules:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Condition 1: \u003Cstrong>Sender domain\u003C\u002Fstrong> equals \u003Cstrong>@trusted-partner.com\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Set action: \u003Cstrong>Allow\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This ensures emails from trusted partners are never blocked, even if they trigger spam detection.\u003C\u002Fp>\n\u003Ch2>Understanding spam scores\u003C\u002Fh2>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Score range\u003C\u002Fth>\n\u003Cth>Interpretation\u003C\u002Fth>\n\u003Cth>Recommended action\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>0 - 2\u003C\u002Ftd>\n\u003Ctd>Clean email\u003C\u002Ftd>\n\u003Ctd>Allow\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>2 - 5\u003C\u002Ftd>\n\u003Ctd>Slightly suspicious\u003C\u002Ftd>\n\u003Ctd>Allow or monitor\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>5 - 7\u003C\u002Ftd>\n\u003Ctd>Likely spam\u003C\u002Ftd>\n\u003Ctd>Tag or block\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>7 - 10\u003C\u002Ftd>\n\u003Ctd>Very likely spam\u003C\u002Ftd>\n\u003Ctd>Block\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>10+\u003C\u002Ftd>\n\u003Ctd>Definite spam\u003C\u002Ftd>\n\u003Ctd>Block\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>These are guidelines - adjust thresholds based on your use case.\u003C\u002Fp>\n\u003Ch2>Best practices\u003C\u002Fh2>\n\u003Ch3>For public-facing addresses (support@, info@)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Set a rule to block spam score >= 7\u003C\u002Fli>\n\u003Cli>Consider tagging scores >= 5 for manual review\u003C\u002Fli>\n\u003Cli>Enable sender notifications for blocked emails\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>For transactional addresses (orders@, invoices@)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Be more conservative - block only score >= 10\u003C\u002Fli>\n\u003Cli>Allow known sender domains explicitly\u003C\u002Fli>\n\u003Cli>Monitor for false positives initially\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>For internal automation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Consider lower thresholds since automated emails can sometimes trigger spam detection\u003C\u002Fli>\n\u003Cli>Use sender allowlists for known automation sources\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>Availability\u003C\u002Fh2>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Plan\u003C\u002Fth>\n\u003Cth>Spam filtering\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>Free\u003C\u002Ftd>\n\u003Ctd>Not available\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Maker\u003C\u002Ftd>\n\u003Ctd>Automatic on all custom domains\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Platform\u003C\u002Ftd>\n\u003Ctd>Automatic with custom configuration\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>System aliases (\u003Ccode>@user.emailconnect.eu\u003C\u002Fcode>) use basic processing and do not include spam analysis.\u003C\u002Fp>\n\u003Ch2>FAQ\u003C\u002Fh2>\n\u003Ch3>Is spam filtering automatic for Maker+ users?\u003C\u002Fh3>\n\u003Cp>Yes. Once you have a Maker+ subscription, spam analysis runs on all emails to your custom domains. You don't need to enable anything.\u003C\u002Fp>\n\u003Ch3>Do I have to create rules?\u003C\u002Fh3>\n\u003Cp>No. Without rules, all emails are delivered to your webhook with spam data included. You can filter in your own application using the spam score, or set up rules in EmailConnect to block\u002Ftag before delivery.\u003C\u002Fp>\n\u003Ch3>What happens to blocked emails?\u003C\u002Fh3>\n\u003Cp>Blocked emails are rejected at delivery time. If you enable sender notification, the sender receives a bounce message explaining the rejection.\u003C\u002Fp>\n\u003Ch3>Can spam filtering block legitimate emails?\u003C\u002Fh3>\n\u003Cp>It's possible. If you suspect false positives:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Check the spam score in your webhook logs\u003C\u002Fli>\n\u003Cli>Create an allow rule for the sender domain\u003C\u002Fli>\n\u003Cli>Lower your blocking threshold\u003C\u002Fli>\n\u003Cli>Contact support if issues persist\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Does spam filtering affect email speed?\u003C\u002Fh3>\n\u003Cp>No. Spam analysis runs in real-time as part of email processing with negligible latency impact.\u003C\u002Fp>\n\u003Ch3>Can I see why an email was flagged?\u003C\u002Fh3>\n\u003Cp>Yes! Check the \u003Ccode>symbols\u003C\u002Fcode> array in your webhook payload. Each symbol shows what was detected and how much it contributed to the spam score. Common symbols include authentication results (DKIM_VALID, R_SPF_ALLOW), phishing indicators (PHISHED_URL), and content patterns.\u003C\u002Fp>\n\u003Ch3>Is phishing detection automatic?\u003C\u002Fh3>\n\u003Cp>Yes. Phishing detection is part of the standard spam analysis for Maker+ users. No additional configuration needed. When phishing is detected, you'll see phishing-related symbols in your webhook payload and an increased spam score.\u003C\u002Fp>\n\u003Ch3>How do I block phishing emails specifically?\u003C\u002Fh3>\n\u003Cp>Phishing detection contributes to the overall spam score (typically +3 to +5 points). Create an alias rule to block emails with spam score >= 5 or >= 7 depending on how strict you want to be. All detected phishing attempts will be caught by this threshold.\u003C\u002Fp>\n\u003Ch2>Related documentation\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Ca href=\"\u002Fhelp\u002Falias-rules\u002F\">Alias rules\u003C\u002Fa> - Configure actions based on spam score and other conditions\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"\u002Fhelp\u002Femail-processing\u002F\">Email processing\u003C\u002Fa> - Understanding the email processing pipeline\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"\u002Fhelp\u002Fdomain-setup\u002F\">Domain setup\u003C\u002Fa> - Setting up custom domains\u003C\u002Fli>\n\u003C\u002Ful>\n",1781207679696]