Back to Community Threads
1
The ULTIMATE AI SPAM Filter -- YOU!
Idea shared by Howell Dell - 7/12/2025 at 11:23 AM
Proposed
I've been using eMail since 2000 and using SmarterMail for more than a decade. I have been an eariler adopter of SPF, DKIM and DEMARC got us -- Its better but not close to perfect.

In the USA I have more rules on how to construct or renovate a house than setup an eMail Server. If you already are using SmarterMail's paid SPAM Filtering this works very well so you might understand the genesis of the idea I have here.

The solution is to build a facility into SmarterMail and Web Mail itself thus leverage the smartest AI of them all -- YOU. Here is the suggest workflow concepts!

We also have a "SenderApproved" List to easily see who we have approved. We kind of have a solution with "Block Sender" Rule but its difficult to use. And if and end user makes a mistake its hard to find in the simple list of domains or eMails. I will mention more on this laer.

With a default setting, eMails arrive first in "InboxToBeApproved" Folder with a count down clock that you can set a time period (default 30 days) where by eMails NOT approved are automatically added to the "SenderBlocked" List. I am getting tons and tons of eMails about Loans, and Lease approvals over and over that pass all verifications.

In Web Mail you can either manually approve, deny, or implicitly approve by reply, or forward all of which then Update "SenderApproved" List and the eMail is moved from "InboxToBeApproved" to "Inbox" when approved or to another folder depending on the action -- approve, deny, forward or reply. Any approval have sub-options to allow the entire Domain, eMail or both.

Another part of this is feature is "Bounce upon Block" feature. As part of this process a header entry should be added to bounce message to track it -- a guid with header "SmarterMail-Bounce-Tag: b6fbd357-0318-5d5a-b24c-1da688f7513d" using UUIDv5. With this the sending to the original user can write an appeal using the link in the Bounce via SmarterMail Web Site so we have better tracking. You can only appeal from a bounce message. We know that most of the bounce won't arrive into someone's eMailbox because the sender is a "bad actor". Thus if someone arrives at the appeal without a valid "key" the form it can't be used.

Further if you are NOT using Web Mail, say gMail on a Smart Phone or Outlook on a PC, SmarterMail would send you a Digest of eMails that are waiting for approval -- with configurable settings once per so many hours, days or weeks. The Digest needs to be clickable with link with an auth key baked in so I don't have to logon - except maybe for 2FA which would be enabled or not by admin or user preference.

The value of a "InboxToBeApproved" Folder is you can use you SmartPhone to look at that folder and simply reply or forward which triggers approval. In this way EAS, EWS and MAPI actions can be hooked onto for this workflow on the Server Side.

The "BlockedSender" List should contains display name, eMail Address, source SMTP IP Address, source Domain, Last Message date, count of appeals, count of blocke, type of block implicit or manual. I should be able to add address to manually block simply to the list by clicking on "Sender Blocked". Blocked eMails would automatically go into SPAM.

While we are at it we should replicate a very siminlar kind of work flow with the "SPAM" Folder -- in that a Digest would be helpful and similar abilities as listed above. I often -- but not too often review my SPAM and everyone in a while I find something I need -- but a nice reminder to do so would be more efficient.

We can refine this to with improved workflow with your input! I implore you to +1 this so we can get the attention of SmarterMail!
0
It is nice to hear from someone else who is thinking about big-picture issues for spam control.   I have posted a couple such topics and been disappointed by the silence.

You are correct on several points:
- The purpose of email filtering is to separate wanted messages from unwanted messages.  Feedback from users helps ensure that this goal is being met.

- As the filtering rules get better at blocking known spam sources, new threats will be usually come from new sources.   Therefore, it is useful to have "new source" as a part of  your filter evaluation.

On the other hand, you have obstacles

Unwanted email already costs employees a lot of time, and your proposal forces them to spend time on mesages that they would previously ignore.  it may also slow access to messages that they definitely want.  SmarterMail cannot embrace a redesign that would risk their client base.

On the other hand, you can make headway without redesigning SmarterMail.

User Feedback
SmarterMail already provides the Training folder.   When enabled, messages that users put in the Junk folder manually, or that Outlook puts the the Junk folder automatically, are put in the SmarterMailTraining folder on the server.  (Files have to be processed or moved within an hour or they are discarded.)  I have posted that it is difficult to know how to use that information.   One reason that I said it was difficult is because the EML lacks SMTP From and To information, which may be very different from the message's From and To headers.    What did not occur to me in that post was that Declude can add that infomration as custom headers.  Difficult but not impossible; it will require labor time and software development.

Messages that remain unread in the Inbox are messages that the user is ignoring, and therefore may be junk.   Scanning user inboxes to find messages that have been ignored may be useful but may be resource intensive.   My recent attempts to use the SmarterMail API have encountered a lot of frustration.

User Quarantine
Many commercial filtering tools provide a user quarantine system, where messages go if they are judged to be not malicious but probably not useful.

Sender Authentication
A critical requirement for any "known sender" strategy is to create an environment where all allowed senders have been authenticated.   This means that you test DMARC on every message, not just messages with a DMARC policy.  If the message is acceptable but does not produce PASS because of alignment, you create local policy to allow the alternate alignment.   If an acceptable message fails DMARC because of SPF, you create a local policy rule that authenticates the Mail From address based on a verified server identity.   You have to eliminate malicious impersonation before you can build anything based on "acceptable senders".

I am a skeptic about the appeal idea.   I can see how it might work, but I am unwilling to send thousands of non-delivery reports for an occasional false positive.
0
The issue is two fold... The Block Sender function is not helpful to the users because its not easy to understand as this is actually a system managed "Content Filtering" then later can't figure out how to unblock or why its blocked i the first place. This needs a more end user friendly interface.

Second all most all of my end users don't use these other features because "its too much work" thus we are wasting dev time on features that the client won't use. 

This is not "occasional false positive" as my customers and myself are getting dozens of "loan" and "lease" proposals every day into their Inbox that we don't want nor signed up for. They are spammy plus other categories are Sell Your Business, Web Dev, and App Dev from "legit" companies so they get thru all of the filtering we are doing. Plus since, its all automated they keep asking.

In this way, if the user applies, this function -- the approval workflow make these more "habitual" in keep their mail flow clean. We leverage the best AI. A human can scan hundreds of messages in a few seconds to pick out the ones that are important. Thus it becomes self actuating in that if you reply, forward or approve the amount of "junk" eMails you don't see gets larger and larger. 

Also, the "Bounce upon Block" is optional and only helps to confirm that the eMail is bad and you get a bounce back from the sender because it was a bogus send in one way or another.

The end users use a LCD (Least Common Denominator) strategy in that the end user apply the least amount of effort to deal with mail but then we get the same SPAM over and over and over again.
0
I get the same spammy messages about loans, web development, and "buy my list so you can become a spammer too!"   

One of the ongoing problems are the attackers that use disposable accounts, mostly from Gmail at present.   It does not matter if I block the account today, because they will be attacking from a different account tomorrow.    These attacks can only be defended with content filtering, despite the imperfections.    When errors occur, you will need to whitelist the acceptable-but-blocked message sources, which is why you need sender authentication.   Disaster happens if you allow an attacker to impersonate a whitelisted sender.

The problem with user feedback is determining how to respond to the submission.   Does it mean:
  • that the user just needs to unsubscribe from0 legitimate list, 
  • that he filed the message in Junk instead of delete, 
  • that he does not want the message but others might?
  • Is the From address the responsible party or an impersonation victim?
  • Is the Mail From address the responsible party?
  • OR is the server organization the problem that needs to be blocked.
Quarantine management
I do essentially all of the spam filter management for my organization.   That function requires an effective user interface for performing quarantine review efficiently.   SmarterMail and Declude are both lacking in this respect, so I send all of my quarantine to a Barracuda appliance.    It does not show the message From address.  Because I have Declude in front of the appliance, it does show the true source IP either.   But it does allow me to see the message in both raw and formatted views, with some features disabled to prevent malicious action during formatted view.   It is incredibly useful for reviewing quarantine, releasing what I want, and deciding whether to block or ignore the other stuff.   If you create a user quarantine environment, you need something similar that is optimized for the non-technical user.

My challenge for user-level quarantine is to give them the information that they need to make a correct decision.   I have not seen a user quarantine tool that meets my expectations for that, but my survey base is tiny.    We have accomplished something similar using a customized external sender warning:
- Sender is external
- Sender is known, and how certain is the relationshp (known customer, known vendor, known destination, a repeat sender, or a new sender.)    This also requres distinguishing between mailbox provider accounts like Gmail, and organization accounts like Ford.com.
- Message is sent by a third party organization, like SendGrid, rather than direct.
If this information is not in the external sender warning, then it should be in the quarantine review environment. 
0
This is why I want to employ "The ULTIMATE AI SPAM Filter -- YOU!". It sounds like you have a single organization, however, I am an MSP thus getting any of them to do anything is worse then herding cats.

They need out help and the way to do is require an eMail workflow that helps them to do better. We know that the average Joe or Josephine have very badat  password management and eMail regulation as they keep getting hacked. In 2000 the US estimates that few hundred million was stolen by bad actors and now we are approaching $20 Billon in the USA.

The US Government is not going after enough these folks thus we need a better defense.

I have tried all of these services like Postini, Declude and Barracuda and they are NOT any better than what I get from SmarterTools already. What I need is a better AI but I don't want Today's AI taking a trip thru my eMail -- the Human is the best AI!

Aaahhhh... Maybe the way to do this is have a local Domain Level AI -- an LLM integrated into SmarterMail. This could be an extra Module like SmarterTools existing Filtering products! Then I could apply a GPU or not as I so choose.
0
Bottom line is that you may have some useful ideas, but you will have to prove them out by assembling some tools and connecting them together with custom developed code.   If you wait for someone else to drop a completed implementation into your lap, your users will be infected with malware during the wait.

If you get started and want to know more about my experience, we can continue offline.
0
Yes, we would like better spam filtering in SmarterMail.

Here's a fairly simple and straightforward idea that could help:
Now with 20 votes and Under Consideration!
Back to Community Threads

Reply to Thread

Enter the verification text

Related Knowledge Base Articles

Send User Spam Feedback Options in SmarterMailSmarterMail > Antispam and Antivirus
Untangle Spam Filtering and SmarterMail TLS IssuesGeneral Topics
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Messages from Trusted Senders are going to my Junk folderSmarterMail > Troubleshooting
Legal Holds and LitigationSmarterMail > Installation and Configuration