Click for SpamPal's Homepage
Contents > How to Optimise

Here are a few things you can try, if you find that SpamPal is too slow, or isn't catching enough spam:

Quick Index

1. Optimise tips

2. Checking DNSBL Effectiveness

2.1 Checking DNSBL Effectiveness - Using the Status Screen
2.2 Checking DNSBL Effectiveness - Using Headers

3. Improving SpamPal's Effectiveness

3.1 Improving SpamPal's Effectiveness: DNSBL lookup
3.2 Improving SpamPal's Effectiveness: Using DNSBL Cache
3.3 Improving SpamPal's Effectiveness: Using Plugins
3.4 Improving SpamPal's Effectiveness: Slow down checks for new mail

1. Optimise tips

Note: some simple speed tips
  • Whitelist every email address you know you want.
  • Don't use more DNSBLs (Public Blacklists) than you need.
  • Some email programs, such as Outlook have a Junk Mail facility which will blacklist email address, it's normally a good idea to disable this feature (which will give you a small speed boost) and just use SpamPal to do the work.
  • Use the ignore- list feature to ignore the IP addresses of your own ISP mail servers
  • You can also tune the number of connections SpamPal makes; go to the advanced settings and increase the Maximum Simultaneous DNSBL queries to 50 (if you are on broadband/cable/adsl)
  • Don't set the caching times too low

::Top::

2.1 Checking DNSBL Effectiveness: Using the Status Screen

By using the SpamPal Status page (right click on the Systray Umbrella and select Status), you'll be able to see which of DNSBLs you are using and how effective they have been during a recent session.

If you look at the statistics on SpamPal's status screen, it will show you the hit rates being achieved by the various DNSBLs you are using for recent queries. You will probably notice that some of the DNSBLs regularly give high numbers, 20-50%, and others may be very low, or even zero hits.

Deselecting the ones with low hit rates will probably improve speed without affecting your spam detection capability.

For example, in the screen below, it looks like Spam-RBL has caught little spam in this session and therefore, may be a good idea to deselect this from your list of DNSBLs (public blacklists), in order to save time.




::Top::

2.2 Checking DNSBL Effectiveness: Using Headers

When you have an email which is clearly spam to you but has slipped though SpamPal. Use the following procedure, to see if there are other DNSBLs, which would have caught this spam.

Get the full mail headers from your mail. How you do that varies from email program to email program,
but they almost all have a method somewhere within the program..


The full mail headers means you need the Received From lines, e.g.

Return-Path: <Pamela5J@hotmail.com>
Received: from sender244 (clarksville-24-159-56-139.midtn.chartertn.net [24.159.56.139])
by xxx.xxxxx.co.uk (8.11.6/8.11.6) with ESMTP id h6888HN06418
for <xxxxx@xxxxx.co.uk>; Tue, 8 Jul 2003 09:08:18 +0100
Message-Id: <200307080808.h6888HN06418@xxxxx.xx.xx>

Now, go to http://openrbl.org/ and do a lookup on the IP address (24.159.56.139)

Wait for your address to be processed and look out for the following line:

Results: Positive=9, Negative=23

If you look for the DNSBL's in Red you could add one of those to SpamPal's current list of DNSBL's in order to try to improve performance of the DNSBL checks.

If none are Positive then adding more DNSBLs to the list in SpamPal... isn't likely to have caught the spam, as it wasn't listed in the major DNSBLs, at the time you checked your mail.

You can further investigate an IP number using the Moensted blacklist checker, at http://moensted.dk/spam/
or the DNSStuff database checker, at www.dnsstuff.com


::Top::

3.1 Improving SpamPal's Effectiveness: DNSBL lookup

These settings can be found in the Advanced panel of SpamPal's options. On the same page, you should have a DNSBL time out setting of 10 to 20 seconds, and a maximum number of simultaneous DNSBL queries of about 25 should be a good choice for most people.

::Top::

3.2 Improving SpamPal's Effectiveness: Using DNSBL Cache

You should also look at the cache times on DNSBL checks. The caching improves speed but may lead to slightly less accurate results. Unless speed is a problem for your connection, the best results will come from setting SpamPal to remember positive (Spam) results for three days, and negative (legitimate mail) results for zero days, twelve hours. These settings can be found in the Advanced panel of SpamPal's options.

On the same page, you should have a DNSBL time out setting of 10 to 20 seconds, and a maximum number of simultaneous DNSBL queries of about 25 should be a good choice for most people.

::Top::

3.3 Improving SpamPal's Effectiveness: Using Plugins

If you are still not catching enough spam then you are better trying alternative strategies, not just piling on more DNSBLs. Look at the available plugins.

There is one called URLbody which will apply DNSBL checks on the websites listed in the spam mails. Although spammers can disguise their email address and send the mail through circuitous routes, they still need to advertise their website in the spam they send you, so this plugin can be very effective at trapping them.

RegEx will examine the body of mails for a whole mess of different phrases and other good solid indicators of spam, and both of those should pick up lots of spam, although I think there is a slightly higher risk of false positives with RegEx patterns. However, the latest version uses a combined scoring system which should greatly improve its discrimination sensitivity. Some people have reported catching well over 90% of the spam just using RegEx and no DNSBLs at all.

The MX blocker is used to detect mails which are sent through desktop MX programs on dial-up lines, a common tactic of spammers. You may find this mops up lots of spam which is escaping the DNSBLs. However, use with caution initially as desktop MX is a legitimate tool which is used for legitimate purposes so you may find you need to whitelist a few regular correspondents.

There is also a Bayesian plugin which takes a completely different approach to detecting spam, although the nature of it means it is perhaps more likely to get false positives to begin with and it does need a period of training to learn the patterns in your email.

As with DNSBLs, do not just install everything at once because it will just be overkill.

Try the plugins one at a time and find out what is working best for you.


::Top::

3.4 Improving SpamPal's Effectiveness: Slow down checks for new mail

A more likely cause of poor DNSBL performance is that you are checking your mail too often.

We have found that from the time a wave of spam starts, it takes about 30 minutes before the culprit IP numbers start appearing on the DNSBLs. If you are checking your mail at one minute intervals then you are probably downloading the spam before the DNSBLs have had a chance to react.

Change the settings in your mail program to only download mail at 30 minute intervals or longer, or even just to download manually, and you should find a big improvement in DNSBL performance.

Despite what people often think, the world will not end if you don't get your emails within a minute of someone sending it.

::Top::