Setting up antispam rules

It is estimated that 90–95% of all email is spam. Forcepoint Email Security Cloud provides market leading antispam protection through a combination of techniques powered by ThreatSeeker Intelligence. The Forcepoint approach is unique in that we integrate our web intelligence into our email protection engine, which enables the service to detect blended threat attacks in real-time. ThreatSeeker Intelligence technologies include a Forcepoint reputation service, integrated Forcepoint URL database, heuristics, fingerprinting, auto-learning technologies, and more.

The email protection engine uses a combination of techniques to analyze each email message and assign the message a “spam score.” This spam score is used to determine the likelihood of the message being spam. The result of the various spam tests may be a positive score (to indicate spam) or a negative score (to indicate valid email). Message scoring above the “spam threshold” defined by the customer are classified as spam. The results of all tests are taken into account, and this helps to improve accuracy.

To view and edit the current antispam rules for a policy, click the Antispam tab.

You can define what happens to spam depending on the score it receives. For example, you might want to create a rule that forces all email with a spam score greater than 6.0 to be forwarded to an administrator, all email with a score greater than 7.0 to be quarantined, and all email with a score over 10.0 to be discarded.

Lower values detect more spam at the risk of false positives - email wrongly detected as spam. Higher values reduce the risk of false positives but could miss some spam. Forcepoint Email Security Cloud aims to ensure that no false positives occur with spam scores over 6.0. This is the recommended default setting for quarantining email.