Spam symbol reference guide
When creating a filter with the Spam symbol component, you can match on specific indicators from the spam scanning engine. The symbol wiki in the filter editor shows all available symbols. This article provides a complete reference.
Cleanbox custom symbols
These are generated by Cleanbox's crowd-sourced reputation system:
| Symbol | Score | Meaning |
|---|---|---|
| CLEANBOX_BLOCK | +8.0 | 10+ users reported this sender, 90%+ marked as spam. Very likely spam. |
| CLEANBOX_QUARANTINE | +5.0 | 5+ users reported, 70%+ spam ratio. Suspicious sender. |
| CLEANBOX_GREYLIST | +2.0 | 3+ users reported, more spam than legitimate reports. |
| CLEANBOX_TRUSTED | -2.0 | 5+ teams have whitelisted or prioritized this sender. Trusted. |
| CLEANBOX_UNCOMMON | +1.0 | First-ever contact across all Cleanbox users. Slight caution. |
| CLEANBOX_BULK_ESP | +0.5 | Sent via a known bulk email service provider (Mailchimp, SendGrid, etc.). |
Authentication symbols
| Symbol | Meaning |
|---|---|
| SPF_ALLOW | Sender IP authorized by domain's SPF record (good) |
| SPF_FAIL | Sender IP not authorized by SPF (bad) |
| SPF_SOFTFAIL | Sender IP not in SPF but domain uses ~all policy |
| DKIM_ALLOW | Valid DKIM signature (good) |
| DKIM_REJECT | DKIM signature verification failed (bad) |
| DMARC_POLICY_ALLOW | Passes sender's DMARC policy (good) |
| DMARC_POLICY_REJECT | Fails sender's DMARC policy (bad) |
| FORGED_SENDER | From header does not match actual sender identity |
Content symbols
| Symbol | Meaning |
|---|---|
| BAYES_SPAM | Bayesian classifier identifies this as spam |
| BAYES_HAM | Bayesian classifier identifies this as legitimate |
| ZERO_FONT | Invisible text (font-size: 0) to evade filters |
| HIDDEN_PARTS | Many visually hidden HTML sections |
| PHISHING_LAYOUT | Tiny HTML body with just a link and image (phishing pattern) |
Reputation symbols
| Symbol | Meaning |
|---|---|
| NO_RDNS | Sending server has no reverse DNS record |
| BARE_IP | Message-ID contains a raw IP instead of a hostname |
| NO_RECEIVED | No routing headers — email is likely forged |
Using symbols in filters
To create a filter based on a spam symbol:
- Create or edit a filter
- Add a rule with component Spam symbol
- Operator: equals
- Value: the symbol name (e.g.,
ZERO_FONT) - Action: Deny to block, or Allow with folder routing to sort
You can also click the symbol wiki icon in the filter editor to browse all symbols and click one to insert it into your rule.
For relay-specific symbol rules, see Relay spam symbols and virus scanning.
