Cleanbox
Features Helpdesk Blog Pricing Contact
Sign in Start free trial
Helpdesk General

How to read a spam report

Every email processed by Cleanbox receives a spam score from Rspamd. The spam report shows exactly how that score was calculated — which rules triggered, what each rule means, and how much each contributed to the total.

Where to find the spam report

  1. Go to Messages
  2. Click any message to open the preview
  3. Click the Spam report tab

Reading the report

The report shows a list of symbols (rules) with their scores. Each line looks like:

BAYES_HAM                    -3.0
DKIM_ALLOW                   -0.1
SPF_ALLOW                    -0.2
RCVD_COUNT_3                  0.0
CLEANBOX_TRUSTED             -2.0
R_DKIM_ALLOW                 -0.1
MIME_GOOD                    -0.1
---
Total:                       -5.5

Negative scores = good signals

Rules with negative scores indicate the email is likely legitimate:

  • BAYES_HAM (-3.0) — The Bayesian classifier thinks this is legitimate email based on learned patterns
  • DKIM_ALLOW (-0.1) — The DKIM signature is valid
  • SPF_ALLOW (-0.2) — The sender's IP is authorized by their SPF record
  • CLEANBOX_TRUSTED (-2.0) — Multiple Cleanbox users have whitelisted or prioritized this sender

Positive scores = spam signals

Rules with positive scores indicate spam characteristics:

  • BAYES_SPAM (+5.0) — The classifier thinks this is spam
  • CLEANBOX_BLOCK (+8.0) — Many Cleanbox users have reported this sender as spam (90%+ spam ratio)
  • ZERO_FONT (+2.0) — Invisible text detected (a spam evasion technique)
  • FORGED_SENDER (+1.5) — The From header does not match the actual sender identity

Zero scores = informational

Rules with 0.0 scores are informational — they triggered but did not affect the score. Examples: RCVD_COUNT_3 (3 routing hops), MIME_GOOD (well-formed email structure).

How the total determines the outcome

Total scoreOutcome
Below quarantine thresholdDelivered normally
Between quarantine and spam thresholdHeld in quarantine for review (if enabled)
Above spam thresholdRejected

Your thresholds are configurable per alias. See Setting a spam threshold per alias.

Using spam reports for troubleshooting

  • Legitimate email marked as spam? Check which rules contributed positive scores. If BAYES_SPAM triggered, mark the message as legitimate to train the filter.
  • Spam getting through? Check the total score and compare it to your threshold. If the score is just below, consider lowering your threshold.
  • Authentication failures? Look for SPF_FAIL, DKIM_REJECT, or DMARC_REJECT — these indicate the sender has misconfigured their email authentication.