SmarterMail Help
Community Knowledge Base

SpamFoo Dashboard

SpamFoo is an AI-driven antispam and classification engine that is available to all SmarterMail users. While the antispam capabilities are managed by the server administrator, when enabled, SpamFoo's classification engine is available for free to all users. As such, each user has access to the SpamFoo dashboard that provides insight into how SpamFoo classifies messages and offers users the ability to set up some default antispam settings (when antispam is enabled) and default classification rules.

The SpamFoo Dashboard that's available to system administrators is entirely different than the ones users and domain administrators see as it provides an overall view of SpamFoo's health and details on the system as a whole versus individual domains or mailboxes. (Though information on individual domains is available as well.)

The system administrator dashboard consists of a number of features, including a search bar. It also offers reports and information across five (5) main categories:

  • Overview
  • Messages
  • Senders
  • Rules & Protection
  • System

Search Bar

At the top of the dashboard is the search bar, language selector, and a navigation/user dropdown.

  • Search bar - Allows a system administrator to search for any domain, sender, or mailbox.
  • Language Selector - Changes the interface language to whatever is selected.
  • User Dropdown - Allows a system administrtator to switch their views between theirs, the domain administrator of a particular domain (selected via dropdown), or an individual user.

Overview

Mail Health

The Mail Health area provides general information about overall SpamFoo usage and detail on the server. Administrators can select a pre-defined timeframe from a dropdown, the default of which is the "Last 24 Hours". This information includes:

  • The total number of messages processed by SpamFoo, including overall percentage of that mail that was classified as Spam.
  • Total Spam messages caught.
  • Total Phishing messages caught.
  • The Average Scan Time for SpamFoo while it's processing messages.
  • Mail Trend graph displaying total legitimate, Spam, and Phishing messages. It's worth noting that the graph's X-axis has a slider that allows an administrator to see more granular details of these counts.
  • Classifications data, including how many messages were classified in each class, including Spam.
  • SpamFoo's Current Status. This includes its uptime data, average messages scanned per minute, and the total messages scanned.
  • A list of the "Riskiest Domains", which are sending domains that originate the most Spam or Phishing emails within the timeframe selected.
  • A list of the "Riskiest IP Addresses", which matches Riskiest Domains but lists sending IP addresses. When combined with the Riskiest Domains, this information provides system administrators with targets for stricter IDS rules and/or blacklist entries for their servers.

Domains

This page lists all of the domains on the server and displays the following for each:

  • The total users on the domain.
  • The total number of messages classified as Spam.
  • The total number of messages classified as Phishing.
  • The total number of messages classified as legitimate.
  • The overall spam percentage for the domain.

When a system administrator clicks on a particular domain they can dig a bit deeper into that domain's information. This view offers information about the total messages processed for the domain (i.e., total messages in the last 30 days, total Spam, total Phishing, etc.) as well as a breakdown of how those emails were classified (e.g., total messages classified as "Updates") and also information about each individual user of the domain, including total messages scanned, total Spam, and total Phishing. That Users list is paginated as well so each user can be viewed if needed.

Messages

The Messages are allows a system administrator to see details of each message processed by SpamFoo in a particular timeframe. These messages are listed with their complete details, including:

  • The Date and time the message was processed.
  • The sending domain.
  • The sending IP address.
  • The recipient of the message.
  • The Decision made by SpamFoo: Spam or Not Spam.
  • The Classification of the message.

There is also a search function, so if a system administrator doesn't want to page through lists of messages, they can do a search by sending domain, sending IP address, or the recipient of the message. Then, if they want further granularity, they can select the Decision made to further narrow down the results.

Senders

The Senders page of the dashboard shows tons of information about individual senders to domains and users on the server. The page is split into three (3) different tabs:

  • The domains tab shows information about sending domains.
  • The IP Addresses tab shows information about sending IPs, and
  • The Email Addresses tab shows information about individual email addresses.

The Top Risk Sources card shows the Top 8 senders of each type: Domains, IP Addresses, and Email Addresses. However, the detail card (i.e., Domains, IP Addresses, or Email Addresses) has an added benefit of showing details of each sender type.

For example, when clicking on a specific Domain, a new window appears that shows interesting details about that sending domain. This includes first and last seen dates, an Activity Timeline, and Recent Messages. This detail is available for both Domains and IP Addresses. For Email Addresses you can see the timestamp (date and time) or each message, its recipient, adn then the decision made for the message.

Rules & Protection

On the Rules & Protections page, there are two tabs:

  • System Rules, and
  • Protected Identities

System Rules

System rules apply to every domain and user on the server. Therefore, this is where an administrator configures server-level policy: blocking a competitor's domain, ensuring a trusted vendor is always allowed through, or routing a known internal sender to Primary.

Like personal and domain rules, System Rules support exact addresses and wildcards (e.g. *@vendor.com), and they track how many times each rule has fired so you can see which ones are actually doing work.

To add a rule, click Add Rule button. To edit or delete an existing rule, click **Edit** in the rule's row .

The rules hierarchy is: server rules → domain rules → user rules. Therefore, System Rules override both domain and individual user preferences

Protected Identities

The Protected Identities area is SpamFoo's Business Email Compromise (BEC)/impersonation protection feature. System administrators can set up Protected Identities and Delegated Senders for any domain on their SmarterMail server. Alternatively, this feature is available to users and domain administrators as well, so the system administrator can leave this area blank and let domain administrators and/or users utilize this area.

What this means is that, in any organization, there are people/positions/addresses that are worth protecting along with email addresses/domains that are legitimately allowed to send email on behalf of them. For example, a CEO or CTO, IT Manager, HR Manager, etc. These roles carry authority, so their email addresses are worth protecting as they can often be impersonated during phishing attacks. For example, the email address of a payroll manager can be spoofed to try and trick employees into providing banking or pay check information.

Conversely, these people, or the organization, may have systems set up -- bug tracking systems, HR platforms, Accounting systems like Quickbooks, etc. -- that can send email "as" that person/role. For example, authentication requests or invoices. In these cases, domains can be added to a Protected Identity so that the domain is associated with that specific person. A good example of this is Quickbooks, which can be used to send out invoices or receipts FROM a specific individual (AP/AR manager) on behalf of that individual or the company as a whole.

Delegated Senders

This is where you place domains that are delegated to send emails on behalf of any Protected Identities. For example, Jira sends out various emails based on actions taken in a specific project. Task updates and comments, etc. can initiate an email from a particular user, or from multiple users. Therefore, when these users are added as Protected Identities, instead of adding Jira.com to each identity, it can be added here and then it would apply to all of the Protected Identities that have been added. This helps you avoid possibly forgetting to add it to one or more individual identities as it applies to all of them.

System

Status

This displays the current status of SpamFoo. This includes the overall health of the engine, its Uptime, its Classification Rate (messages / minute), CPU Usage, Memory Usage, and Queue Size.

Next, SpamFoo licensing information is displayed. This includes the Play type, license status, Plan Features and their respective statuses.

Next, Updates and version information is displayed. This includes the current Client version and different Model versions. Manual update buttons are provided as well for both the SpamFoo Models and the SpamFoo Client. SpamFoo does automatically update these on a regular basis. However, if instructed by SpamFoo or by SmarterTools, manual updates can be performed.

Finally, storage information is shown. This includes the Database Size, WAL Size (Write-Ahead Log), Total Size and the total number of messages SpamFoo has processed.

System Settings

System Settings allow system administrators to manage how SpamFoo works and what's displayed across various pages in the dashboard UI. Several cards are listed:

  • UI Preferences allow the default time range that's displayed. By default this is set to 24 hours but can be changed to Last Hour, Last 6 Hours, Last 7 Days, Last 30 Days
  • The Classification Queue allows the administrator to manage how resource intensive SpamFoo is. They can set the Max Concurrency (defaulted to 2) and Queue Timeout (defaulted to 30 seconds).
  • Logging allows the default minimum amount of information that logged by SpamFoo. The options are, in order of most detail to least: Detailed, Normal, Warning, Error, Fatal. It's worth noting that any level selected includes the details listed below it. For example, "Normal" includes Warning, Error, and Fatal. A "Debug Log Codes" area is also available. Here, and administrator would add in a debug log code provided by SpamFoo or SmarterTools that can capture specific types of information that is helpful in troubleshooting issues.
  • The Data Retention & Storage area allows administrators to select whether Scan History is logged or not (by default, this is enabled) and then how long those logs are stored, in Days. By default, it's set to 7 days.

Logs

Finally, there's the Logs area. If an administrator is familiar with SmarterMail's logging, SpamFoo's is not much different. It's possible to search the SpamFoo logs for almost any information: email address, sender domain, IP address, etc. by date and/or Category (e.g., Classification, System, Errors, etc.). Results are displayed within the interface, or the results can be downloaded locally for further analysis.

Copyright © SmarterTools Inc. All rights reserved.