SpamFoo User and Domain Administrator Dashboard
SpamFoo is an AI-driven antispam and classification engine that is available to all SmarterMail users. While the antispam capabilities are managed by the server administrator, when enabled, SpamFoo's classification engine is available for free to all users. As such, each user has access to the SpamFoo Dashboard, which provides insight into how SpamFoo classifies messages and offers users the ability to set up some default antispam settings (when antispam is enabled) and default classification rules. Think of it as the "behind the scenes" view of the classification tabs and spam filtering you see in webmail: the dashboard shows you what SpamFoo has been doing with your mail, and lets you adjust its decisions.
There is one dashboard that caters to both users and domain administrators. The main difference is that domain administrators will see an additional option for their role that provides domain-level details and options. Both views are covered below.
Opening the Dashboard
To open the SpamFoo Dashboard, go to the Email area of webmail and click the Actions (⋮) icon at the top of the folder pane, then select SpamFoo Dashboard. The dashboard opens in its own browser window, so you can keep it open alongside webmail. You're signed in automatically — no separate login is required.
My Email
The user view is the primary interface for individual mailbox owners. It gives you a personal view of your spam filtering activity and lets you tune how SpamFoo handles your email.
Overview
The top of the dashboard shows three statistics for the past 30 days: how many spam messages were blocked, how many legitimate emails were delivered, and how many sender rules you have active. These numbers update in real time and give you a quick sense of how much filtering is happening on your account. For example, if you know a newsletter never arrived, a quick glance here tells you whether SpamFoo has been blocking mail recently — a hint to check your rules and Junk Email folder.
Where Your Emails Go
The "Where Your Emails Go" table shows every category SpamFoo routes mail into:
- Primary - Important personal and work email that requires your attention. This is the default category: if a message doesn't clearly fit anywhere else, it lands in Primary.
- Transactions - Receipts, orders, and deliveries: purchase receipts, shipping notifications, billing and account activity.
- Updates - News, subscriptions, and social: newsletters, notification emails, and social media alerts.
- Promotions - Special offers, deals, and marketing mail from retailers.
- Spam - Everything blocked entirely.
The counts reflect the past 30 days and let you see at a glance whether SpamFoo is sorting your mail the way you expect. If the numbers look off — say, far more mail in Promotions than seems right — that's your cue to retrain SpamFoo by dragging misclassified messages onto the correct classification tab in webmail.
My Rules
When enabled by the system administrator as an additional antispam measure, users can customize how SpamFoo handles certain senders — by email address or domain — right from their SpamFoo Dashboard. They also have the ability to see a list of these custom rules and manage them as they see fit. Rules come in three varieties:
My Spam Rules
Listed are any custom rules a user creates. These rules can be based on a specific email address or an entire domain. For example, you might create a rule that always allows mail from your bank's domain, or one that always blocks a persistent sender that keeps slipping past the filters.
Trained Spam Rules
Listed are rules that were created automatically, based on explicit actions you've taken in webmail. SpamFoo watches how you correct its spam decisions and learns from them:
- If a message is marked as spam by SpamFoo but you rescue it — using the "Move to Inbox" button or manually moving it out of the Junk Email folder — SpamFoo notes that correction and creates a rule so similar mail from that sender is delivered in the future.
- Conversely, if a message reaches your Inbox but is clearly spam, and you click the Move to Junk button or drag it into the Junk Email folder, SpamFoo notes that decision and creates an associated rule blocking similar mail.
While these trained rules cannot be edited, they can be deleted. If you delete one, the next correction you make for that sender simply creates a new rule. This is useful when a rule was trained on a decision you've since changed your mind about — for example, if you junked a mailing list you've now re-subscribed to.
Trained Classification Rules
These work the same as trained spam rules, but are intended to help manage your classifications rather than spam. SpamFoo learns whenever you move a message from one classification to another — for instance, dragging a newsletter from Promotions onto the Primary tab and choosing to reclassify all mail from that sender. Like trained spam rules, these can be deleted but not edited.
Domain Administrator View
In addition to their own dashboard, domain administrators have an additional view that gives them visibility of the domain as a whole. It combines a full view of domain-wide filtering activity with tools to set rules that apply to everyone on the domain.
Domain Overview
To start, there are four summary cards that show the health of the domain over the past 30 days: total email received by the domain, spam blocked across all mailboxes, phishing messages blocked, and legitimate email delivered.
The next card shows the percentage of spam that SpamFoo caught. These numbers give the administrator an at-a-glance view of how much filtering is happening across the organization.
The "Email Breakdown" table breaks down how all email across the domain was routed in the past 30 days, using the same five categories as the user view (Primary, Transactions, Updates, Promotions, and Spam). This lets domain administrators spot unusual patterns — for example, an unusually high spam rate might indicate a spam campaign targeting the domain, while a sudden jump in blocked phishing suggests employees should be warned to be on their guard.
Rules & Protection
On the Rules & Protection page, there are two tabs:
- Domain Rules, and
- Protected Identities
Domain Rules
Domain rules apply to every user in your domain, and users cannot override them. This is where you configure organization-level policy: blocking a competitor's domain, ensuring a trusted vendor is always allowed through, or routing a known internal sender to Primary.
Like personal rules, domain rules support exact addresses and wildcards (e.g., *@vendor.com), and they track how many times each rule has fired so you can see which ones are actually doing work. A rule that has never fired may be a candidate for cleanup; one firing constantly may deserve a closer look.
To add a rule, click the Add Rule button. To edit or delete an existing rule, click Edit in the rule's row.
The rules hierarchy is: server rules, then domain rules, then user rules. Your domain rules override individual user preferences, but server-wide rules set by the system administrator take priority over domain rules. For example, if a user has personally blocked a sender that your domain rule allows, the domain rule wins — and if the system administrator has blocked that sender server-wide, mail is blocked regardless of the domain rule.
Protected Identities
The Protected Identities area is SpamFoo's Business Email Compromise (BEC) and impersonation protection feature.
In any organization, there are people, positions, and addresses that are worth protecting: a CEO or CTO, IT Manager, HR Manager, payroll manager, etc. These roles carry authority, so their email addresses are prime targets for impersonation during phishing attacks. For example, the email address of a payroll manager can be spoofed to try and trick employees into providing banking or paycheck information. Adding these people as Protected Identities tells SpamFoo to scrutinize mail claiming to come from them.
At the same time, these people — or the organization — may have legitimate systems set up that send email "as" that person or role: bug tracking systems, HR platforms, accounting systems like QuickBooks, etc. For example, authentication requests or invoices. In these cases, domains can be added to a Protected Identity so that the domain is associated with that specific person. A good example of this is QuickBooks, which can be used to send out invoices or receipts FROM a specific individual (an AP/AR manager) on behalf of that individual or the company as a whole. Associating quickbooks.com with that manager's Protected Identity means those invoices flow normally, while a phisher spoofing the same manager from an unknown domain gets caught.
Delegated Senders
This is where you place domains that are delegated to send emails on behalf of ALL Protected Identities, rather than just one. For example, Jira sends out various emails based on actions taken in a specific project — task updates, comments, etc. can initiate an email from a particular user, or from multiple users. When those users are added as Protected Identities, instead of adding the Jira domain to each identity individually, it can be added once as a Delegated Sender and it applies to all of the Protected Identities that have been added. This also helps you avoid forgetting to add it to one or more individual identities as new ones are created.