Setting up a Low Priority Whitelist in IMF Tune

In IMF Tune, whitelisting takes priority over any other SCL rating. If an email matches both a whitelist and a blacklist, the Whitelist rating is stamped as final. Although this is the standard behavior, occasionally we receive requests for setting up a low priority whitelist. This is possible with the help of SCL Rules that whitelist emails only if no blacklist is matched.

Influencing SCL Ratings

IMF Tune provides various options for an administrator to influence email spam ratings. This includes various Whitelists, Blacklists and SCL Rules.

The SCL spam rating can be set to a specific fixed value. This is what Whitelists and Blacklists do. They replace the current email rating with their own. SCL Rules provide extra flexibility. These allow us to fix SCL ratings to any possible value not just the extreme Whitelist or Blacklist levels. Alternatively SCL Rules may be configured to move ratings up or down. Here we can say that if a rule is matched, the current SCL rating should be raised or lowered by the specified value.

Multiple Matches - SCL Rating Priority

With the various Whitelists, Blacklists, and SCL Rules, it is possible for a single email to hit multiple matches. IMF Tune follows a "play safe" rule applying the lowest SCL rating. For example if an email contains both a blacklisted keyword and a whitelisted keyword, the email is whitelisted.

Extending this concept further, if an email matches an SCL Rule configured to fix the SCL to 5 and also matches a blacklisted keyword, the email is finally assigned SCL 5. This happens since SCL 5 is lower than the Blacklist level (Blacklist is the highest SCL rating possible).

SCL Rules applying 'increment by' and 'decrement by' operations are considered to have the lowest priority. The increments and decrements are only computed if no other match is found that would set the email to a fixed SCL rating. If computed, increments and decrements add up so that the final SCL value is the net result.

To recap, these are the priority rules followed when determining the final email SCL rating:

1. Whitelisting is given top priority.

2. Next in priority are the SCL Rules having the lowest 'set value to' SCL value.

3. Next in priority is Blacklisting.

4. Lowest priority is given to SCL Rules having an 'increment by' or 'decrement by' SCL operation.

Low Priority Whitelists

In this article our goal is to create a Whitelist that is lower in priority than Blacklists. This is done with the help of the SCL Rules 'decrement by' operation. A rule that is configured to lower the current SCL rating by 9 will effectively Zero any currently assigned SCL rating.

Since a 'decrement by' operation is only applied to emails that do not match any other standard Whitelist or Blacklist, the SCL Rule effectively behaves as a low priority whitelist.

This solution is not perfect. IMF Tune does distinguish between Whitelisted and SCL 0 emails when it comes to reporting. However as far as the email user is concerned there is no noticeable difference. Both of these ratings identify legitimate emails that are delivered straight to the Inbox.

IMF Tune supports 3 SCL Rule types; Simple, Advanced and External. All of these have the ability to perform a 'decrement by' operation.

Simple and Advanced SCL Rules are most appropriate when dealing with a specific type of email or solving a one-off problem. Once the rule is setup and working an Administrator would hardly ever modify the rule configuration again.

External SCL Rules are more appropriate when setting up a low priority whitelist that needs more regular updating. If we plan to keep adding new keywords/addresses to the whitelist, External Rules provide a simpler (even if more raw) interface.

Simple SCL Rule Configuration

1. Open the IMF Tune configuration and go to SCL Rules | Simple SCL Rules

2. Select 'Apply simple SCL Rules'

3. Click Add

4. Configure the Simple SCL Rule making sure to select:
   Operation: 'decrement by'
   SCL Change: 9

   In the image that follows we configure the rule to match the Subject keywords:
   Document Review

   NOTE: Select the type of email information to be matched from the Header/SMTP command field. Apart for headers, here we can choose to match body keywords, sender/recipient addresses, attachment names, IPs and other information.

   

5. Click Ok to save the Rule.

6. Close the Configuration or Click Apply to save changes.

Advanced SCL Rule Configuration

For a detailed discussion on Advanced Rules configuration please check the IMF Tune Server Manual. Here we skim through the configuration just to illustrate the most important steps in the setup of a low priority whitelist.

1. Open the IMF Tune configuration and go to SCL Rules | Advanced SCL Rules

2. Select 'Apply advanced SCL Rules'

3. Click Add

4. Enter a Rule name under Display Name and click Next

   

5. Configure the Conditions you want the email to match for it to be whitelisted. For example to match a subject keyword:

   • Select 'Subject contains words'
   • Click the words link and...
   • ...specify the keywords to be matched

   

6. Click Next to move to the Action configuration step and configure this as follows:

   • Select 'Decrement Spam Confidence Level (SCL) by value'
   • Click the value link and...
   • ...enter 9 in the dialog that opens

   

7. Click Next to move to the Exceptions configuration. Configure Exceptions (if any) and continue following the Wizard to the end.

8. Save Changes.

External SCL Rule Configuration

1. At the IMF Tune server create an empty text file. For example we could name this Subject_Keywords.txt

2. Open the IMF Tune configuration and go to SCL Rules | External SCL Rules

3. Select 'Apply external SCL Rules'

4. Click Add

5. Configure the External SCL Rule making sure to select:
   Operation: 'decrement by'
   SCL Change: 9

   In the image that follows we configure the rule to match Subject keywords.

   NOTE: Select the type of email information to be matched from the Header/SMTP command field. Apart for headers, here we can choose to match body keywords, sender/recipient addresses, attachment names, IPs and other information.

   

6. Click on Browse and select the File created in Step 1.

7. Click on the Schedule configuration page and specify how often IMF Tune is to read the external file.

   

8. Click Ok to save the Rule.

9. Close the Configuration or Click Apply to save changes.