Anti-Spam Parameters

The default SpIDer Mail settings, including Anti-Spam settings, are optimal for most cases. Do not change them unnecessarily.

To enable or disable email scan for spam

1.Open Dr.Web menu Dr.Web icon, then select Security Center.

2.In the open window, click Files and Network tile.

3.Make sure Dr.Web operates in administrator mode (the lock at the bottom of the program window is open ). Otherwise, click the lock .

4.Click the SpIDer Mail tile. A component parameters window opens.

Figure 39. Email scan parameters

5.In the Anti-Spam section, enable or disable mail scan for spam using a corresponding switcher .

Configuring Anti-spam parameters

1.In the Anti-Spam group, click Parameters.

Figure 40. Changing Anti-spam parameters

2.In the open Anti-Spam parameters window, enable or disable the necessary options.

Figure 41. Anti-Spam parameters

Available scan settings (enabled by default)



Allow Cyrillic text

Select this check box to prevent SpIDer Mail from marking Cyrillic emails as spam without prior analysis. Otherwise, such emails are most likely to be marked as spam.

Allow Asian text

Select this check box to prevent SpIDer Mail from marking emails with the most spread Asian encodings as spam without prior analysis. Otherwise, such emails are most likely to be marked as spam.

Add the prefix to subjects of spam messages

By default, SpIDer Mail adds the [SPAM] prefix to the Subject field of all spam messages. You can change this prefix.

Instructs SpIDer Mail to add a special prefix to subjects of spam messages.

Using a prefix allows you to create filter rules for spam in those mail clients (for example, Microsoft Outlook Express) where it is not possible to enable filtering by headers.

3.To save the settings, click OK.

Additional information

Anti-spam technologies

Dr.Web Anti-spam technologies consist of rules that can be divided into several groups:

Heuristic analysis—a technology that empirically analyzes all parts of a message: header, message body, and attachments, if any.

Detection of evasion techniques—a technology that detects evasion techniques adopted by spammers to bypass anti-spam filters.

HTML signature analysis—a technology that compares messages containing HTML code with a list of known patterns from the anti-spam library. Such comparison, in combination with the data on sizes of images typically used by spammers, helps to protect users against spam messages with HTML code linked to online content.

Semantic analysis—a technology that compares the words and phrases of a message (both visible to the human eye and hidden) with words and phrases typical for spam using a special dictionary.

Anti-scamming—a technology that filters scam and pharming messages including so-called “Nigerian” scams, loan scams, lottery and casino scams, and false messages from banks and credit organizations.

Technical spam—a technology that detects bounces that are delivery-failure messages sent by a mail server. Such messages are also sent by a mail worm. The bounces are detected as unwanted.

Processing mail by spam filter

SpIDer Mail adds the following header to the processed messages:

X-DrWeb-SpamState: <value>, where <value> indicates whether the message is considered by SpIDer Mail as spam (Yes) or not (No).

X-DrWeb-SpamVersion: <version>, where <version> indicates Dr.Web Anti-spam version.

X-DrWeb-SpamReason: <spam rate>, where <spam rate> includes a list of evaluations on various spam criteria.

You can use these headers and the prefix in the Subject field, if selected, to configure email filtering for your mail client.


If you use IMAP/NNTP protocols, configure your mail client to download complete messages from mail server at once, i.e. without previewing their headers. This is required for correct operation of the spam filter.


Spam filter processes email messages composed in accordance with the MIME RFC 822 standard.

To improve performance of the spam filter, you can report to Doctor Web errors in spam detection.

Spam detection errors

If you find an error in the spam filter:

1.Create a new email and attach the message that was processed incorrectly. Messages included in the email body are not analyzed.

2.Send the message with the attachment to the anti-virus network administrator.