Several people have commented or emailed me asking me for my IMF settings, since I mentioned that I am using the IMF on my personal mail server. There are basically three settings for IMF:
- The Spam Confidence Level threshold for acting at the gateway, as part of the SMTP conversation
- What to do if you act on the message at the gateway (reject, accept and archive, or accept and delete)
- The Spam Confidence Level threshold for putting messages into a user's Junk Mail folder
If you have acquired IMF, hopefully you looked at the documentation, which tells you about the performance counters that you can use to look at how many messages the IMF has classified into each bucket. The best way to determine what your threshold should be is to run the IMF on your normal mail load and look at how many messages fall into each bucket (1-9). 9 is the messages most likely to be spam, 1 is the messages least likely to be spam.
Now, on to actually answering the question: I run 8 as the threshold to reject at the gateway, and 4 as the threshold to put messages into the Junk Mail folder. I have noticed a few false positives at this level, but for me it's acceptable and I look at the junk mail folder periodically. I get about 50 messages in my junk mail folder per day, with an average of 0.25 false positive per day. I get an average of 2 false negative (spam that makes it into my inbox) per day. This is vastly superior to what I was getting with Spamassassin before I switched my mail to Exchange 2003 several months ago. I run 4 as the junk mail folder threshold because I really get very little important mail to this domain, so I would rather err on the side of putting things into the junk mail folder.
Note: other spam marking software may use different criteria to set the SCL, so these numbers are only valid for the Microsoft IMF.