profile weighted-analysis
Use this command to configure weighted analysis profiles. To avoid false positives and false negatives, you can adjust ("weight") the scores of each type of suspicious behavior, and the total score threshold that an email must reach to be categorized as spam.
To use a weighted analysis profile, select it in an antispam profile.
Syntax
config profile weighted-analysis
edit <profile_name>
config rule
edit <order_index>
set name <rule_name>
set cousin-domain-score <score_float>
set dictionary-profile <profile_name>
set dictionary-threshold <limit_int>
set action-keyword-score <score_float>
set intelligent-analysis-score <score_float>
set malformed-email-score <score_float>
set relationship-strong-score <threshold_int>
set relationship-weak-score <threshold_int>
set sender-alignment-score <score_float>
set suspicious-character-score <score_float>
set url-profile <profile_name>
set url-profile-score <score_float>
next
end
end
Variable |
Description |
Default |
Enter the name of the weighted-analysis profile. |
|
|
Enter a descriptive comment. |
|
|
Enter the numerical order of the rule in the profile. |
|
|
name <rule_name> | Enter a name for the rule. |
|
Enable or disable the rule. |
enable |
|
action <profile_name> | Enter the name of an action profile. |
|
Enter the minimum total score that triggers the The total score is determined by adding all weighted scores in the rule ( |
50.000000 |
|
cousin-domain-score <score_float> | Enter a weight-adjusted score for domain name impersonation. |
10.000000 |
Enter the name of a dictionary profile that contains words or phrases that typically only spam has. Keywords are often a "call to action" that motivates the user to reply or click a hyperlink. For example, "Click here", "transfer", "money", "dollars", "bank account", "conference attendee", etc. |
|
|
Enter the threshold for dictionary profile matches. When the dictionary profile scans an email, it counts the number of matching words or phrases, and adjusts this total according to pattern-weight <weight_int> and pattern-max-weight <weight_int>. If the result equals or exceeds this threshold, then FortiMail applies the weighted score defined in action-keyword-score <score_float>. |
1 |
|
action-keyword-score <score_float> | Enter a weight-adjusted score to apply if an email equals or exceeds the limit in dictionary-threshold <limit_int>. |
10.000000 |
Enter a weight-adjusted score for intelligent analysis detections. Multiple factors contribute to intelligent spam analysis in order to reduce false positives, including:
|
50.000000 |
|
malformed-email-score <score_float> |
Enter a weight-adjusted score for malformed emails. Malformed emails are those emails that contain malformed data in the email structure, header, or body. For more information, see RFC 7103. |
10.000000 |
Enter the score for strong or weak relation result obtained from querying FortiGuard Sender and Recipient Relationship (SRR). FortiGuard Social Database contains the social mapping of the email communication flow. For example, if user1@1.example.com and user2@2.example.com have regular communication, then their SRR is strong; if they have no history of communication before, then their SRR is weak. |
-30.000000 |
|
Enter the score for weak relation result obtained from querying FortiGuard Sender and Recipient Relationship (SRR). |
20.000000 |
|
Enter a weight-adjusted score for sender domain mismatches. Sender alignment compares the message header ( |
10.000000 |
|
Enter a weight-adjusted score for suspicious characters. Detects internationalized domain name (IDN) homograph attacks. If domain names in URLs, sender email addresses, or recipient email addresses have Unicode characters that are from different languages yet look similar (for example, |
10.000000 |
|
Enter the name of a URL profile detect spam or phishing hyperlinks in email. |
unrated |
|
url-profile-score <score_float> | Enter a weight-adjusted score for email with spam or phishing URLs. |
10.000000 |