Get_SPAM_Score

Get_SPAM_Score takes specific information from the email's header, analyzes it, and generates a spam score. It returns the score back to the parent playbook.

1. Trigger - takes multiple fields from the email's header and forwards them to the following block. They will be analyzed to generate a spam score.

2. If Then [DKIM Test] - uses the Email Authentication Method, DKIM, to check if the email came from an authorized owner/sender. If the email is valid, it gets a score of 0; else, it gets a score of 10, which is passed to the following block.

3. If Then [SPF Test] - uses the Email Authentication Method, SPF, to check if the email came from an authorized owner/sender. If the email is valid, it gets a score of 0; else, it gets a score of 10, which is passed to the following block.

4. If Then [Return-Path] - checks if the return path of the email is same as the sender. If it's same, the email gets a score of 0; else, it gets a score of 20, which is passed to the following block.

5. If Then [X-distribution Test] - checks if the email has been sent to multiple recipients. If it has, the email gets a score of 20; else, it gets a score of 0, which is passed to the following block.

6. If Then [x-UIDL Test] - checks if the email has an x-UIDL header, which is generally added to the receiver's server. If it has, the email gets a score of 20; else, it gets a score of 0, which is passed to the following block.

7. If Then [bcc Test] - checks if the email has recipients in bcc. If it has, the email gets a score of 20; else, it gets a score of 0, which is passed to the following block.

8. Format - formats the score given by the previous block in text format.

9. Script - runs the Python script to combine all the scores and returns the spam score.

10. Format - formats all the scores from the test and also the spam score in a specific syntax.

11. Case Item - writes the formatted output to the case that has been created in the Logpoint.

12. End - forwards the spam score to the parent playbook.