Friday 12th February 2016Login | Register
Pages: [1] 2 3

Interpreting headers added by Postini

« on 05/12/2007, 00:28 »
The Postini system adds a number of headers to emails which are not easy to interpret. For an explanation of these headers go to:

Also available is a tool in to which the headers for any email which has gone through the Postini servers can be posted. This gives a detailed analysis of of why an email was or was not considered spam:

A sample of the results from this tool for a spam email is attached at the end of this post.

As interpreting the headers is tedious, Plusnet have been adding a special header (X-pn-pstn). This single header tells you how "spammy" a message was considered to be by Postini. Advanced users may wish to implement mail rules based on this header.

14/01/2008 Bob Pullen has announced a change in the way headers are added to emails and the implementation of tagging with [-SPAM-] based on the Postini scoring in a post here. This post containing the following information:

  • Enable subject line tagging based on Postini headers.
  • Bypass Dspam for those on the Postini platform (effectively turning it off).
  • Enable virus quarantining (The notifications have not been getting sent for those on Postini up until now).
  • Lower the spam threshold so that the subject line of emails are only tagged for messages scoring below 0.15 (The original perception was that we'd be doing this for messages scoring below 0.30 - This is of course subject to review and feedback).
  • Introduce a 'sliding scale' for the X-pn-pstn header. There will be 5 basic levels of spam detection:
X-pn-pstn: Spam 1 (Subject line tagged with [-SPAM-])
X-pn-pstn: Spam 2
X-pn-pstn: Spam 3
X-pn-pstn: Spam 4
X-pn-pstn: Spam 5

These levels will be based on the following spam scoring (hope this makes sense):

(1) < 0.15 > (2) < 0.30 > (3) < 1.00 > (4) < 3.00 > (5) < 8.00

Further information on viewing email headers can be found here -

Edit: This post has been rewritten to contain the latest information available on this subject.

« Last Edit: 14/01/2008, 20:21 by jelv »

« Reply #1 on 05/12/2007, 06:39 »
That's pretty helpful.

« Reply #2 on 09/12/2007, 10:56 »
Would one of the moderators like to add this information to the useful links page?
« Reply #3 on 10/12/2007, 12:24 »
From another topic a useful link that does the job for you:

If you want a helping hand interpreting the headers of a specific e-mail go to


Thanks Phil
« Reply #4 on 10/12/2007, 12:30 »
To the moderators - could this be made sticky?
« Reply #5 on 10/12/2007, 20:02 »
The trial is of limited duration, but when Postini goes live for all users these headers are going to be in everybodies  emails. Interpreting DSPAM headers isn't complicated, but how many people could look at
X-pstn-levels: (S:41.96081/99.90000 R:95.9108 P:95.9108 M:95.5423 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r p m c

X-pstn-levels: (S: 0.00233/94.89055 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r p m c

and tell you which was spam and which wasn't without some guidance?
« Reply #6 on 10/12/2007, 20:49 »
Long term useful links is the right place - but this is a real hot topic at the moment and I feel it needs prominence.

Given that the forum has 7041 members and the useful links has only been read a total of 1330 times I think it would be buried in there.
  • Chilly
  • Posts: 4657
  • Quis custodiet ipsos custodes?
  • View Profile
« Reply #7 on 12/12/2007, 19:41 »
Moderators Note

Post bumping this thread have been removed.

aka Chilly
Most network issues occur at layer 8 of the OSI model.
« Reply #8 on 12/12/2007, 20:53 »
Temporary "sticky" status granted.
Former MetroNet forum Mod.

Don't take life too seriously. You'll never get out of it alive.
« Reply #9 on 12/12/2007, 21:10 »
Many thanks Bill (I'll try to remember to flag it up to the moderators when it has served it's purpose).

If anyone comes across anything that they think needs to be included in the first post in this topic please flag it up and I'll update it.
  • James_H
  • Guest
« Reply #10 on 17/12/2007, 14:58 »
[snip]...but how many people could look at
X-pstn-levels: (S:41.96081/99.90000 R:95.9108 P:95.9108 M:95.5423 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r p m c

X-pstn-levels: (S: 0.00233/94.89055 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r p m c

and tell you which was spam and which wasn't without some guidance?

I'm gonna say I think the first is the one more likely to be considered spam - a guess made without any knowledge or understanding (or really caring) about the postini thingummybob.

Suppose I have a 50/50 chance Grin
« Reply #11 on 17/12/2007, 15:08 »
50/50 chance and...
WRONG!I think you've just proved why my post is needed!
  • James_H
  • Guest
« Reply #12 on 17/12/2007, 15:21 »
I think you missed my point! (on reflection, should read "I think you missed my blunt!")

I suspect that the majority of users don't really care - I looked for the tongue-in-cheek emoticon but couldn't find it.

50/50 chance was supposed to highlight the fact that I just chose one without even looking.

Will make a note to try harder with the humour in future. Wink
« Reply #13 on 17/12/2007, 15:23 »
I may not be the majority but I care and Jelv's link is very useful
Contact Phone Number 0800 432 0200  Customer Options 0800 013 2632        Current Line Speed

Old Harry Rocks
  • James_H
  • Guest
« Reply #14 on 17/12/2007, 15:27 »
I didn't say it wasn't useful. Tongue
« Reply #15 on 21/12/2007, 10:36 »
Let me try to help here as one of the people that worked on the internal, and live trials. There are several PSTN headers, excluding the Plusnet introduced X-pn-pstn ones. Jelv's has correctly identified two of the most important, but you should also see one for 2strike. Let me try to explain these;

x-pstn-level - This is the only one which actually scores the email, the others are hints that can be used with this header. The first number after the S: goes from 99.9999, not spam, to 0 which is definite spam. If we were using the Postini quarantine system on level 1 anything which was 0.15 would land in their quarantine, level 2 is 0.25. The R:, P:, M:, and C: scores are ratings for specific types of spam.  These are "Sexually Explicit", "Get Rich Quick", "Special Offers", and "Racially Insensitive". The closer they get to 100 the more probable the email is spam.  Each one of these can be set to a different level, but again changing this only has relevance when using the Postini quarantine at the moment.
X-pstn-settings - This gives the current levels which are set for the detection engine, and we use level 1. This actually has little relevance due to not using the Postini quarantine.

x-pstn-2strike - If an email is received from a source, and looks like spam, then the first instance is assumed to be "clear". Postini block spams which they are 100% sure of, and so if a source is spamming until it generates a level great enough to trigger blocking this header can be used to tag an email as suspect, rather than definitive spam.

You may also see a header for "neptune", though this one is still being worked on by Postini.  At the moment we don;'t make use of this as we only got access to the header one week before commencing the live trial.

How do we use this. Well to be brief we add the x-pn-pstn header according to the following rules;

x-pn-pstn = 1 means that 2strike is present and not set to clear. Plus the S: level is less than 0.3.
x-pn-pstn = 2 means that the 2strike is not present, or present and set clear. Also the S: level is < 0.2

NOTE - If all your emails are missing these headers, but you are on the trial and can see a Postini server in the received list of the header, this would mean that your default user is missing from your domain.

I hope this helped to clarify some points. Have a good Christmas and new year.

Kind regards, Geoff Mitchell
Plusnet Senior Network Engineer
Pages: [1] 2 3
Jump to:  

Related Sites

Community Apps

Here at Plusnet we're always trying to use clever open source things to make our lives easier. Sometimes we write our own and make other people's lives easier too!

View the Plusnet Open Source applications page

About Plusnet

We're a Yorkshire-based provider selling broadband and phone services to homes and businesses throughout the UK. Winner of the ISPA 2010 'Best Consumer Customer Service ISP' Award, we're proud to offer the UK's best value standalone broadband.

© Plusnet plc All Rights Reserved. E&OE

Powered by SMF | SMF © 2006-2008, Simple Machines LLC

Add to Technorati Favourites