Rspamd 4.0.0: Key Updates in Spam Filtering and Anti-Phishing
Rspamd 4.0.0 was released at the end of March 2026. Lead developer Vsevolod Stakhov unveiled this major release of the spam filtering system that's been around since 2011. The codebase, written in C, C++, and Lua, is available on GitHub under the Apache 2.0 license. The previous version, 3.0.0, came out in October 2021. The update focuses on better threat detection, performance optimizations, and standards compliance.
Improvements in Phishing Detection and Fuzzy Hashes
Fuzzy phishing detection in HTML is now more deeply integrated. The system supports up to eight flags based on fuzzy hashes. Content URLs are processed by default, with automatic SSL detection. This boosts the accuracy of classifying suspicious links without any extra configuration.
The libfasttext library has been removed and replaced with an mmap stub to cut down on dependencies. SenderScore RBL blocks are disabled by default—a MyValidity account is required to enable them.
Training Optimization and Load Balancing
Neural auto-learning parameters have been renamed to align with RBL module conventions. Token-based load balancing is now enabled by default for proxy servers, replacing round-robin. Ring Hash (Ketama) delivers consistent hashing with minimal disruptions and quick recovery.
headers_checks now includes Reply-To validity checks. Authentication-Results from upstream servers are taken into account. Fuzzy hashes are stored in Redis to track historical matches.
Subtokens from attachment filenames have been integrated into the Bayesian classifier, improving accuracy based on metadata.
New Modules and Tools
The GPT module has been expanded with configurable consensus thresholds and a context_augment hook for customization. New rspamadm subcommands have been added:
- autolearnstats — auto-learning statistics;
- logstats — log analysis;
- mapstats — map statistics.
RFC DKIM compliance: unknown or non-functional keys are handled strictly per the specification.
Fixes and Improvements
Fixed issues with ASCII85 decoding. Added a workaround for PDF object overflows during text extraction from attachments. These fixes reduce false positives and parsing errors.
This update is recommended for all Rspamd installations, especially in high-load environments handling heavy email traffic.
Key Takeaways
- Fuzzy HTML phishing detection and support for 8 fuzzy flags by default.
- libfasttext replaced with mmap stub and SenderScore disabled without registration.
- Token-based load balancing and Ring Hash for proxies.
- GPT module extensions and new rspamadm commands.
- RFC DKIM compliance and PDF/ASCII85 fixes.
— Editorial Team
No comments yet.