Back to Home

Rspamd 4.0: spam filtering updates

Rspamd 4.0.0 introduces fuzzy phishing detection in HTML, support for 8 fuzzy flags and token balancing. Added GPT extensions, rspamadm commands and DKIM RFC compliance. Fixes for PDF and ASCII85 improve stability.

Rspamd 4.0.0: anti-phishing and optimizations for spam filters
Advertisement 728x90

Rspamd 4.0.0: Key Updates in Spam Filtering and Anti-Phishing

Rspamd 4.0.0 was released at the end of March 2026. Lead developer Vsevolod Stakhov unveiled this major release of the spam filtering system that's been around since 2011. The codebase, written in C, C++, and Lua, is available on GitHub under the Apache 2.0 license. The previous version, 3.0.0, came out in October 2021. The update focuses on better threat detection, performance optimizations, and standards compliance.

Improvements in Phishing Detection and Fuzzy Hashes

Fuzzy phishing detection in HTML is now more deeply integrated. The system supports up to eight flags based on fuzzy hashes. Content URLs are processed by default, with automatic SSL detection. This boosts the accuracy of classifying suspicious links without any extra configuration.

The libfasttext library has been removed and replaced with an mmap stub to cut down on dependencies. SenderScore RBL blocks are disabled by default—a MyValidity account is required to enable them.

Google AdInline article slot

Training Optimization and Load Balancing

Neural auto-learning parameters have been renamed to align with RBL module conventions. Token-based load balancing is now enabled by default for proxy servers, replacing round-robin. Ring Hash (Ketama) delivers consistent hashing with minimal disruptions and quick recovery.

headers_checks now includes Reply-To validity checks. Authentication-Results from upstream servers are taken into account. Fuzzy hashes are stored in Redis to track historical matches.

Subtokens from attachment filenames have been integrated into the Bayesian classifier, improving accuracy based on metadata.

Google AdInline article slot

New Modules and Tools

The GPT module has been expanded with configurable consensus thresholds and a context_augment hook for customization. New rspamadm subcommands have been added:

  • autolearnstats — auto-learning statistics;
  • logstats — log analysis;
  • mapstats — map statistics.

RFC DKIM compliance: unknown or non-functional keys are handled strictly per the specification.

Fixes and Improvements

Fixed issues with ASCII85 decoding. Added a workaround for PDF object overflows during text extraction from attachments. These fixes reduce false positives and parsing errors.

Google AdInline article slot

This update is recommended for all Rspamd installations, especially in high-load environments handling heavy email traffic.

Key Takeaways

  • Fuzzy HTML phishing detection and support for 8 fuzzy flags by default.
  • libfasttext replaced with mmap stub and SenderScore disabled without registration.
  • Token-based load balancing and Ring Hash for proxies.
  • GPT module extensions and new rspamadm commands.
  • RFC DKIM compliance and PDF/ASCII85 fixes.

— Editorial Team

Advertisement 728x90

Read Next