spamscope v2.8.1 release: Fast Advanced Spam Analysis Tool

SpamScope is an advanced spam analysis tool that uses Apache Storm with streamparse to process a stream of mails.

It’s possible to analyze more than 5 millions of mails (without attachments post processors) for the day with a 4 cores server and 4 GB of RAM.


Why should I use SpamScope

  • It’s very fast: the job is splitted in functionalities that work in parallel.
  • It’s flexible: you can choose what SpamScope has to do.
  • It’s distributed: SpamScope uses Apache Storm, free and open source distributed real-time computation system.
  • It makes JSON output that you can save where you want.
  • It’s easy to setup: there are docker images and docker-compose ready for use.
  • It’s integrated with Apache Tika, VirusTotal, and Thug (for now).
  • It’s free (for special functions you can contact me).

It comes with the following bolts:

  • tokenizer splits mail in token like headers, body, attachments and it can filter emails, attachments and ip addresses already seen
  • phishing looks for your keywords in email and connects email to targets (bank, your customers, etc.)
  • raw_mail is for all third-party tools that analyze raw mails like SpamAssassin
  • attachments analyze all mail attachments and use third-party tools like VirusTotal
  • network analyzes all sender ip addresses with third-party tools like Shodan
  • urls extract all urls in email and attachments
  • json_maker and outputs make the json report and save it



  • hotfix


  • Added debug-iter-topology in makefile to debug running topology
  • Added more stable topologies with iter-files-mails, the uses generator to send mails to topology. It’s memory safe and stable
  • Fixed many bug to avoid topology restarts
  • Added three new topologies that use new spout


git clone
pip install -r requirements.txt
python install



Copyright 2016 Fedele Mantuano