spamscope v2.7.0 release: Fast Advanced Spam Analysis Tool

SpamScope is an advanced spam analysis tool that uses Apache Storm with streamparse to process a stream of mails.

It’s possible to analyze more than 5 millions of mails (without attachments post processors) for the day with a 4 cores server and 4 GB of RAM.


Why should I use SpamScope

  • It’s very fast: the job is splitted in functionalities that work in parallel.
  • It’s flexible: you can choose what SpamScope has to do.
  • It’s distributed: SpamScope uses Apache Storm, free and open source distributed real-time computation system.
  • It makes JSON output that you can save where you want.
  • It’s easy to setup: there are docker images and docker-compose ready for use.
  • It’s integrated with Apache Tika, VirusTotal, and Thug (for now).
  • It’s free (for special functions you can contact me).

It comes with the following bolts:

  • tokenizer splits mail in token like headers, body, attachments and it can filter emails, attachments and ip addresses already seen
  • phishing looks for your keywords in email and connects email to targets (bank, your customers, etc.)
  • raw_mail is for all third-party tools that analyze raw mails like SpamAssassin
  • attachments analyze all mail attachments and use third-party tools like VirusTotal
  • network analyzes all sender ip addresses with third-party tools like Shodan
  • urls extract all urls in email and attachments
  • json_maker and outputs make the json report and save it

SpamScope v2.7.0 has been released.

  • Resolved many bugs
  • Getting only main headers fields from mails. This number can grow very fast.
  • Added a field headers with all headers.
  • Upgraded mail-parser and streamparse.
  • Disabled Zemana integration from code (deprecated).


git clone
pip install -r requirements.txt
python install


Copyright 2016 Fedele Mantuano