2. Once the server has received the email, it then scans the email and compares it to a list of rules. Every time a rule is matched, the server adds points to the email. 3. When the server completes the scan of the email, it takes the total number of points assigned to that email and compares that point value with the maximum allowed points. If the point value is over the maximum the server marks the message as spam.
I typically expand these points when I'm explaining it to my users. I say something along the lines of...
SA compares the message to characteristics of spam messages that other people have seen. Each characteristic is a rule, and each rule has a point value for how strong an indicator of spam it is. When a rule is matched, its point value is added to the message's total. If the final total is higher than a certain threshold, the message is considered spam.
You could also explain that there's some rules with negative point values, and these represent characteristics that are more common of legitimate messages, but that's an added detail that only muddies the waters.
And FWIW, I don't think it's a silly question at all. Some people have the luxury of only filtering their own mail, and can be as hard-line as they want. The rest of us have to work with laymen who have no idea how email really works and are simply frustrated that they receive junk.
