Hello everyone
In my previous tests, I had experienced issues related to the installation. This time, I observed that the installation problems were resolved. The installation process was easy and smooth. I conducted a 3-day test with several domain names and 18 email addresses.
I’ve been personally testing and using EFA/SpacyFilter for my infrastructure recently. I had high hopes for this project because the technical foundation is very solid. However, during my individual tests with international mail flows, I encountered some hurdles that I believe are worth discussing for the future of the project. I’d like to share my findings not as a critique, but as constructive feedback from a user's perspective.
1. My Experience with the Management Interface (CSP Observations)
During my setup, I noticed a small but significant challenge with the Content Security Policy (CSP).
What I observed: When I tried to use the "Deliver" or "Whitelist" buttons in the GUI, the CSP settings sometimes intercepted these actions.
My Thought: It felt like the interface and the security layer weren't perfectly in sync, which made it difficult for me to manage my mail queue directly from the panel. I believe making this more flexible would greatly improve the user experience for everyone.
2. Language Penalties and Global Trade
As someone who needs to receive emails in various languages (like Turkish or Chinese), I noticed that the default scoring is quite strict.
The Finding: Legitimate business emails were assigned a +15.0 "Heavy Spam Penalty" simply for being in a non-English language.
My Opinion: In my humble opinion, while this is a great security measure for local businesses, it can be a bit too heavy for those of us dealing with international partners. Seeing a 15-point penalty for a language like Turkish was a bit of a surprise, and I think it might be better if we could adjust these scores easily through the menu.
3. Hardcoded Rules vs. User Choice
I also found some "auto-delete" rules for certain TLDs (like .cn) embedded in the code.
The Challenge: Since these are hardcoded, I had to manually edit Python scripts to allow these communications.
Suggestions: It would be wonderful if the system trusted the admin's manual "Whitelist" or "Deliver" command as the final word, overriding any automated scoring.
Final Thoughts
I truly like the potential of EFA/SpacyFilter. However, in my personal view, the current structure feels a bit too rigid for global use. If we could move these language penalties and TLD rules from the backend code to a simple "On/Off" or "Slider" in the Web GUI, it would make the system much more accessible to users worldwide.
I hope my feedback is taken in the constructive spirit it's intended. I’d love to see this project become the go-to solution for global business mail security!
Now I am entering an observation phase. I believe there will definitely be improvements, and I will conduct another well-observed test at a later time.
Best regards