|
Phone 810-762-5735
E-mail
Fine Line Design
1520 Montclair Ave.
Flint, MI 48503
| |
Spam & Virus Filtering
Introducing Spam and Virus
Filtering
Incoming Mail Handler
Scanners
Spam Filtering
Spam Scoring Table
Things to consider
Virus Filtering
What should I do when a high amount of spam gets through the
filters?
What should I do when my legitimate email is being tagged as
spam?
What should I do when I receive notification of virus or
attachment removal?
What should I do when a genuine attachment gets stripped?
How the notification system works - senders don't get notified,
recipients do.
What is Spamhaus, what is ORDB.org?
Email Client setup Guides
Microsoft Outlook
Microsoft Outlook 2003
Microsoft Outlook Express
Eudora
MacOS Mail
Webmail
Introducing Spam and Virus Filtering
Please note:
While we are very pleased to offer this service, no virus scanner will
eliminate 100% of any viruses that may exist now or may be created in the
future. Although we believe the virus scanning system we have in place is very
thorough, we are not guaranteeing that we can intercept all viruses.
Furthermore, our virus/spam scanning system may periodically be taken off line
for maintenance. It is still your responsibility to have up-to-date virus
protection software installed on your computer. We accept no responsibility
for damages a virus may do to your computer that may not have been intercepted
by our virus scanning system.
The anti-spam feature should dramatically reduce the amount of spam you
receive, though there is no 100% effective method of catching spam and we do
not guarantee that all spam will be detected and/or eliminated. We also cannot
100% assure that legitimate email may be not be tagged as spam and cannot be
held liable for an email that may be filtered as a result of being identified
as a virus or spam.
Server101 has introduced a new system for scanning and identifying incoming
mail containing unsolicited messages and common viruses . The anti-virus
system will function by stripping attachments that are common virus deployment
files and identify viruses by signature. The spam filtering system will tag
messages which the system identifies as spam. The filtering system contains
some major components in order to function.
Incoming Mail Handler
All incoming mail is queued for processing by our Mail-Scanning Servers.
Servers connecting to the network are checked for listing on two DNS
blacklists; Spamhaus and ORDB (see further below). A third
in-house blacklist will be constructed over the coming months which will list
common spam/virus delivery platforms residing on dynamic IP addresses, such as
those provided by ISPs for ADSL and home cable connections. This blacklist
will not affect customers who send mail through our SMTP system, it will only
block sources of email who have no business sending email directly via our
servers.
Scanners
Mail queued for scanning is scanned in parallel by a Virus Scanner and by
SpamAssasin (Spam tagging utility).
Firstly, the Virus Scanner will identify Virus signatures contained in
attachments and delete the entire message for positive matches to common
Viruses, such as Sobig.F and Blaster. Other attachments that could potentially
be a Virus (e.g. filename.scr), will be removed but the message text will
still be delivered to the mailbox. (If you are sent legitimate attachments
that are being stripped by the Virus Scanner, you may need to inform the
sender to zip or archive the file first).
Secondly, the mail server performs a test of the entire message and scores the
message according to headers/text found, dictionary of known spam phrases and
the overall format of the message. A score of 5 or more will identify the
message as possible spam. No single characteristic positively identifies a
message as Spam, but rather a combination of characteristics is scored and
added to give a message an overall spam score.
Spam Filtering
Spam filtering is by no means an exact science. Only approximations are made,
there is no black and white method of identifying spam. It is inevitable that
some spam will slip through the filters, and legitimate email may be
incorrectly identified as spam. Our system attempts to negate the impact of
potential mixing at the spam/non-spam threshold by giving the user overall
control of mail filtering.
The system will identify spam messages which score above a 5 on the spam
scale. The subject line of the message will be modified indicating the score,
enabling you to configure your email client to filter/delete messages matching
a score that you can define. i.e. "Subject: [Spam Score sssssss]"
The "s" characters indicate the Spam score of the message. So 5
"s" characters indicate a Spam score of 5, the minimum score for
possible Spam. A score of 20 or more indicates that the message is blatant
spam and the message should be deleted.
Spam Scoring Table
| Score |
Rating |
| 5 |
sssss |
Low Spam score. Two or more spam
characteristics found. Could be legitimate email but more likely to
be spam. |
| 6 |
ssssss |
|
| 7 |
sssssss |
|
| 8 |
ssssssss |
Low to Medium Spam Score. A number of
characteristics identifies this message as possible spam. |
| 9 |
sssssssss |
|
| 10 |
ssssssssss |
|
| 11 |
sssssssssss |
Medium Spam Score. Numerous spam
characteristics, very likely to be spam. |
| 12 |
ssssssssssss |
|
| 13 |
sssssssssssss |
|
| 14 |
ssssssssssssss |
High Spam Score. Very positive hit
identifying spam characteristics. Definitely spam. |
| 15 |
sssssssssssssss |
|
| 16 |
ssssssssssssssss |
|
| 17 |
sssssssssssssssss |
Very High Spam Score. High number of
very common spam characteristics identified. Definitely spam. |
| 18 |
ssssssssssssssssss |
|
| 19 |
sssssssssssssssssss |
|
| 20 |
ssssssssssssssssssss |
Extremely
High Spam Score. All common spam characteristics identified. Message
should be deleted.
|
Things to
consider
You can
modify your rules after getting a feel for what kind of scores your incoming
mail is receiving. You might find you will have to alter your settings if you
are getting Spam mixed with your email or legitimate email is being deleted or
moved because your Spam score threshold is too low. In the future, customers
will be able to configure per mailbox delivery options for Spam mail based on
score, but for now, this system should reduce common incoming Spam and allow
customers to customize their own filters for borderline Spam identifications.
Virus Filtering
The virus scanner will be able to identify common viruses and silently delete
messages containing such viruses. Not all viruses will be silently deleted but
files containing viruses will be stripped and potential virus containers will
also be stripped from the message identified by file extension. Common
disallowed file types are:
.reg .scr .exe .pif .com .vb
Files such as Microsoft Office documents, pdf files and images should not be
affected. If you have questions about the complete list of files we have
configured to be stripped, please contact us.
What should I do when a high amount of spam gets through the
filters?
You can forward a copy of the spam to us with the headers intact so we can
adjust our filters accordingly.
What should I do when my legitimate email is being tagged as
spam?
First check the full headers of the message. You should see a header called:
X-scanner.giga-sj-001.net-MailScanner-SpamCheck:
Below this header, you will see a brief summary of all the characteristics
which positively identified the message as spam. They will probably appear a
little cryptic, but they may give you some insight as to why the message was
tagged.
If only two characteristics are listed and the score is 5, then it's likely a
once only false positive - adjusting your client side mail filters to 6 or 7
should prevent these messages from being deleted or segregated.
If your legitimate mail frequently gets tagged as spam, or some legitimate
messages are being tagged with high scores, then send a copy of the messages
with the full headers intact to us along with an explanation of the
occurrence(s) and the legitimacy of the message, and we will attempt to adjust
our filters accordingly.
What should I do when I receive notification of virus or
attachment removal?
A message which has had a potentially dangerous attachment removed will be
identified by a modified subject line containing the following:
[Alert - dangerous attachment removed]
or if a virus was positively identified:
[Alert - virus was removed]
If you recognize the sender, you can notify him/her that their attachment did
not get through, find out what it was and once you have both determined it is
safe, have the sender place the file in a zip file and resend. We recommend
that you do not attempt to notify unknown senders, whose messages are
positively identified as viruses, as it is likely that the senders address was
faked by the virus to hide its true source. If you are receiving many of the
above messages over a short time frame, please contact us straight away with a
copy of the message and we will attempt to filter the source, or identify the
new strain and add it to our blocking system.
What should I do when a genuine attachment gets stripped?
See above.
How the notification system works - senders don't get
notified, recipients do.
If it is a known virus, such as Klez or Sobig, the message and attachment will
be silently deleted at the server and no notification will be sent to either
the sender or recipient.
When an attachment is found that is not a known virus, but appears to have a
virus attachment, the attachment will be removed but the body of the message
will still be sent to the recipient. The message will also include
notification that an attachment has been removed. The sender will not be
notified.
Common viruses that are silently deleted are:
Klez Yaha-E Bugbear Braid-A WinEvar Palyh Sobig Fizzer Ganda Mimail Gibe-F
We will add viruses to the list that propagate quickly and are massively
annoying as they are released.
What is Spamhaus, what is ORDB.org?
Spamhaus.org SBL is a carefully compiled and researched list of known spamming
organizations and providers that abuse the email system without regard for
internet users in general. If a contact attempts to send email to you, and it
bounces back, referring to Spamhaus.org, then your contact or their
ISP/Network Administrator will need to go to Spamhaus for an explanation of
why their IP address or mail server is listed. Unfortunately, we cannot
de-list servers or addresses so please don't ask us to allow an IP address or
mail server through. For more information, please refer to http://spamhaus.org.
ORDB.org is a database of known open relay mail servers. An open relay mail
server is a misconfigured mail server which can be used by spammers to send
spam and avoid detection. A spammer will commonly use multiple open relay mail
servers to send spam, making filtering difficult by administrators to block
such messages. If a contact attempts to send email to you, and it bounces
back, referring to Spamhaus.org, then your contact or their ISP/Network
Administrator will need to go to http://ordb.org
to ascertain why their IP address or mail server is listed. Usually by
rectifying the problem on the senders side, and notifying ORDB that the server
is no longer open relay will result in a de-listing within about 24 hours.
Unfortunately, we cannot de-list servers or addresses so please don't ask us
to allow an IP address or mail server through. For more information, please
refer to http://ordb.org/about/.
Email Client
Setup Guides
The
following guides will show you how to setup Microsoft Outlook, Outlook
Express, Eudora & Webmail. Your requirements dealing with Spam will likely
vary slightly from what is illustrated here.
|
Webmail
Login to WebMail as usual :
Click on the Mail icon at the bottom of the page. 
Click on the Options icon at the top of the page. 
Under 'Mail Management' click on Filters
Check all 3 tick boxes and click 'Edit your filter riles'. 
In the 'Rule Definition' Dialog, tick Subject in 'Field'. Enter 'Spam Score
sssss' in 'Text'. (Note: number of 's' characters refers to the Spam
score threshold. The more 's' characters the higher the severity of the
email being considered Spam. Refer to the above Spam scoring table.) Under
Action, check the 'move messages to' radio button and select a folder to
store the suspect mail. (You may need to create a folder to store your mail.
This can be done under the 'Folders Icon' at the top of the page.) Click the
Create button at the bottom of the dialog to save your changes. 
Microsoft Outlook 2003
1.
Open Outlook 2003 and click on the 'Tools' drop down menu.
2.
Click on 'Rules and Alerts...'.
3.
Click on the 'New Rule...' button in the 'Rules and Alerts' Dialog box.
4.
STEP 1: Under the 'Stay Organized' category, select 'Move words with
specific words in the subject to a folder'.
5. In
'Step 2:' click on the 'specific words' link to show a new configuration
dialog.
6. In
the 'Specify words or phrases..' field enter 'Spam Score sssss'. (Note:
number of 's' characters refers to the Spam score threshold. The more 's'
characters the higher the severity of the email being considered Spam. Refer
to the above Spam scoring table.) Click the 'Add' button. 
7.
Click 'OK' to return to the 'Rules Wizard' dialog.
8.
Click on the 'specified' link to choose a folder to redirect scored email
to.
9.
Select 'Personal Folders' in the folder tree and click the 'New...' button
on the right-hand site of the dialog.
10.
Type a name for the folder in the 'Name:' field and click 'OK'.
11.
Select the folder you created in the folder tree and click 'OK'.
12.
Click next at the bottom of the dialog box.
13.
Click next at the bottom of the dialog box.
14.
Click next at the bottom of the dialog box.
15.
Click next at the bottom of the dialog box.
16.
Click finish at the bottom of the dialog box.
|
|
