SPAM Filtering - Tuning
Spam Filtering Service uses a rule base of hundreds of rules to perform a wide range of heuristic tests on e-mail headers and body text to identify spam, also know as unsolicited commercial e-mail. This makes it much harder for spammers to identify one aspect which they can exploit to work around.
Tactics used by our Spam Filtering Service include:
- Header analysis: By analyzing e-mail headers using a wide variety of local and network tests, our Spam Filtering Service tries to find the tricks that spammers use to try to hide their identities, fool you into thinking they've sent a valid e-mail, or fool you into thinking you must have subscribed at some stage.
- Text analysis: By using similar techniques to analyze the body of the e-mail message, our Spam Filtering Service finds the many characteristic styles used by spammers. This includes items like characteristic disclaimers and CYA text.
- Blacklists: Our Spam Filtering Service also checks many public blacklists. These lists are used to help identify sources of repeated spamming and other network abuse.
- Allow/Deny lists: Gives you the flexibility to allow or deny e-mail from specific e-mail addresses, domains, and address patterns.
Once identified, the mail can then be optionally tagged as spam. Quarantine and delete settings control how a message is handled, once it is identitfied as spam.
To make our Spam Filtering Service as effective as possible, some tuning is required. Tuning the Spam Filtering Service is done using using our Queue Management System. Here are some pointers to help with this process:
Allow / Deny Addresses Lists:
- Add e-mail addresses that commonly send you spam to your deny list. Here is an example: user@example.com. This would cause all e-mail from user@example.com to be marked as spam.
- Add entire domains that commonly send you spam to your deny list. Entire domains can be added in the following form: *@example.com. This would cause all e-mail from any user @example.com to marked as spam.
- Add domain patterns that commonly send you spam to your deny list. Here is an example: *@*.example.com. This example would cause all e-mail from any user in any domain that ends with .example.com to be marked as spam.
- Add e-mail addresses that send you legitimate e-mail that is commonly marked as spam to your allow list.
- Add entire domains that send you legitimate e-mail that is commonly marked as spam to your allow list.
- Add domain patterns that send you legitimate e-mail that is commonly marked as spam to your allow list.
General Settings:
- 'Required Hits' - This value controls the score at which e-mail is identified as spam. The lower the value the more aggressive the filter is, which means more e-mail is identified as spam. If you set this value too low you may find that too many e-mails are identified as spam ('false positive'). Most customers find that a value between 4 and 7 to be the most effective.
- 'Rewrite Subject Line' – Checking this value causes the value of 'Subject Tag' to be added to the beginning of a e-mail's subject line when an e-mail is identified as spam.
- 'Subject Tag' – The text that is added to the beginning of a the e-mail's subject line when an e-mail is identified as spam and 'Rewrite Subject Line' is selected. The following macros are also supported: _HITS_ - replaced with e-mail's score. _REQD_ - replaced with the value of 'Required Hits'. A commonly used example would be: '[SPAM-_HITS_]- '.
- 'Safe Report' – This option controls how the spam report is added to the message. With 'Safe Report' selected, messages tagged as spam will have the report in the body of the message with the original message as an attachment. With 'Safe Report' deselected the report will be in the header of the message and the body will appear normally. Selecting 'Safe Report' provides the benefit of creating a safer message for your users, by typically preventing the execution of HTML content. A drawback of selecting 'Safe Report' is that removing messages ('false positives') from quarantine is more difficult.
- 'Quarantine Days' - This option controls how long (in days) to save quarantined spam.
- 'Quarantine Hits' – This value sets the score at which e-mail is quarantined and not delivered to your users. The lower this value is set the more e-mail (spam) that is quarantined. We recommend starting with a value a couple of points higher than your 'Required Hits' value. The appropriate value for you would typically be the lowest value that yields almost no 'false positives'. This value should never be set lower than your 'Required Hits' value.
- 'Delete Days' – This option controls how long (in days) to save deleted spam.
- 'Delete Hits' – This value sets the score at which e-mail is deleted and not delivered to your users. The lower this value is set the more e-mail (spam) that is deleted. We recommend starting with a higher value (25 for example). The appropriate value for you would typically be the lowest value the never yields a 'false positive'. This value should never be set lower than your 'Quarantine Hits' value.
Viewing Quarantined E-mail:
To view quarantined e-mail for your domain you will need to logon to our Web Based E-Mail Client as your postmaster user (postmaster@yourdomain.tld). Quarantined spam will be located in the SPAM folder and Deleted spam will be located in the SPAM.Trash folder. Messages can be released to your server by moving the message to the INBOX. The INBOX contains messages that are queued for delivery to your server.
E-Mail Based Tuning:
The Spam Filtering Service can also be tuned via e-mail. From our Web Based E-Mail Client you can report a message as spam by clicking on the 'Report as Spam' at the top of the viewing window. Clicking on the causes the e-mail address of the sender to be added to your deny list and helps tune our filters based on the message content. From other e-mail clients you can report a message as spam by forwarding it as an attachment to spam@got-e-mail.net. To report a message as a 'false positive', forward the message as an attachment to notspam@got-e-mail.net. Reporting a message as a false postive adds the sender's e-mail address to your allow list and helps tune our filters based on the message content.
We Answer Your Questions: FAQ
Q: What is the maximum e-mail attachment size?
A: The ETRN.com e-mail servers do not limit the size of individual e-mail attachments. The ETRN.com e-mail servers do impose a 400 MB maximum total message size limit. Individual customers can choose a smaller message size limit. We can also customize the handling of "over-sized" e-mails. Please contact us to discuss your specific needs. A couple of important facts:
1. Attachments are typically encoded in what is called Base64[1]. As a result, the actual length of MIME-compliant Base64-encoded binary data is usually about 137% of the original file size.
2. E-mails often contain both plain text and HTML components. This also increases the overall size of the e-mail.
Testimonial
“ETRN services have been and continue to be an excellent 1st line of defense against spam and email viruses for my organization. Their system is easy to use and they have always been very helpful and quick to respond to any questions or concerns I may have.”
George Mitchell, Stepping Stones of Rockford