"Spam Scoring Levels" Quarantine Cutoff Level



Similar documents
ASAV Configuration Advanced Spam Filtering

About this documentation

Quarantine Central for end users: FAQs

How to use the ISS filtering service to remove unwanted messages with Webmail

Purchase College Barracuda Anti-Spam Firewall User s Guide

IT Services page 1 of 10 Spam Filtering. Overview

IMF Tune Opens Exchange to Any Anti-Spam Filter

PROOFPOINT - SPAM FILTER

Introduction. How does filtering work? What is the Quarantine? What is an End User Digest?

No filter is perfect. But with your help, MailCleaner may aim at perfection. Case Description Solution

Barracuda Spam Control System

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Configuring MDaemon for Centralized Spam Blocking and Filtering

Plesk 7.6 For Windows User Guide

Forefront Online Protection for Exchange (FOPE) User documentation

procmail and SpamAssassin

Tufts Technology Services (TTS) Proofpoint Frequently Asked Questions (FAQ)

Plesk for Windows Copyright Notice

Barracuda Spam Firewall

Apps4Rent Hosted Exchange Spam Management Interface Guide.

Barracuda Spam & Virus Firewall User's Guide 5.x

Using Barracuda Spam Firewall

Parallels Plesk Control Panel

How to Use Red Condor Spam Filtering

IBM Express Managed Security Services for Security. Anti-Spam Administrator s Guide. Version 5.32

Cloud Services. Anti-Spam. Admin Guide

Spam Management. Manage your FOPE Spam Quarantine

How To Manage Your Quarantine On A Blackberry.Com

YSU Spam Solution Guide to Using Proofpoint

Mod 08: Exchange Online FOPE

- Spam Spam Firewall How Does the Spam Firewall Work? Getting Started username Create New Password

Mimecast Personal Portal (MPP)

Using the Barracuda Spam Firewall to Filter Your s

SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

Premium Anti Spam User s Guide. Table of Contents

Barracuda Spam Firewall User s Guide

Intercept Anti-Spam Quick Start Guide

KUMC Spam Firewall: Barracuda Instructions

BARRACUDA. N e t w o r k s SPAM FIREWALL 600

How does the Excalibur Technology SPAM & Virus Protection System work?

Anti-Spam Configuration in Outlook 2003 INDEX. Webmail settings Page 2. Client settings Page 6. Creation date Version 1.2

Migration Manual (For Outlook 2010)

Patented hosting technology protected by U.S.Patents 7,0909,948; 7,076,633. Patents pending in the U.S.

Understanding Junk filtering & Anti-Spam controls

Green House Data Spam Firewall Administrator Guide

Version 3.x. Barracuda Spam & Virus Firewall User s Guide. Barracuda Networks Inc S. Winchester Blvd Campbell, CA

Mimecast Services for Outlook (MSO4)

Using the Barracuda to Filter Your s

Version 5.x. Barracuda Spam & Virus Firewall User s Guide. Barracuda Networks Inc S. Winchester Blvd Campbell, CA

ITS Spam Filtering Service Quick Guide 2: Using the Quarantine

Proofpoint Anti-SPAM Quarantine System

Migration Manual (For Outlook Express 6)

MailScanner Tips for NOCO Hosting Clients

Setting up Microsoft Outlook to reject unsolicited (UCE or Spam )

Parallels Plesk Panel

Oakland County Webmail Anti-Spam Setup

Spambrella SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

Do you need to... Do you need to...

Barracuda Spam Firewall User s Guide

ContentCatcher. Voyant Strategies. Best Practice for Gateway Security and Enterprise-class Spam Filtering

M+ Guardian Firewall. 1. Introduction

Policy Based Encryption Gateway. Administration Guide

Mailwall Remote Features Tour Datasheet

Objective This howto demonstrates and explains the different mechanisms for fending off unwanted spam .

Managing Junk Mail. About the Junk Mail Filter

- Spam Filtering

How To Filter From A Spam Filter

Spam Configuration/Training Guide

How to Add HealthCentral to Your Safe Senders List

MailEnable Web Mail End User Manual V 2.x

Parallels Plesk Panel

Webmail Friends & Exceptions Guide

How to Access Your Private Message Center if you need more control

Table of Contents Chapter 1 INTRODUCTION TO MAILENABLE SOFTWARE... 3 MailEnable Webmail Introduction MailEnable Requirements and Getting Started

University of Mary s Spam Solution

Comprehensive Anti-Spam Service

USER S MANUAL Cloud Firewall Cloud & Web Security

Title: Spam Filter Active / Spam Filter Active : CAB Page 1 of 5

escan SBS 2008 Installation Guide

Barracuda Spam Firewall Users Guide. Greeting Message Obtaining a new password Summary report Quarantine Inbox Preferences

EnterGroup offers multiple spam fighting technologies so that you can pick and choose one or more that are right for you.

DOMAIN CENTRAL HOSTING

EXCHANGE ONLINE PROTECTION SPAM OVERVIEW. Tech Tips, Tricks and Tools by MessageOps

Policy Based Encryption Gateway. Administration Guide

Solutions IT Ltd Virus and Antispam filtering solutions

Setting Up Scan to SMB on TaskALFA series MFP s.

SOPHOS PureMessage Anti Spam Program

Admin Guide Boundary Defense for Anti-Virus & Anti-Spam

Personal Spam Solution Overview

PORTLANDDIOCESE.ORG - How to Connect Table of Contents

Creating a Content Group and assigning the Encrypt action to the Group.

Transcription:

A set of default "Spam Scoring Levels" have been pre-configured to reflect a basic optimum setting which will detect and filter up to 98% of all Spam/UCE and other unwanted email. You can change the default Spam Scoring levels set on your SpamWall system to any other level you decide will be appropriate for the type and content of email traffic which your system will be processing. More information on adjusting the Spam Scoring levels can be found in the Tuning the SpamWall System section of the manual. All email users having a control panel login account set up on the system will also have access to their own Spam scoring settings under the "My Antispam Scoring" link in their control panel. To set or change existing Spam Scoring levels simply enter your desired levels "Tag Level", "Advanced Tag Level" and "Action/Kill Level" fields in the Spamfilter Config screen and use the "Update Setting" button. The SpamWall admin can also change the default Spam Scoring level settings for all users by selecting the "Set as default" check box when updating your scoring levels. The Quarantine Cutoff Level setting is the score level at which emails will no longer be sent to the quarantine but will be discarded immediately by the system. The default setting for this is usually at the "150" level, a level at which it would be highly unlikely that any legitimate email message would score at however you can adjust the cutoff level higher or lower depending on your needs. The main benefit of the Quarantine Cutoff level setting is that it helps to avoid unnecessary clutter in the quarantine on your system improving quarantine access and searching performance. While the SpamWall has been designed to "quarantine" rather than block outright most email detected as Spam/UCE although this is not recommended practice under most circumstances you can if desired

use the Quarantine Cutoff Level setting to effectively block messages rather than send them to the quarantine by reducing the cutoff level to the lowest available setting. How Spam Scoring Works The Spam Scanning & Filtering Engine on the SpamWall system examines the content of each message received and assigns it a "Spam Level" score according to how much a "looks like" Spam/UCE based on a comprehensive set of rules and algorithms derived from analyzing millions of known Spam/UCE messages. When a potential Spam/UCE message is detected by the system depending on the Spam Scoring Levels set in the Spamfilter Config screen of your SpamWall control panel the message is either "Passed Clean" as Non-Spam, "Tagged" with the [SPAM?] type tag and forwarded on to the recipient, or blocked from delivery to end users. Emails that are blocked by the system are delivered to the System Quarantine. The main SpamWall admin has the ability to access and manage all quarantined email for all users and domains on the system. All email users having a control panel login account set up on the system also have access to their own quarantined email under the "My Quarantine" link in their control panel. Appending the [SPAM?] type tag to the subject line makes it easy for end users to identify email detected as Spam/UCE. This Spam tag can be changed to any other reference desired in the Spam Tag Configuration section of the Spamfilter Config screen by editing the "Subject Prefix" and selecting the "Update Setting" to implement the change. Messages detected as likely Spam/UCE and forwarded on to the end user recipient can be further acted on by the end user's email client, which on detecting the [SPAM?] type tag or keyword in either the subject line or the "X-Spam-Status" type tag in the message header of an email message can be set up to re-direct these "tagged" or "flagged" email messages to an alternative "spam" mailbox or "junk" folder. Microsoft Exchange, MS Outlook and most other email clients have this capability. This "spam" or "junk" folder or mailbox can then be checked at the discretion of the end user recipient for possible legitimate emails or an expected message that may have been incorrectly identified as Spam/UCE. You may notice that the "full headers" of email messages you receive which have been processed by your SpamWall system include header tags of "X-Spam-Status", "X-Spam-Level" and "X-Spam-Flag". These email headers are usually not visible unless you use the "show full headers" option in your email program.

When the SpamWall system identifies an email as Spam/UCE it marks and identifies the message as such by appending tags to the message header, "Subject" line, or both. Unless something has been set up on the receiving email server or email client end these headers do not have any effect on anything. However they can be used as detailed previously to detect and divert any messages "tagged" as Spam/UCE to a "spam" or "junk" folder or mailbox at the discretion of the end user recipient. Here are some example "headers" from a Spam message: From: "Margaret Knox" <fairplayah@imagine.ie> To: "noc" <noc@isecure.net> Subject: [SPAM?] As everyone maunabo Date: Sat, 28 May 2011 12:47:50 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_nextpart_000_0018_01c79f94.119593a0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2462.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 X-SPAM-VIRUS-Scanned: Anti-Spam Firewall Ver 4.1 at spamwall.isecure.net X-Spam-Status: Yes, hits=13.803 tagged_above=2 required=5 tests=bayes_99, DNS_FROM_RFC_POST, HELO_DYNAMIC_DHCP, HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET, TVD_FUZZY_SYMBOL, UPPERCASE_25_50 X-Spam-Level: ************* X-Spam-Flag: YES As you can see, this particular message has been detected and marked as "[SPAM?]" and the "X-Spam- Status", "X-Spam-Level" and "X-Spam-Flag" tags have been added to the email headers along with their related values and associated processing and scoring information. The "X-Spam-Status" tag indicates whether an email has been detected as Spam/UCE based on the current "Spam Scoring Levels" set in the Spamfilter Config screen of the SpamWall system. The "X-Spam-Status" tag of this example email indicates that this message was detected as Spam/UCE ("Yes") and that the Spam Scoring Level (the number of "hits") was "13.803". The "X-Spam-Status" tag also indicates at what Spam Scoring Level the "X-Spam-Status" and "X-Spam- Level" headers are set to be added to this email message, this being "2", and also the Spam Scoring Level "required" to add the "[SPAM?]" tag to the "Subject" line of the message, this being "5". There is also an "X-Spam-Level" tag containing a number of "star" characters, the higher the number of stars indicating the greater probability of a message being Spam/UCE. This particular message received a Spam Level Score of "13.803" as a result of the various checks and tests which were performed on the message by the system. Some of these are detailed in the "X-Spam-

Status" tag line, these being BAYES_99, DNS_FROM_RFC_POST, HELO_DYNAMIC_DHCP, HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET, TVD_FUZZY_SYMBOL, UPPERCASE_25_50. By "tuning" the system over time you will be able to achieve the optimum level of Spam/UCE detection and management for your particular email user base and the specific type and content of email messages received by your users. Spam Scoring Tag Levels The default "Tag Level" refers to the minimum Spam Score of an email message before it is tagged or "flagged" as being possible Spam/UCE. Messages scoring over this level will cause the system to the add "X-Spam-Status" and "X-Spam-Level" headers to the email so that they can be identified on the recipient end if necessary as being Spam or not-spam and at what Spam Score Level the message has been assessed at. The default "Advanced Tag Level" will mark a message as Spam/UCE by appending the "[SPAM?]" type tag to the message "Subject" line when it scores 5 points or more. The "X-Spam-Status" tag is also changed from "No" to "Yes" at this level. The default "Action/Kill Level" is set at "12". Messages scoring over this level will be sent to the Spam Quarantine. A summary of these actions would be as follows: Tag Level: when to add "X-Spam-Status" and "X-Spam-Level" headers Advanced Tag Level: when to add "X-Spam-Flag: YES" and edit the subject line Action/Kill Level: when to take action sending message to the Spam Quarantine Reducing these Spam Scoring default levels will detect more Spam/UCE, but it may also potentially increase the number of "false positives", this being legitimate email being blocked, quarantined or tagged as Spam. In it's default configuration the SpamWall system is designed to minimize false positives. With no additional configuration or tuning the false positive rate is typically at less than 0.1%, or less than one in every 10,000 email messages processed by the system.

In addition to its low false positive rates, the SpamWall system can be configured with a Spam Scoring "Action/Kill Level" which is high enough that that even messages which are likely to be Spam/UCE are not blocked or quarantined but rather marked with the "[SPAM?]" tag and "X-Spam-Status" and "X- Spam-Level" headers and forwarded on to the intended recipient. Once received these tagged messages can then either be checked visually to see if there are any legitimate messages or otherwise the user can set up their email client to detect and divert any tagged messages to a "Spam" or "Junk" folder or mailbox. In general, the Spam Scoring "Action/Kill Level", which is set at "12" by default, should be kept reasonably high until you become familiar with administering your SpamWall system as if this value is set too low this may increase the possibility of a legitimate email message being sent to the Spam Quarantine, in which case you may have to retrieve it at the request of a user or otherwise check the Spam Quarantine more carefully or more regularly to ensure that there are no legitimate emails of any significance being sent there. The default Spam Scoring values set on the SpamWall system are quite conservative so as to minimize the chance of any legitimate emails being blocked or directed to the Spam Quarantine. It is recommend that these levels be maintained until you become familiar with the operation of your SpamWall and the type and content of the email messages being processed by the system and are able to determine the optimum levels for your particular application and email user base. You can expect that over time you will adjust these default levels downwards to an optimum setting where a high level of Spam/UCE detection and blocking is achieved with very little chance of any legitimate email messages being blocked or quarantined. A general example of the optimum Spam Scoring Levels for a SpamWall system in a "production" environment would be as follows: Tag Level: 2 to 3 Advanced Tag Level: 3.5 to 5 Action/Kill Level:: 6 to 10 When setting the Spam Scoring Level values, the lower this number the more sensitive the filter becomes. The type and content of email messages is widely variable however in general a Spam Score "Action/Kill" level of 6 to 10 should increase the amount of Spam/UCE detected significantly but in most cases is unlikely to produce a significant increase in the number of false positives. If you and your end users are receiving a significant number of Spam emails being delivered to your email accounts you may decide to adjust your Spam Scoring "Tag" and "Action" levels to more sensitive levels, such as in the 3.5 to 5 range for the "Advanced Tag Level", and the 6 to 10 level for the "Action/Kill Level" where messages scoring above this level are directed to the Spam Quarantine. If you are seeing only a relatively small number of Spam messages you may decide to maintain your "Advanced Tag Level" at the current default level of "5", or possibly even adjust this value higher, and

your "Action" level at the "12" default level or possibly higher. This would depend on the needs and requirements of your particular email user base and the specific type and content of email messages received by your users, and your tolerance with respect to the possibility of having legitimate email messages directed to the Spam Quarantine. Alternatively, if you are seeing a significant number of legitimate emails being tagged as "SPAM" you may decide to reduce your filter's sensitivity level by increasing the "Advanced Tag Level" level. Likewise, if you are seeing a significant number of legitimate emails being directed the Spam Quarantine you may decide to reduce your filter's "Action/Kill Level" sensitivity by increasing this value. One thing to note is that the default scoring levels of 1/5/12 and the scoring levels mentioned in this section of the manual are only recommended levels and you may need to do some testing to find the best level for you and your email user base. Some SpamWall admins find that an "Action/Kill Level" of as low as 2 or 3 works for them as most "person to person" type email will score below the "1" level. However if your users are mainly business users who receive email on a variety of topics or who receive a significant number of newsletters and other "promotional" type email it may not be a good idea to set an Action/Kill Level of as low as 2 or 3. As recommended in this document ion you can adjust the scoring levels downwards at whatever rate you feel is reasonable until you reach an "optimum" level where the most reasonably possible amount of Spam and other unwanted email is blocked or filtered with little or no chance of any false positives. Anothe important thing to keep in mind is that all domains and users having their email processed by the system can have access to their own individual Spam Scoring Level settings via the "My Antispam Scoring" screen in their control panel login account if one has been set up for them. Even though your users may not really need control panel login access to view and manage their quarantined email and other settings in cases where the default system Spam Score settings in particular are not entirely suitable for a particular domain, email user or group of users then there is always the capability available to allocate these users with their own control panel login account so that they can set Spam Scoring levels and make other appropriate adjustments according to their own individual requirements. The default Spam Scoring Levels set on your SpamWall system are a good overall default configuration for detecting and filtering Spam/UCE and other unwanted email, and your SpamWall system will via its own auto-learning and auto-tuning mechanisms become more sensitive and adept at the detection and handling of Spam/UCE and other unwanted email over time. Based on your own requirements it may still be a good idea for you experiment with and adjust the sensitivity of your Spam Scoring Levels in order to achieve the best overall level of Spam/UCE detection and management for your particular email user base and the specific type and content of email messages received by your users.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information