Junk Email (SPAM) Filtering - Advanced Information


This documentation has been written for technical support staff, the technically advanced and the curious. Those looking for an overview and basic instructions, please visit Junk Email (spam) Filtering.

Here's How It Works - In Detail

Anti-SPAM filtering is a two step process. Each incoming message is given a "SPAM score" and then either placed in your Inbox or placed in your Junk E-mail or junk-mail folder depending on the SPAM score and the customer set risk level.

When messages arrive at the University of Toronto postoffice, they are scanned with a system called PureMessage and given a spam score ranging between 0 (probably not spam) and 100 (almost certain to be spam). The spam score is added to the message in a special line in the message header. This line is usually not shown, but with most email programs you can see it if you want to.
The message then goes to the email server.

If you have spam filtering turned OFF, the message goes to your Inbox.

If you have spam filtering turned ON, any message with a sufficiently high spam score (defined by your chosen risk level) is placed in a special email folder named junk-mail.

Any messages in junk-mail older than seven days are regularly DELETED.

 

Identifying Junk Email (SPAM)

PureMessage looks for many message characteristics common to SPAM including certain phrases or words; inconsistencies or errors in the message header; use of color, bolding, or capitalization; the use of certain routes to deliver the message; whether the message already appears in a large catalogue of known spam, etc.

The scoring system is regularly updated by PureMessage to improve its effectiveness and deal with changes in the characteristics of SPAM over time.

Many aspects of the message are considered in coming up with the final SPAM score. In practice, the scoring system has been found to be quite effective at identifying what most people consider to be SPAM.

Still, just because a message looks like SPAM to PureMessage does not mean that it is SPAM. You may choose to receive marketing email messages from a company you purchased a new computer or a book from, for example. Also, some responsible organizations you may want to hear from use the same email distribution programs as spammers or might like formatting their messages in spam-like ways.

To be sure that you do not lose messages you want, it is important to regularly check your Junk E-mail or junk-mail folder. If you are using UTORmail, any message in your junk-mail folder that is more than seven days old will be regularly deleted!

Viewing the SPAM score of a message

When PureMessage decides a message looks like SPAM, it adds a line to the message header. With most email programs, this small change will not be evident when you view the message because they usually show only a few header lines, like Date:, To:, From: and Subject:.

If you would like to see the header line containing the SPAM score, you'll need to have your email client program display the full details of the message headers. How that is done depends on which email client you use.

Here is an example of what you might find:

X-PMX-Spam: Gauge=XXXXXXIIIIII, Probability=66%, Report="MAILTO_TO_SPAM_ADDR, NO_MX_FOR_FROM, ONLY_COST, RAZOR2_CHECK, SPAM_PHRASE_02_03, SUPERLONG_LINE"

The SPAM score is indicated by the "Probability=66%".

The "Report" attribute lists keywords for the message characteristics that determined the SPAM score. Some characteristics are good (characteristic of messages that are not SPAM) and some are bad (common to messages people consider to be SPAM). The score is an expression of the aggregate of all the relevant characteristics.

For Technical Support Staff

The risk levels work as follows:

Risk
Spam Score filtered to junk-mail
Low
80%
Moderate
50%
High
40%

 

For Technical Support Staff or Technically Advanced Customers

Client Side Filtering

Customers with special filtering needs (e.g. someone who wants all SPAM with the word "mortgage" to nevertheless go to their Inbox, but doesn't want to see other SPAM), can turn off server-side filtering, and create their own filter rules for the "X-PMX-Spam" header in the email client software. This is called "client-side filtering". Doing this is more complex and less efficient. We expect that only support staff or technically advanced customers will be interested in doing this.

To do client side filtering, you need to create a rule that looks for X-PMX-Spam: Gauge=XXXXXX. We recommend you use six "X", which will match a probability of 60% or more. More spam will be caught if you use five "X" (matching 50% or higher), but the rate of "false positives" is then higher.

Safe Sender or Accept Lists

You can create a Safe Sender or Accept List - a list of email addresses that are assumed to never send SPAM. When a message from an address matches an address on the Safe Sender or Accept list, it is never marked as SPAM.

Safe Sender or Accept lists also apply when a mailbox is forwarded to another email address. For example, a message with 90% probability of SPAM or over will not be forwarded to @sympatico.ca, @hotmail.com, @gmail.com, @yahoo.com, etc., address - but it will be forwarded if the "From" address matches an email address in the Acceptlist.

Instructions for creating a safe sender or accept list are below.

Tags: SPAM, UTORprotect
Last update:
2017-08-16 14:57
Author:
Amanda Wagner
Revision:
1.11
Average rating:0 (0 Votes)

You can comment this FAQ