Anti-spam on BIGRED

Some definitions (just to make sure we are talking about the same things).

Spam Unsolicited commercial email

Phishing An email message that tries to induce the reader into divulging personal information. The information can then be used for identity theft. Phishing is not an email virus.

RBL A Realtime Blackhole List(RBL) is an internet resource containing a list of computer network addresses that have been identified as sending spam. Incoming email messages are checked against two RBL lists, spamhaus and spamcop, and are not accepted if they are on either list.

Tag The rating a message receives from an anti-spam engine indicating the likelihood that the message is spam. The rating is stored in a message header that the anti-spam engine adds to the email message.

Tag and pass When an anti-spam engine only tags a message and leaves destination routing to a filter later in the process of delivery. This is the method that BIGRED is using.

False positive A message that the anti-spam engine believes is spam but that the user believes is not spam.

False negative A message that the anti-spam engine believes is not spam but that the user believes is spam.

Whitelist A list of email addresses from false positives that override tags and always route to the incoming mailbox folder.

Bulk folder A message folder that messages tagged as spam and/or blacklisted get delivered to. On BIGRED, messages in the bulk folder are deleted after 30 days.

Whitelist folder A folder containing copies of false positive messages. A system program extracts email addresses from the whitelist folder to build the whitelist.

Sent-mail folder Folder that contains a copy of outgoing messages. Mail programs like Outlook do not necessarily save a copy into this folder. On BIGRED, messages in the sent-mail folder are deleted after 6 months(180 days).

Spam is dynamic. As soon as someone figures out how to recognize and stop spam, the spammers figure out a new way to deliver their messages. Right now, image spam is getting through everyone’s filters. No one has a filter that can efficiently read in an image and analyze it for spam content. The new anti-spam filtering on BIGRED is licensed from Sophos, the same company that makes UNL’s anti-virus software. Sophos, updates their anti-spam rules at least as often as they update their anti-virus rules, often multiple times a day.

However, anti-spam rules can misinterpret messages. False positives will happen. Just as false negatives will happen. So, checking your bulk folder periodically is a good idea. Remember, messages are purged from the bulk folder after 30 days.

If messages from one address, like a mailing list, consistently get tagged as spam you can whitelist them. Save a copy of a message from that address into your whitelist folder. The system will extract the address from the message and make an exception in the spam filter rules for messages from that address. Removing an address from your whitelist is as easy as deleting the message from the whitelist folder.

Some of you are using mail clients that use POP3 to talk to BIGRED. Most of the world has switched from the older POP3 to IMAP. POP3 is limited to accessing just your INBOX, it cannot access any other folders. Also, POP3 was written to download messages to the computer that the POP3 mail program is running on. This can scatter your messages around several different computers that you might use. Anyone using a POP3 mail program will not be able to access their bulk, whitelist or sent-mail folders using that older method. UNL’s webmail machines use IMAP to access your BIGRED account so you can always just check your bulk folder using webmail.

Many of you have incoming mailboxes full of spam. We can re-analyze your incoming mailbox and apply the anti-spam filter to those messages. When we do that we will put the spam tagged messages into a separate bulk.refiltered folder. Most of the spam already in your incoming mailboxes has been there for more than 30 days. Putting it into your bulk folder would be, effectively, deleting it immediately. Reanalyzing incoming mailboxes takes a lot of resources, we cannot do everyone’s mailbox at once. We will work through accounts in the order that they were created. When we have re-analyzed and filtered your incoming mailbox we will send you an email telling you what we did along with how many messages stayed in your incoming mailbox and how many were moved to the bulk.refiltered folder. At that point we will keep that bulk.refiltered folder for 30 days to give you a chance to check for false positives.

Information Services

Spam	Unsolicited commercial email
Phishing	An email message that tries to induce the reader into divulging personal information. The information can then be used for identity theft. Phishing is not an email virus.
RBL	A Realtime Blackhole List(RBL) is an internet resource containing a list of computer network addresses that have been identified as sending spam. Incoming email messages are checked against two RBL lists, spamhaus and spamcop, and are not accepted if they are on either list.
Tag	The rating a message receives from an anti-spam engine indicating the likelihood that the message is spam. The rating is stored in a message header that the anti-spam engine adds to the email message.
Tag and pass	When an anti-spam engine only tags a message and leaves destination routing to a filter later in the process of delivery. This is the method that BIGRED is using.
False positive	A message that the anti-spam engine believes is spam but that the user believes is not spam.
False negative	A message that the anti-spam engine believes is not spam but that the user believes is spam.
Whitelist	A list of email addresses from false positives that override tags and always route to the incoming mailbox folder.
Bulk folder	A message folder that messages tagged as spam and/or blacklisted get delivered to. On BIGRED, messages in the bulk folder are deleted after 30 days.
Whitelist folder	A folder containing copies of false positive messages. A system program extracts email addresses from the whitelist folder to build the whitelist.
Sent-mail folder	Folder that contains a copy of outgoing messages. Mail programs like Outlook do not necessarily save a copy into this folder. On BIGRED, messages in the sent-mail folder are deleted after 6 months(180 days).