Spam Blocker
From UntangleWiki
Contents |
About Spam Blocker
Spam Blocker is an intelligent email filter that identifies Spam—unsolicited bulk email, even when that spam is sent through an image. Spam Blocker uses an open-source solution: SpamAssassin.
Supported Protocols
Spam Blocker can scan any email that is transported by the following protocols:
Each protocol has a set of controls to customize how Spam Blocker:
- Scans for spam
- Notifies users of spam
- Manages spam
Customizations
Through the user interface, you can define the threshold that instructs Spam Blocker to be strict, lenient, or somewhere in between. Also, to handle the spam, simply use the properties that Untangle Server provides to instruct Spam Blocker to take any of the following actions:
- In the subject of the email, insert the phrase [Spam], and allow users to filter spam to a special folder.
- Send the message to the recipient without labeling the email as spam.
- Block the message without notifying the recipient that the message was blocked, and record this action in the Event Log.
- Quarantine the message so that you or your users can investigate spam and take further action.
- Notify the sender that the email was blocked.
- Withhold notifications.
"Arms Race" Against Spammers
Spam Blocker, like all anti-spam software, is involved in an "arms race" with spammers. Some days Spam Blocker has the upper hand, and other days, spammers have the upper hand. As spammers adjust their emails to avoid detection, Spam Blocker advances its detection capabilities to thwart spammers. Although Spam Blocker often predicts the spammers' next move, sometimes it cannot react fast enough; as a result, spam reaches your email inbox, though not for long.
Conservative Threshold
Spam Blocker identifies spam based on hundreds of characteristics. An example characteristic is an email greeting that begins with Dear. Another example is an email that is sent with high priority. Spam Blocker does not mark an email as spam simply because an email is sent with high priority. Each characteristic is weighted, producing an overall score. Spam Blocker uses this overall score to determine the probability that the email is spam. This overall score plus a threshold (scan strength), which you can set, determines if Spam Blocker marks email as spam.
By default, Spam Blocker has a medium threshold. This threshold blocks most spam without interfering with legitimate email. If you increase the threshold above medium, Spam Blocker becomes more strict thereby marking some legitimate email as spam. Untangle recommends medium threshold because Untangle aims to achieve zero false positives; in other words, Untangle does want to mark any email spam if it isn't spam. Most businesses prefer this approach. However, your business might be different.
Spam Blocker provides you the ability to increase the threshold. If you want to catch clever spam that Spam Blocker does not catch when set to medium threshold, and don't mind sifting through quarantined email to locate and release legitimate email, you can increase your threshold to high. However, keep in mind that Spam Blocker is constantly identifying new characteristics of clever spam, and so Spam Blocker changes its enforcement rules constantly—to keep up with spammers: spam that appears in your email inbox today, might not tomorrow.
To change the threshold, go to Configuring Email Scanning and Quarantine.
Configuring Email Scanning and Quarantine
You can quarantine all SMTP email, or you can specify that Spam Blocker quarantine spam for specific users. For POP and IMAP email, you do not have quarantine and you cannot block this type of email because you must download this email to access the email. However, you can mark POP and IMAP as spam.
Before You Begin: If you have web mail (POP mail), configure your email program to download that mail automatically so that Spam Blocker can scan that email:
- Download Gmail To Outlook
- Download Gmail To Eudora
- Download Yahoo Mail To Outlook
- Download Hotmail To Outlook
To configure email scanning and quarantine:
- From Spam Blocker, do one of the following:
- If you have a local Microsoft Exchange Server, click the SMTP tab.
- If you use Outlook to download web mail, click the POP tab.
- If you use an IMAP email client, click the IMAP tab.
- In the table, specify how you want Untangle Server to behave:
- Mark message. Causes the email message to have its subject changed to start with the phrase [Spam].... Users can then set up email client filter rules to cause such messages to be placed in special folders.
- Pass message. Causes the message to be passed on to the recipient, even though it was detected as spam.
- Block message. Applies only to SMTP mail. Causes the message to be blocked, meaning the sender believes it was delivered yet it was never forwarded to the recipient. Although neither sender nor recipient know the message was blocked, it will still be noted in the Event Log.
- Quarantine message. Applies only to SMTP mail. Causes the message to be quarantined. For more information on the operation of this feature, please refer to About Quarantine. As outlined in Creating Custom Policies, outgoing mail is not quarantined by default.
- Click the Save Settings button.
scan When the check box is selected, the Untangle Server scans email for spam in both directions unless there is a custom policy that overrides these instructions. scan strength This controls the sensitivity of the spam scanner. There are 5 possible values ranging from very high to very low. Note: The value very high means most sensitive to spam. Setting the scan strength to very high will cause the greatest percentage of your mail to be considered spam. For more information, go to Conservative Threshold. action if Spam detected This controls what actions Untangle Server should take on the message itself, should the message be determined to be spam:
tarpit Applies only to SMTP mail. If selected, enables the DNSBL feature, which refuses connections from email hosts that are blacklisted.
Next Step: To specify who should or should not manage their quarantined email or to specify who should manage distribution lists' quarantined email, go to Specifying Who Manages Quarantined Email.
About Spam Blocker Event Log
Use the following terms and definitions to understand the Spam Blocker Event Log:
timestamp The time the event took place action The action taken on the mail. The value depends on the mail protocol, but will contain descriptive text such as block or mark. client The client IP Address of the protocol client. Recall that for SMTP this is the sender of the mail, and for IMAP/POP the receiver of the mail. subject The subject of the email. This may be blank if the email had no subject. receiver The recipient email address of the email. sender The sender of the email. Note that for spam, this is frequently blank. SPAM score This is the score applied to the email by the spam scanner. Higher values indicate more likely to be spam. server The server IP Address. Recall that for SMTP this is the machine receiving the email, and for IMAP/POP the machine holding the inbox.
