Spam Frequently Asked Questions
General Questions
Spam filtering in my email account
Staff Specific Questions
What is Monash University doing to reduce Spam?
Monash University is undertaking several measures to reduce spam. Gateway spam filtering has been enabled for all student email accounts. Emails with an extremely high spam probability will be discarded prior to delivery or forwarding. This happens before email is delivered to your account. (This will not affect student email accounts that forward email to external accounts). Emails that are discarded are not retrievable and this setting cannot be changed.
In addition, spam filters have been enabled by default on all email accounts. Once delivered, any emails which are determined to be spam by the ITS mail servers will be filtered into a separate 'spam' folder rather than being delivered . Spam messages are still able to viewed, and the contents of the folder is deleted every 30 days. Students can change or disable the spam filtering settings if they choose by visiting the spam filtering web pages
How does Monash identify spam?
All emails comprise of two parts; email 'headers' which describe the email (TO: address, FROM: address etc.) and
the email body which is the content of the email which you see. Much of the contents of email headers is
transparent to the user (it is hidden by the software you use to view the email).
The software which Monash uses to identify Spam is known as SpamAssassin. This software has been configured to add in email
header fields to tell the email client or email server software (e.g. Netscape Messenger) whether the email sould
be considered as Spam. This process is know as Spam markup. The original contents (body) of the email message is
left intact.
The following headers will be added to all emails which are being checked to see if they are Spam. In this case the email has been given a 'low' Spam score of 2 (2 stars).
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
The X-Spam-Level field provides an indication on how likely the email is to be Spam. More stars
'*' implies a greater likelihood that the email is 'Spam'. When an email has a rating at or over 5 stars, the email is considered to be Spam. In this case an extra header has been added known
as the X-Spam-Flag.
X-Spam-Level: *******
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
X-Spam-Flag: YES
Emails which are found to have an extremely high probability of spam are to be discarded at the Monash University email gateway. These are represented by spam emails which have obtained a SpamAssassin score of 20 or more. Further information on SpamAssassin scoring can be found at http://au.spamassassin.org/
How does Monash spam scoring work?
Monash University a software package called SpamAssassin to scan emails for
Spam content. SpamAssassin operates on the principle that Spam emails usually contain certain patterns of body
text, body formatting, email header information and internet links.
An email containing the phrase "Free
Investment" for example has high probability of being Spam; therefore an extra 1.7 points is added to the overall
"Spam Score" for the email if this phrase is found in the email..
SpamAssassin adds up the scores for every Spam pattern/phrase that it matches and this score is reflected as the
X-Spam-Level. The higher the score, the greater the probability that the email is Spam. A score of 5 or above is
generally considered to be the 'threshold' at which an email is Spam.
What Spam score should I set as my threshold?
ITS recommends setting a Spam threshold of 5 (*****). Some people may receive Spam that has scored less
than 5 and will want to set a lower threshold to filter out these messages (e.g. 3). Please be aware that setting filters with a
Spam score of less than 5 may cause mail to be incorrectly filtered as Spam. An email incorrectly
identified as Spam is also known as a "false positive".
If you find that email from a particular user or external email source continues to be marked as Spam even with
the threshold set to 5, then you should create a 'white-list' for this Email address. This will stop
future emails from the specified Email address from being filtered into your Spam folder.
Instructions for setting up email address whitelists can be found at:
Server-side whitelist
Client-side whitelist (Staff Only)
It is also important to remember that emails sent within the Monash computer network (e.g. to/from a Monash Lecturer)
are never scanned for Spam content. This prevent such emails from ever being accidently filtered into your Spam folder.
A 'whitelist' is a list of email addresses (such as my.friend@hotmail.com) or email domains (such as virginblue.com.au)
that you implicitely trust. If you wish to avoid emails from these addresses/domains being accidently filtered
for having 'Spam like' content then adding the email addresses/domains to your 'whitelist' achieve this.
What emails are checked/not checked for Spam?
All emails which are sent from Monash internal staff systems and servers (systems with IP addresses in the range of
130.194.*.* (Australia), 168.210.50.* (South Africa), 172.19.*.*, 172.16.*.* and 172.18.*.* (internal Monash networks))
are NOT scanned for Spam content. Emails which come from these systems which ARE Spam should be reported
to abuse@monash.edu.au for investigation.
NOTE: Staff that use their computers with the Monash VPN enabled are considered to also be on the Monash network
and therefore email sent from Monash VPN connected systems will also not be scanned for Spam.
Emails which have been digitally signed will also NOT
be scanned. This includes emails which come from systems outside of Monash. Therefore if you send an email
from a home computer connected to the internet via a Non-Monash modem, and you are not using the
Monash VPN software, then the email MUST be digitally signed for the email not to be scanned for Spam.
All other email which doesn't fall into these categories are scanned for Spam content.
No. Only Email that is delivered into the Monash staff or student email account will be filtered into
your designated Spam folder if you have enabled server-side Spam filtering.
If you forward your Email to your external Internet Service Provider's email account (e.g. your Bigpond account)
or an external email provider (e.g. hotmail.com) then ALL email will be forwarded to these accounts (regardless
of whether they were detected as Spam or not).
How do Spammers get people's Email Addresses?
Email addresses are obtained from many sources for Spamming purposes, including but not limited to:
- From posts to UseNet with your email address.
- From mailing lists.
- From web pages.
- From various web and paper forms.
- From a web browser.
- From IRC and other chat rooms.
- From domain contact points.
- By guessing email addresses.
- By having access to the persons computer through trojan viruses.
- From a previous owner of the email address.
- Using social engineering.
Refer to http://www.private.org.il/harvest.html
for more information.
The following web-site provides information on how to report email that wasn't marked as Spam.
Report Spam
If you are finding that emails from a certain sender or organisation is consistently being marked as Spam or there
are emails which you receive from somebody outside of Monash which you want to guarantee are not
'accidently' filtered to your Spam folder, then you can add the users FROM address
to the email address white-lists. Steps on how to white-list email addresses can be found here:
Email address white-listing - server-side
Email address white-listing - client-side
Yes. All emails stored in your Monash email account count towards your email quota including those
stored in your Spam folder.
To prevent your Spam folder building up with hundreds of emails or more, the special Spam Folders which you
can select when activating Spam filtering 'auto' clean. Emails which have been in these special Spam folders
will be removed after a certain period of time. The folders are cleaned up after 30 days for the
Spam-30 and
Trash folder, 7 days for the Spam-7 folder and 60 days for the Spam-60 folder.
Further information regarding email quotas.
If you have a problem enabling Spam filtering, following the steps provided, etc, please contact your local
IT support representative first and then the ITS Service Desk
for assistance.
Can I use Microsoft Outlook or Outlook Express to filter Spam?
Microsoft Outlook Express is not capable of filtering mail with 'custom' headers, which is a pre-requisite for using the
Monash Client-Side email filters. In this case your best option is to use server-side Spam filtering, which filters
email PRIOR to being accessed by Outlook Express or using another support Monash email client (e.g. Mozilla
Thunderbird).
The more powerful Microsoft Outlook CAN filter mail although it is preferred that you use the Monash supported client.
Visit the Client side filters for Outlook page for brief instructions on
enabling email filters in Outlook.
My email client doesn't have steps to enable Spam filtering
If there are no steps for your email client documented on the client-side filter page
, then you have three options:
- Consult the documentation for your email client on a method of filtering emails based on a 'custom'
email header. Some email clients such as Outlook Express are unable to filter custom email headers so
in this case you would have to pursue option 2 or 3.
- Use server-side spam filtering which operates independant of your
email client.
- Upgrade/migrate your email client to an ITS supported email client that does
have documented steps i.e. Netscape Mail or Mozilla Mail
Why would I use client-side filtering rather then server-side filtering?
Given that the steps provided by ITS for client-side and server-side filtering both result in Spam emails
being filtered off to a single 'Spam' folder, there is no advantage to using client-side filtering in this case.
Client-side filtering is useful if you wish to filter emails to a folder that isn't one of the four options
provided by server-side filtering. Some email clients also offer 'bayesian' filtering which offers more advanced
'personalised' spam filtering which can operate along-side server-side filtering.
An additional advantage of client-side filtering is that you can configure multiple levels of Spam filtering
so that Spam with a high spam score go to the Spam-7 folder (which is cleaned up after 7 days)
and Spam with a lower spam score go to the Spam-30 folder (which is cleaned up after 30 days). Therefore
client-side filtering offers increased flexibility.
When an email is delivered into my Spam folder, I am not notified, why?
After you enable server-side filtering, Spam emails are redirected to a 'Spam' folder
before it is seen by your email client (e.g. Netscape Messenger, Mozilla Thunderbird).
When an email client checks for new email on the Monash email server, it will by default only check the
INBOX for new email and not your 'Spam' folder. Therefore the 'new' Spam emails aren't seen by the email client.
This can be both a desirable and undesirable feature depending on how you view it.
Some email clients such as Mozilla Mail and Mozilla Thunderbird allow you to specify multiple folders to
check for new email.
For Mozilla Mail and Mozilla Thunderbird, right click on your 'Spam' folder (e.g. Spam-30, Spam-60, Spam-7
or Trash depending on your choice) and select 'Properties'. There is an option which states
"Check this folder for new messages".
By enabling this option and clicking OK you should now be notified when a Spam email has been filtered to your
Spam folder.
Please consult your email clients documentation if you wish to enable this feature for other email clients. Please
note that ITS was unable to find such an option for the 'default' email client Netscape Mail.
|
