|
|
 |
| CONTENTS A-Z | SEARCH | CHANGE YOUR PASSWORD | ANNOUNCEMENTS | STATUS MESSAGES |
|
The Rules Wizard | SPAM and Virus Detection | What NOT to Do
Most people with an email address will find themselves getting unwanted email, either from a source they know, or the Unsolicited Email better known as spam. By far the best thing to do with such mail is simply to delete it - there is very little point in taking offence. No matter how distasteful the content, the mail is almost never aimed at you specifically: you are one of 1000s of recipients.
The Service is occasionally asked if there is any way we can stop this. If the mail is from an Essex user, and is such as to constitute harrassment, then the sender might be in breach of the Guidelines for Use of IT Facilities, and the recipient should file a harrassment complaint (via the Helpdesk). But is is far more likely that the mail is from off-campus, and central filtering by the Computing Service is inappropriate: we simply cannot know what any particular user would consider unwanted.
If you receive email that you do not wish to read, it is possible to use the Outlook Rules Wizard to delete it, or move it to a folder for later deletion.
The Rules Wizard allows you to filter your mail on a number of criteria. Should the unwanted email be from, for example, a known sender, you can delete all mail from that sender automatically. This webpage demonstrates the technique.
If the unwanted email is Bulk Unsolicted Email, usually known as SPAM, then blocking it is not easy.
Blocking on the Sender of the message is unlikely to work, as this is usually forged, or the mail may even appear (falsely) to come from someone you know.
Blocking on the Subject is unlikely to work, as the senders deliberately vary the Subject lines, just to avoid such blocks.
Blocking on certain words in the text is unlikely to work, as the block will catch far more wanted email than unwanted.
This is not to say that nothing can be done. But less can in practise be done than would be desirable. One good Rule-of-thumb is that mail that doesn't have you as a recipient in the To: or Cc: field is usually spam. But this can fail in a number of ways: the To: or Cc: field may contain the name of a mailing list of which you are a member, or the mail may be from a mailing list which utilises the Bcc: field to list members.
ISS has attempted to address this problem by the use of SpamAssassin a system which applies rules to incoming mail, which match known patterns in spam. Mail which violates enough rules is marked by a change in the Subject line, which can be used in filters. This webpage gives more details, and the Service's recommended approach to filtering.
While SpamAssassin's rules are frequently modified, they are publically available, and gradually become less effective until updated, as spammers modify their mail to avoid the rules. Microsoft have countered this, by giving the Rules Wizard a test for mail "suspected to be junk": the methods used to decide this are unpublished, but they do detect a significant proportion of junk. Invariably, some mail you might wish to see is suspected too, so it is best not to have the mail deleted, but delivered to a "Probable Spam" folder, which you examine regularly. Should you find some wanted email is regularly being caught, you can add exceptions to the rule.
To set this filter in place, first create a folder for "Probable Spam" then run the Rules Wizard from the Tools menu in Outlook
You want to apply the rule to all incoming mail, which is the default, so click "Next"
Click the box by "suspected to be junk ...." and click "Next" (note you also have the option to define a list of sites from which you wish to block all mail. You are unlikely to want to set this now, but may do so later by modifying the rule).
Click in the box by "move it to the specified folder", setting the folder name appropriately. Then click in the box by "stop processing more rules", in order that the email is not moved from the Probable Spam folder by later rules. This is vital if you are using this rule as part of ISS's recommended rules scheme.
Click "Finish", and the rule is set. Or you can define exception to the rule by clicking "Next" and filling in the appropriate exceptions: but this is better left for later. The Rule can be modified at any time..
Note that this Rule is "client only"; that is, is is performed by outlook, not exchange. Thus when you start up outlook there will be a slight delay while unread items in your Inbox are processed. Also, the filtering only works if you read your mail with Outlook: users of mailers with less sophisticated message processing cannot handle unwanted mail in this way.
Email passing through our Exim servers is examined with the Sophos
antivirus system, and the SpamAssassin Spam detection system, both
under the control of the MailScanner system. Sophos detects
viruses in incoming mail; and either removes them, if this is possible, or
deletes the infected attachment. SpamAssassin examines the content of email, using
a series of rules matching known features of spam. And MailScanner checks the origin
of email against a list of sites suspected to be involved in the sending of spam.
Any email which is suspected of being possible spam is tagged in two ways: firstly,
the text {SPAM?} is added to the Subject: header, and secondly an X-MailScanner-SpamCheck
header is added, showing why the mail is suspected, eg
From: someone@hotmail.com
Message-ID: <00001765370b$000020db$0000089c@>
To: <Undisclosed.Recipients@star.co.kr>
Subject: {SPAM?} ASSET & BACKGROUND CHECKS_.. WE CHECK PEOPLE OUT!_
Date: Tue, 12 Feb 2002 21:37:23 -0600
X-MailScanner-SpamCheck: MAPS-RBL+, SpamAssassin (14 hits)
An Outlook Rule for detecting any such message will reduce your SPAM considerably. The rule is set up much like the previous one, possible steps being
It would be possible to set up the rule so that any suspected Spam is deleted, but since the check done by both SpamAssassin and MailScanner can return false positives (ie mail flagged as spam, but which is actually not), this is not recommended.
You may find that unwanted mail has a line at the bottom, saying something like
To be removed from this mailing reply to this email with "Remove".
Do not do this. Doing so confirms to the sender that your email address (a) exists, and (b) reaches someone who actually reads the email. While the sender might remove you from the specific list requested, they may also add you to other lists, or sell your email address to others. The result is likely to be that you will receive more, not less, unwanted email.