Troubleshooting Anti-Spam Problems

From Mailbag Documentation

Jump to: navigation, search


Image:Dialog-warning-22px.png This falls under the Self Supported category of services. No direct end user support is available for these features.


Image:Dialog-information-22px.png This is a more advanced article building on the information introduced in Anti-Spam Settings


Contents

Overview

The SPAM Filtering Options allow you to manage what you do and don't want to receive. You are able to "black list" undesired emails from getting to your inbox. You are also able to "white list" emails you want.

Firstly, it's a good idea to be realistic about spam filtering (anti-spam) software. It will never be 100% accurate. It's generally not worth chasing down every false positive or false negative.

Secondly, the anti vs spam war in an incremental one. Spammers are constantly changing to avoid scanners which are constantly changing to keep up with spammers. If it's a new troublesome spam campaign, there is a good chance the filters will catch it tomorrow or the next day.

Anti-spam problems fall into two categories.

False Positives
Mail which is detected as SPAM, but is really not SPAM
False Negatives
Simply missed SPAM.

Your primary tools for dealing with them are whitelists and blacklists as introduced in Anti-Spam Settings.

Unfortunately, overly strict or overly permissive whitelist and blacklist entries can be the source of the problem too.

Analyzing Blacklist or Whitelist Entries for Unwanted Emails

It's very common for folks to be overly permissive with their whitelist due to a common misunderstanding about the validity of the "From" header in email. Spammers use this method as an easy way to get message through to unsuspecting recipients. Big global allows like *@gmail.com or *@mailbag.com will almost always increase false negatives!

1. Diagnosing this problem starts by looking at some hidden data in the message.
The "Message Details" link in webmail will show you this secret data. If you're using a POP client, you have to find the right path to viewing the data yourself. It's likely marked something like "view extended header."

File:message-details.png

2. Now we can look at this "Message Detail" data. You'll see some headers added by the spam filter, and possibly a white or blacklist indicator as seen below.

File:whitelist-header.png

File:blacklist-header.png

3. If you see a whitelist or blacklist entry and you didn't intend to whitelist or blacklist this message, you have found your culprit. Now go back to Anti-Spam Settings and review you're settings.

Using Whitelists and Blacklists to Fix Problems Safely

Image:Dialog-information-22px.png The rule of thumb is to remember that shady folks can and will forge "From" addresses often.

This is another topic that seems simple, and for the whitelist, it mostly is. Just don't be too permissive, and don't whitelist youself. Whitelist yourmom@aol.com instead of *@aol.com, and you'll get you'll get your mom's chain emails without undermining the spam filters catch rate.

The blacklist is another story. If it's UCE (Unsolicited Commercial Email) like a newsletter from your widget supplier, the blacklist should work just fine. Mr. Widget may be over zealous with his email marketing, but he is unlikely to stoop as low as forging from addresses and rapidly changing the forged from address to bypass your spam filter.

Cyber criminal scam SPAM is another story. These folks are shady. They forge and change their "from" addresses all day long. In this case, you will most likely have to wait for our filter signatures to catch up.

Disappearing Email and Secondary Filters

Disappearing e-mail and secondary filters extend beyond Outlook, but Outlook is where we see it most often. Microsoft started turning on "junk" e-mail filter in their POP clients by default some time ago.

The challenge is their filters tend to be less accurate. Most folks forget to check their Outlook spam folder. But we recommend being aware of any secondary filters in your email client and either turn them off, or using them with intent. For additional information, please click on the following Microsoft link: http://office.microsoft.com/en-us/outlook/HP052429671033.aspx. If you are not using Outlook, please consult your vendor's website.


Views
Personal tools