BPS Networks Spam Management Tutorial
Beginning in November, 2004, BPS Networks will be utilizing a new appliance that will assist us in eliminating the SPAM that comes into our network. This will impact you, our users in several ways, and all of them good. First, you will notice that you get far less spam. Email-born viruses will be much less likely to get through to your inbox. Finally, you will have available a means to manage the spam you get yourself.
First, I want to let you know that you will not have to do anything in order to utilize this free service from BPS Networks. Your email will automatically be scanned for viruses and spam. If you wish to turn off the quarantine (I will explain that in a few minutes), it is very easy to do and requires just one quick step. Since I feel that most customers will want to use the quarantine, once it is explained, I have left it on by default for all users.
The appliance we have purchased is called a "Barracuda Spam Firewall". This device includes what is known as "Bayesian filtering technology". Bayesian spam filters calculate the probability of a message being spam based on its contents. Unlike simple content-based filters, Bayesian spam filtering learns from spam and from good mail, resulting in a very robust, adapting and efficient anti-spam approach that, best of all, returns hardly any false positives. This technology has reported success rates as high as 95% accuracy! In order for the bayesian filter to be effective for you, you must "train" it. This is easy to do and will be explained later on in this tutorial.
Another feature of this appliance is a "spam scoring system". This "scoring" is based on a combination of many technologies, including the bayesian filters mentioned above. What happens is this: The email comes in and the server sending it is either accepted as a valid server or the message is rejected outright. An "invalid" server is one that is used to send spam on a recurring basis. If it passes this test, it is scanned for viruses by 2 separate virus scanners. If it fails, it is rejected. Finally, the message is tested against the scoring system (including the bayesian filters, which YOU "train") and a score is calculated for this message. If the score is less than 5, it will be delivered to your mailbox as usual. If the score is 5 or higher it will be placed in a special holding area on the appliance called a "quarantine" until you tell the system what to do with it (explained later). So we're not deleting the message; we're just storing it in our spam firewall until you have a chance to look at it.
Managing your filtered messages
Once the Barracuda Spam Firewall gets a message for you that it needs to quarantine, it will automatically create an account for you and send you an email similar to the one shown below. If you receive a message telling you that you have been given an account on our Barracuda Spam Firewall, it means:
You received a message with a score greater than 5
The spam firewall automatically activated your personal account
The spam firewall sent a random password to your email address with directions on how to view the message
The message looks something like this:
--------------------------------------------------------------------------------
Welcome to the Barracuda Spam Firewall. This message contains the information you will need to access your Spam Quarantine and Preferences.
Your account has been set to the following username and password:
Username: username@bpsnetworks.com
Password: generated_password
You may login using the following URL:
http://66.211.40.30:8000/cgi-bin/index.cgi?user=username@bpsnetworks.com&password=e0f3036e7381b08d&et=1072293947
Please be sure to change your password.
--------------------------------------------------------------------------------
You may simply click the link provided, and it will take you to your quarantine page.
Below is a picture of a quarantine page:
There are a number of things you can do from this page. The first thing to notice is the actual message listing. You see that each message in the quarantine has a check box on the left side. This box is used to "select" that message for the "action" you want to perform. Click the box next to "Date Received", which is in the heading (gray area), to select ALL messages at once. If ALL messages in your quarantine are either SPAM or NOT SPAM, you can check that box to make it a little easier to select all messages. There are 5 "action buttons" above the message list. Here is what they mean:
| Deliver: This button will deliver the message to your mailbox (if the message is not a spam, and you want to read the message in your regular email program, this is the button to use) Whitelist: This button will add this sender (the person the message is From) to your personal "whitelist". The whitelist is a setting that tells the Barracuda to ALWAYS deliver mail to me if the message has this email address in the "From" field. Delete: This will delete the message from your quarantine mailbox. Classify as Not Spam: This button, along with "Classify as Spam", is used to "train" your bayesian filter mentioned previously. It is important for you to classify messages that hit your quarantine as either SPAM or NOT SPAM. Doing so, will make the filter much more effective for you. Classify as Spam: As above, this one "trains" your bayesian filter. Use this to tell the filter that this message is to be considered as SPAM in the future. Once you classify a message as spam, it is removed automatically from your quarantine. This is permanent, and there is no way to get the message back, so be sure it really is SPAM before selecting this option. |
The "actions" column on the far right end of the message list allows you to Deliver, Whitelist or Delete a single message. Be sure you classify messages as spam or not spam before you do one of these, though. I cannot stress enough the importance of this step.
You will notice, also, that the message listing itself includes the date the message was delivered, who it is from (this column is not wide enough to display the full email address, so it may not be totally visible), the subject of the message and the 3 actions available for this message. If you wish to view the message to determine if it is spam or not, you can click on the message listing to get a popup box that will let you see the message. This is pictured here:
The view above allows you to see the message. If you are interested in viewing the "raw" message, you can click on the "View Source" tab. There have been some occasions where I have found some messages do not display properly. Without fail (so far), these have all been spam or viruses. You simply click the "X" at the top right to close this view to return to the quarantine box.
On the quarantine view, you will see a tab labled "Preferences". Clicking there will show you the following:
This screen allows you to add email addresses to your whitelist or blacklist. The descriptions of what these do is detailed on the page itself. You may also block (or allow) entire domains, so if you never want to receive any mail from Yahoo, you could put in "yahoo.com" in the "blocked" area and click the "Add" button, and the Barracuda box would then block any mail from "yahoo.com" from reaching you. However, keep in mind if you are too heavy-handed, you could accidentally block all your mail, so if you start playing with this, please keep in mind we may not be able to rescue you from whatever you did.
To manage your personal quarantine settings, click the "Quarantine Settings" button along the top:
To disable the quarantine altogether (not recommended), you simply select "No" next to "Enable Quarantine" and click the "save changes" button (the one toward the top). The "notification interval" sets how often the Barracuda should inform you when you have messages in the quarantine. Daily is the default setting. If you set this to "never", you will have to check in from time to time to see if you have waiting messages. Daily is the recommended setting until you get the filter tuned well enough so that you are certain you are not catching valid email in the quarantine. As some items will continue to be quarantined based on global rules outside of your control, we recommend that you elect to receive notifications of quarantined items so that you will know that there are things for you that you otherwise would have missed. Then you can delete or deliver those items as you choose. The "notification address" is the email address you want the notices sent to. For most of you, it is your normal email address. It is not recommended that you change the address that is listed here.
The "Spam Settings" button (not pictured) allows you to turn off spam scanning completely. Not really recommended, but some folks don't want their mail scanned at all. The "Password" button (not pictured) will require that you know your password, which is included in the "welcome" message sent to you initially. If you have lost this password, we do not have a way to retrieve it, or reset it. All we can do is delete the account, and let you regenerate it, or allow the Barracuda to regenerate it automatically, the next time you get a quarantine message.
Preconfiguring your spam settings
If you would like to preconfigure your spam settings, even if you have not gotten the welcome email, follow these steps.
1. Go to: http://smtpin.bpsnetworks.com:8000/
2. Put in your email address as username@bpsnetworks.com
NOTE: This filter is configured to work ONLY for bpsnetworks.com email addresses. You cannot set up an account for your yahoo.com email address here.
3. Leave password box blank
4. Don't click Login (see picture below) but move all the way down to the bottom to "Create Password"
5. Click button at bottom to create a password, which then will be e-mailed to you.
6. Check your email to receive your password
7. return to http://smtpin.bpsnetworks.com:8000 with your username and your newly created password
8. Visit the various buttons to set up your own SPAM settings. (This is explained above)
Using the client plugins
If you are using MS Outlook (NOT Outlook Express), there is a plugin that will allow you to mark messages you receive right from Outlook. To download the plugin for Microsoft Outlook, click the "get mail client plugins here" link at the bottom of the page located at http://smtpin.bpsnetworks.com:8000/ (pictured above). Follow the instructions on those pages to use this plugin. NOTE: This plugin will NOT work with Outlook Express or any client other than MS Outlook.
Your Daily Or Weekly Email Summarizing Quarantined Items
The Barracuda Spam Firewall will send you a daily or weekly notice listing items that it has "caught."
These may be items you want or may be items you do not want.
The email message you receive daily or weekly from the Barracuda box will look like this:
In our experience, the most reliable thing to do is look at the very bottom of the e-mail for the line that says "To view your entire quarantine inbox or manage your preferences, click here." Clicking where it says "click here" will log you into the Barracuda Spam Firewall and present you with the list of messages it has caught.
Conversely, if you start clicking on the links to the right of individual messages, many users have been taken to a login screen and have to log in each time they click on a link. This is why we recommend just going to the very bottom of the e-mail and double-clicking the link that says "To view your entire quarantine inbox or manage your preferences, click here."
Note: Some have reported that when you receive a message about a quarantined message and go to view it, your Quarantine InBox is empty. We have traced this behavior to three possible scenarios:
|
Scenario 1 - The Barracuda Spam Firewall creates a separate Quarantine Inbox for each e-mail user it identifies. So if you receive mail as "jdoe@bpsnetworks.com" and you also receive mail at "john_doe@bpsnetworks.com" this means you have TWO separate Quarantine InBoxes. Thusly it is important when you receive notification that an item has been quarantined that you determine to which Quarantine InBox the item was sent. Obviously if the item was sent to "john_doe@bpsnetworks.com" and you log in as "jdoe@bpsnetworks.com" you will see an empty quarantine inbox because you have logged in to the wrong account. As rudimentary as this may sound, this is how the spam firewall works. If you are clicking the link at the bottom of the email (as suggested above) this will not happen. Scenario 2 - For a limited category of users, there is a known bug where the Barracuda Spam Firewall corrupts your mail database and makes it appear unreadable to you. Typically if your mail database is having this problem, you will try to modify your Barracuda preferences and be involuntarily logged out of the system. In some cases you may attempt to view your Quarantine InBox and see that it is empty. Currently the manufacturer has a work-around for this that they will perform for us if we request it. Please note BPS Networks members are not to contact the manufacturer directly, and should contact support@bpsnetworks.com to report suspected mail database corruption. The manufacturer does not want calls from end-users. Scenario 3 - In some cases your browser window does not update properly to show you the contents of your Quarantine InBox. Always click the tab that says "preferences" and see if you can view any of your Barracuda preferences. Then click back onto the tab that says "Quarantine InBox". In many cases when you double-click the link in the notification e-mail the Quarantine InBox will appear empty, but once you perform this procedure, and pop out of it and then back into it, it will display message list properly. |