Spam FAQ

From SonicWiki
Revision as of 10:24, 21 February 2012 by Rodrigo (talk | contribs)

Jump to: navigation, search

What is Spam?

There are many different opinions, but an accepted definition at is:

Unwanted, unsolicited mass distributed messages.

Spam is unsolicited email, "junk mail," typically commercial in nature, sent indiscriminately to as wide a target audience as possible. It is a great source of aggravation, lost time, and increased expense on the Internet. The proliferation of spam has a negative impact on the Internet as a whole, on Internet service providers, and on the end user. is committed to fighting the flow of spam. Currently we handle approximately 1.4 million email messages a day, and of those 1.4 million, about 900,000 are blocked as spam! employs multiple strategies for reducing the flow of spam. While there is unfortunately no way to block every single spam, the tools and techniques listed below do dramatically reduce its quantity and make it much easier for our users to manage.

Why did I get Spam Email?

Spammers have many different methods for collecting Email Addresses, but commonly they gain address from stolen mailing lists, scanning IRC, Usenet postings and Web pages.

What should I do if I get Spam Email?

First and foremost, if you have not enabled [spamassassin SpamAssassin] yet, please do so. This can be accomplished at our Spam General Configuration page. When SpamAssassin is turned on, Graymail will catch any messages marked as spam (this is the default behavior and can be disabled if you like). From time to time you may receive a spam that slipped through the cracks. When this happens, you should determine whether or not SpamAssassin evaluated the message. When a message is evaluated by SpamAssassin, two lines will be added to its headers: X-Spam-Status and X-Spam-Level.

Non-spam Example

X-Spam-Status: No, hits=0.8 required=5.0 tests=SPAM_PHRASE_00_01,USER_AGENT_OUTLOOK version=2.43 X-Spam-Level:

According to the X-Spam-Status header, this message is not recognized as Spam. It received 0.8 hits out of a necessary 5.0 required for the message to be marked as spam. The following tests were triggered by the message, and affected its overall score: "SPAM_PHRASE_00_01" and "USER_AGENT_OUTLOOK". You can modify the point value of such tests using the Spam Modify Scores tool. The X-Spam-Status headers also informs us that these tests were performed using SpamAssassin's version 2.43.

The X-Spam-Level header will display a single asterisk (*) for each full point assigned to the message. In this example, the message scored only 0.8 points, so no asterisk is shown. The X-Spam-Level header can be useful in configuring client-side filters.

Spam Example


In this example, a great many tests were triggered, resulting in a score of 27.3 out of a required 5.0. The X-Spam-Status header lists the score, triggered tests, and SpamAssassin version as normal. The X-Spam-Level header shows 27 asterixes. Some additional headers are also added, notably "X-Spam-Flag, which simply indicates that this message should be handled as spam by programs such as Graymail, which assist in disposing of these unwanted messages.

Unevaluated Mail

If a spam comes through without the X-Spam-Status and X-Spam-Level headers, it was never evaluated by SpamAssassin. Please double-check that you have SpamAssassin enabled so it will catch future messages of this sort. It is also possible that our SpamAssassin servers were under high load or otherwise unable to test your message, in which case it would be delivered without any modification or evaluation.

Sonic does not tolerate spam and with your help we will block known spam sites from being able to send email to Sonic Members. If you would like to read more information about spam, check out the Fight Spam on the Internet! page.

Does Filter for Spam? takes a number of steps to reduce the amount of spam delivered to our customers:

Mail Server Management

Our mail servers are RFC compliant. This helps to block spam from senders who use bogus 'from' addresses to obscure the source of their email. Our email servers are able to block such email before it gets to your mailbox. If an email does not have a resolvable originating IP, it will not be delivered.

MTA Filtering applies a number of filters by default at the MTA level. Taking advantage of a number of reputable indexes of known spammers, we reduce the amount of unsolicited bulk email dramatically. Customers can customize which lists are used through the MTA Filter and RBL Preferences tool. In addition to allowing customers to disable certain default lists, a number of more aggressive lists are available. Spamcan

The Spamcan is a suite of tools we have made available to our users to turn on and off at their discretion. You can choose the level of protection you would like to have enabled using our easy-to-use interface, located in your Member Tools. There are three components to the Spamcan, each of which can be turned on and off at will by the user:

Local procmail filters

These filters are hand-edited lists of mail that we have received that we know are spam. Since spammers typically send out the same email hundreds of times, once we've identified a spam and put it in our local procmail filters, no one else at will receive it.

Virus Filters

Though not directly related to spam, we are pleased to offer this service. The primary purpose of the virus filter is not to provide anti-virus protection, but to help prevent fast-spreading viruses from interfering with normal email delivery. Our virus filter looks for certain very prevalent viruses sent via email and deletes them before they can be delivered to our customers.

NOTE: this virus filter is NOT an acceptable substitute for proper anti-virus software installed on your machine! The virus filter is not at all comprehensive- it is only added to when certain types of new viruses emerge that are designed to propagate via email and cause so much email traffic that they impact our services. Therefore this filter only blocks a few of the thousands of viruses that exist in the wild and must not be relied upon for virus protection.


Spam Assassin examines email as it comes in, looking for particular characteristics that are common in spam emails, and assigns points for every characteristic it finds. If a particular email earns enough points when examined by SpamAssassin, that email will be tagged as likely spam.

Operating in conjunction with SpamAssassin is Graymail, which intercepts messages caught by SpamAssassin before it is delivered to your inbox. A nightly report is sent detailing what messages were trapped. All messages caught by SpamAssassin and Graymail will be deleted from the server after seven days if you do not tell Graymail to deliver it. SpamAssassin and Graymail can be turned on at

Should I reply to Spam Email to be 'taken off the list'?

Some spammers are sneaky and include a line or two about replying to the message if you want to be taken off the list. While this could be legitimate, there are reports that this is used as bait to find out if the Email addresses they've sent to are legitimate, allowing them to clean up their list.

How can I prevent myself from getting spammed?

There are several ways to cut down on the amount of spam you may receive:

Enable SpamAssassin on your account.

Use as your reply Email whenever you don't know who will be seeing your address.

What is SpamAssassin?

Spam Assassin is an easy-to-use system that uses a set of rules to identify spam and flag it as such so that it is easily filtered. Spam Assassin evaluates incoming mail, looking for particular characteristics that are common in spam emails, and assigns points for every characteristic it finds. If a particular email earns enough points when examined by Spam Assassin, that email will be caught by Graymail and not delivered.

Spam Assassin also includes a report of which of its rules were triggered by a marked message.

What is GrayMail?

GrayMail is a tool which intercepts all mail SpamAssassin marks as SPAM before it is delivered to your inbox. All mail caught by Graymail is stored on our server for 7 days, during which time you can review them at Graymail sends a nightly report of all messages it has intercepted to your inbox. If you see that a message has been improperly intercepted, you can use our convenient web interface to whitelist the sender and deliver the captured message to your inbox.

Additional information is available in our Graymail FAQ

How do I enable SpamAssassin on my account?

All new accounts have SpamAssassin turned on by default.

If you suspect that SpamAssassin is disabled, simply go to and select "Use SpamAssassin (default and recommended setting)", then click "Save Changes". This will enable SpamAssassin on the account you are logged into our member tools as. You will need to provide your username and password to access this tool.

How do I disable SpamAssassin?

While in the SpamAssassin configuration tool at and select "Turn SpamAssassin off", then click "Save Changes". All mail sent to you after this will no longer be evaluated by SpamAssassin nor caught by Graymail.

How do I disable the nightly Graymail report?

If you don't want to be bothered by nightly reports of captured spam,this can be accomplished by going to and select "Never send me a list of messages in Graymail", then click "Save Changes".

Please note that SpamAssassin is not infallible, and occasional "false positives" can occur. It is highly recommended that you review your Graymail once a week.

How can I edit my SpamAssassin preferences?

You can customize the behavior of SpamAssassin on your account using the interface at Basic configuration changes include whitelisting addresses from which mail should never be considered to be SPAM, and blacklisting addresses from which mail should always be considered to be SPAM. For more information about each specific configuration, please see the online help within the SpamAssassin configuration tool.

How can I copy my SpamAssassin preferences to my add-on mailboxes?

While logged into our Member Tools as your primary account, select the link labelled "Copy Your Settings to Your Mailbox Accounts". You will then be able to select which of your add-on mailboxes you would like your main preferences to be copied to.

How do I make SpamAssassin ignore a certain message?

If SpamAssassin is catching mail that you want to have delivered, you will want to add the sender to your whitelist. A whitelist is a listing of trusted email addresses. Messages coming from a whitelisted address will only be caught as spam under extreme circumstances (when SpamAssassin's score for the message exceeds 105 points). If a message has been caught in Graymail which you know is not spam, you can choose to deliver the message to your inbox and have it added to your whitelist using the 'whitelist and deliver' option.

How do I get SpamAssassin to consider non-english messages to all be SPAM?

This can be configured on the page under "OK Locales." You may choose to receive messages in all languages, English only, or certain other languages as well.

How can I automatically delete likely spam without having to look at it?

With Graymail enabled, your trapped spams will be automatically destroyed after 7 days (by default) if you do not intervene by having the messages delivered. You can change the number of days messages are kept at

Where can I get more information about SpamAssassin?

The most complete repository of information on SpamAssassin is available from its creators:

Can I write my own custom rules?

No. The default configuration for SpamAssassin disallows custom rules implemented on a per-user basis. has left this disabled for security reasons.

How does Procmail work with SpamAssassin?

Customer-defined Procmail rules as specified in the ".procmailrc" file are applied after SpamAssassin has already evaluated a given message, which means that Graymail may have already trapped it before the Procmail rules are applied. If you have a Procmail recipe you would like to have applied before SpamAssassin evaluates your messages, place them in a file named ".procmailrc-first" instead of ".procmailrc"

Where can I get more information about procmail?

The most authoritative resource for information on procmail is Procmail is a powerful tool with many possible uses.

Why am I receiving bounces for messages I didn't send?

The bounced message was probably sent with your address forged as the "from" address. Unfortunately this has become a common thing, and is not really preventable.

Both spammers and viruses commonly forge the from address in emails for multiple reasons. This practice confuses antivirus programs, would-be spam reporters, and prevents the spammer from getting a flood of bounce messages with every send. Bouncing spam messages also causes most spam filtering software to indirectly deliver the message to the forged address; it appears to be a valid error message.

If the bounce message included the full original headers, you can read them from bottom to top, looking for the first Received from: line. Find the IP address in that line, 4 numbers separated by dots, such as XXX.XXX.XXX.XXX You can search using for that IP addresses administrator. If you would like to report the issue, use the "org-abuse" email address which you can find in the administrator's contact information. The "org-abuse" address is registered with the IP address allocation, and is used for reporting technical issues with those IP addresses, or their hosts. Unfortunately many ISP abuse desks are under heavy load, and responses may vary.

If you would like to participate in ongoing discussion about spammer tactics, and, Inc. anti spam efforts, please feel free to participate in our member newsgroups. In particular news:// If you believe the original bounced message was a virus, we do recommend that you check your computer for viruses. If you do not keep and maintain an up to date virus scanner, you can find free on line virus scanners at a number of sites. It is recommended that you do keep and maintain an up to date virus scanner of some type, or scan regularly using an online tool.