Spam FAQ

From SonicWiki
Jump to: navigation, search

What is Spam?

There are many different opinions, but an accepted definition at Sonic.net is:

Unwanted, unsolicited mass distributed messages.

Spam is unsolicited email, "junk mail," typically commercial in nature, sent indiscriminately to as wide a target audience as possible. It is a great source of aggravation, lost time, and increased expense on the Internet. The proliferation of spam has a negative impact on the Internet as a whole, on Internet service providers, and on the end user.

Sonic.net is committed to fighting the flow of spam. Currently we handle approximately 1.4 million email messages a day, and of those 1.4 million, about 900,000 are blocked as spam!

Sonic.net employs multiple strategies for reducing the flow of spam. While there is unfortunately no way to block every single spam, the tools and techniques listed below do dramatically reduce its quantity and make it much easier for our users to manage.


What should I do if I get Spam Email?

First and foremost, if you have not enabled [spamassassin SpamAssassin] yet, please do so. This can be accomplished at our Spam General Configuration page. When SpamAssassin is turned on, Graymail will catch any messages marked as spam (this is the default behavior and can be disabled if you like). From time to time you may receive a spam that slipped through the cracks. When this happens, you should determine whether or not SpamAssassin evaluated the message. When a message is evaluated by SpamAssassin, two lines will be added to its headers: X-Spam-Status and X-Spam-Level.

Non-spam Example

X-Spam-Status: No, hits=0.8 required=5.0 tests=SPAM_PHRASE_00_01,USER_AGENT_OUTLOOK version=2.43 X-Spam-Level:

According to the X-Spam-Status header, this message is not recognized as Spam. It received 0.8 hits out of a necessary 5.0 required for the message to be marked as spam. The following tests were triggered by the message, and affected its overall score: "SPAM_PHRASE_00_01" and "USER_AGENT_OUTLOOK". You can modify the point value of such tests using the Spam Modify Scores tool. The X-Spam-Status headers also informs us that these tests were performed using SpamAssassin's version 2.43.

The X-Spam-Level header will display a single asterisk (*) for each full point assigned to the message. In this example, the message scored only 0.8 points, so no asterisk is shown. The X-Spam-Level header can be useful in configuring client-side filters.

Spam Example

X-Spam-Status: Yes, hits=27.3 required=5.0 tests=AS_SEEN_ON,BASE64_ENC_TEXT,CLICK_BELOW,CLICK_BELOW_CAPS, CLICK_HERE_CAPS_LINK,CLICK_HERE_LINK,CTYPE_JUST_HTML, DCC_CHECK,DIET,FOR_FREE,HAIR_LOSS,HGH,HIDE_WIN_STATUS, HTML_COMMENT_UNIQUE_ID,HTML_WITH_BGCOLOR,JAVASCRIPT_UNSAFE, OBFUSCATING_COMMENT,OPT_IN,RAZOR2_CHECK,RCVD_IN_DSBL, REVERSE_AGING,SPAM_PHRASE_05_08 version=2.43 X-Spam-Flag: YES X-Spam-Level: ***************************

In this example, a great many tests were triggered, resulting in a score of 27.3 out of a required 5.0. The X-Spam-Status header lists the score, triggered tests, and SpamAssassin version as normal. The X-Spam-Level header shows 27 asterixes. Some additional headers are also added, notably "X-Spam-Flag, which simply indicates that this message should be handled as spam by programs such as Graymail, which assist in disposing of these unwanted messages.

Unevaluated Mail

If a spam comes through without the X-Spam-Status and X-Spam-Level headers, it was never evaluated by SpamAssassin. Please double-check that you have SpamAssassin enabled so it will catch future messages of this sort. It is also possible that our SpamAssassin servers were under high load or otherwise unable to test your message, in which case it would be delivered without any modification or evaluation.

Sonic does not tolerate spam and with your help we will block known spam sites from being able to send email to Sonic Members. If you would like to read more information about spam, check out the Fight Spam on the Internet! page.

Does Sonic.net Filter for Spam?

Sonic.net takes a number of steps to reduce the amount of spam delivered to our customers:

Mail Server Management

Our mail servers are RFC compliant. This helps to block spam from senders who use bogus 'from' addresses to obscure the source of their email. Our email servers are able to block such email before it gets to your mailbox. If an email does not have a resolvable originating IP, it will not be delivered.

Mail Exchange Filtering

Our MX servers use system that is maintained in house to reject messages that we have a very high confidence are spam or are sent from a significantly misconfigured host. It uses a combination of both public and private reputation lists and checks for compliance with mail server best common practices as well many other techniques to identify these message. Users may disable this using the membertools.

SpamAssassin

Spam Assassin examines email as it comes in, looking for particular characteristics that are common in spam emails, and assigns points for every characteristic it finds. If a particular email earns enough points when examined by SpamAssassin, that email will be tagged as likely spam.

Operating in conjunction with SpamAssassin is Graymail, which intercepts messages caught by SpamAssassin before it is delivered to your inbox. A nightly report is sent detailing what messages were trapped. All messages caught by SpamAssassin and Graymail will be deleted from the server after seven days if you do not tell Graymail to deliver it. SpamAssassin and Graymail can be turned on at https://members.sonic.net/email/spam/filtering/.

Should I follow a link in a message to unsubscribe?

It is important to draw a distinction between an unwanted newsletter or message from a legitimate entity and other Spam. If a company that you have conducted business with sends you more messages that you'd like, by all means, use whatever method they provide to unsubscribe. The overwhelming majority of legitimate business will honor you request.

What is SpamAssassin?

Spam Assassin is an easy-to-use system that uses a set of rules to identify spam and flag it as such so that it is easily filtered. Spam Assassin evaluates incoming mail, looking for particular characteristics that are common in spam emails, and assigns points for every characteristic it finds. If a particular email earns enough points when examined by Spam Assassin, that email will be caught by Graymail and not delivered.

Spam Assassin also includes a report of which of its rules were triggered by a marked message.

What is GrayMail?

GrayMail is a tool which intercepts all mail SpamAssassin marks as SPAM before it is delivered to your inbox. All mail caught by Graymail is stored on our server for 7 days, during which time you can review them at http://www.sonic.net/graymail/. Graymail sends a nightly report of all messages it has intercepted to your inbox. If you see that a message has been improperly intercepted, you can use our convenient web interface to whitelist the sender and deliver the captured message to your inbox.

Additional information is available in our Graymail FAQ

How do I enable/disable SpamAssassin on my account?

All accounts have SpamAssassin turned on by default.

To toggle SpamAssassin go to https://members.sonic.net/email/spam/filtering/

How do I disable the nightly Graymail report?

Go to to https://members.sonic.net/email/spam/filtering/ and select "Never send me a list of messages in Graymail", then click "Save Changes".


How can I edit my SpamAssassin preferences?

You can customize SpamAssassin using https://members.sonic.net/email/spam/. Basic configuration changes include whitelisting addresses from which mail should never be considered to be SPAM, and blacklisting addresses from which mail should always be considered to be SPAM.

How can I copy my SpamAssassin preferences to my add-on mailboxes?

When logged into our Member Tools as your primary Sonic.net account, select the link labelled "Copy Your Settings to Your Mailbox Accounts". You will then be able to select which of your add-on mailboxes you would like your preferences copied to.

How do I make SpamAssassin ignore a certain message?

If SpamAssassin is catching mail that you want to have delivered, you will want to add the sender to your whitelist. A whitelist is a listing of trusted email addresses. Messages coming from a whitelisted address will only be caught as spam under extreme circumstances (when SpamAssassin's score for the message exceeds 105 points). If a message has been caught in Graymail which you know is not spam, you can choose to deliver the message to your inbox and have it added to your whitelist using the 'whitelist and deliver' option.


How can I automatically delete likely spam without having to look at it?

With Graymail enabled, your trapped spams will be automatically destroyed after 7 days (by default) if you do not intervene by having the messages delivered. You can change the number of days messages are kept at https://members.sonic.net/email/spam/filtering/.

Where can I get more information about SpamAssassin?

The most complete repository of information on SpamAssassin is available from its creators: spamassassin.org.

Can I write my own custom rules?

No.

How does Procmail work with SpamAssassin?

Customer-defined Procmail rules as specified in the ".procmailrc" file are applied after SpamAssassin has already evaluated a given message, which means that Graymail may have already trapped it before the Procmail rules are applied. If you have a Procmail recipe you would like to have applied before SpamAssassin evaluates your messages, place them in a file named ".procmailrc-first" instead of ".procmailrc"

.procmailrc-first and .procmailrc

Customers may pre-filter mail before the system wide procmail filters are executed (including SpamAssassin) by creating a file named .procmailrc-first and placing rules in it. Please note that the environment setup in .procmailrc-first may be different then what is available in .procmailrc -- see this forum post for more information.

Where can I get more information about procmail?

The most authoritative resource for information on procmail is http://www.procmail.org/. Procmail is a powerful tool with many possible uses.

Why am I receiving bounces for messages I didn't send?

The bounced message was probably sent with your address forged as the "from" address. Unfortunately this has become a common thing, and is not really preventable. If this has become a problem for you please contact support.