This content is no longer maintained. Please visit our new website.

ACCC Home Page Academic Computing and Communications Center  
Accounts / Passwords Email Labs / Classrooms Telecom Network Security Software Computing and Network Services Education / Teaching Getting Help
 
Filtering Out Spam at UIC
0. Contents 1. Canned Spam Filter 2. Upcoming Changes to Spam Filtering 3. Anti-Spam Filter FAQ

FAQ - Email: ACCC Anti-Spam Filter FAQ

 

If you have not already read the general information on our Anti-spam filters, please read that first.

The ACCC Anti-spam filters are applied to all email sent to uic.edu addresses (regardless of whether it is delivered to an ACCC email account) and to all email delivered to an ACCC email account.

To configure your anti-spam filters, visit our Email Filters utility page and login with your UIC netid and ACCC common password. To work on your anti-spam filters, click ANTI-SPAM Settings/Filter.

Much of what we describe here is changing as we move more incoming email to be processed by our new Barracuda antispam and antivirus appliances. See Upcoming Changes to Spam Filtering for details.

 

Table of Contents

  1. General
    1. How do I get a more detailed report on my spam?
    2. I am suddenly receiving more/less spam in my inbox now than before. Why?
    3. What if I don't want to receive ACCC's spam summaries at all?
    4. Mail from lists I'm subscribe to are being marked as spam. What can I do?
    5. A legitimate message was filtered out as spam, how do I get it back?
    6. Can I report spam that came to my Inbox?
    7. Too many legitimate messages are being marked as spam. What about them?
    8. That UIC Listserv email is spam but it always comes through anyway. What can I do?
    9. Spam appears to be coming from my account! What can I do?
  2. Configuring Your Anti-Spam Filter
    1. Can I change the subject line of all messages marked as spam?
    2. Can I make sure that I don't accidentally run any auto-execute viruses or Web bugs if I open a spam email message?
    3. I'm still getting too much spam! What can I do?
    4. How can I automatically delete all my spam?
  3. Greylisting -- Note that Greylisting is being phased out as the Barracudas are being phased in.
    1. I have greylisting turned on, but I'm worried that email that I want is being rejected. How do I get a more detailed report on my greylisting?
    2. I see that a legitimate piece of email has been rejected, can I get it back?
    3. How long will the delay be for rejected messages?
    4. I've "whitelisted' the address, so why doesn't the mail come back?
 
     
 
     
General
 

Question 1.1 How do I get a more detailed report on my spam?

  • At the top of the Anti-Spam filter configuration page, there are two basic options: to Tag the email as spam, or to move spam email to your spam email folder on the server.
  • The second is the default. With this option, we will send you email messages listing the spam email that you receive, and giving you the option to have it redelivered to your Inbox, and/or to automatically whitelist the sender's email address.
  • Want more information about the spam status of a particular message? The anti-spam filter puts information about what spam tests that a message fails in the message header along with the message's spam score, the higher the more likely the message is spam. A spam score of 5 is enough for a message to be marked as spam. There is an example of the full spam headers of a spam message in Canned Spam Filters.

Question 1.2 I am suddenly receiving more/less spam in my inbox now than before. Why?

  • Spam fighting is an ongoing war. How much spam you get in a day depends on who is winning the current battle, and that depends on many factors.
  • Spammers continually come up with new tricks, so we write filters for them, they come up more tricks, we write more filters, and so on. Sometimes they get ahead, and sometimes we make progress. Sometimes, especially when they deluge us with huge amounts of spam at once, the time it takes to respond is too slow, so more spam gets through.
  • Another factor is how much your email address has been spread through the Internet and in spammer databases. A new account will not receive much spam, but the longer you have it the more spam you can expect.
  • The best way to avoid spam is preventative -- think carefully before entering your email address into any web forms.
  • Also look out for tricks they use to gather addresses, such as "mail this news story to a friend", "send a greeting card to your sibling", etc. Many addresses are on spam lists because some well-intentioned friend fell for one of these tricks.

    We are continually seeking out new software solutions to make this better, but there fluctuating amounts of missed spam are inevitable. Please bear with us.


Question 1.3 What if I don't want to receive ACCC's spam summaries at all?

  • We don't recommend this, since you may easily lose legitimate email this way by forgetting to check your spam folder. Nonetheless, if you want to take that risk, you can simply create a separate email filter to do so.
  • Use the "CUSTOMIZABLE email filter setup" option to create a new filter. Choose Subject: field of the incoming mail starts with this text, and here you type in ACCC Spam Summary. Then below for what action to take, select Delete the message.

Question 1.4 Mail from lists I'm subscribe to are being marked as spam. What can I do?


Question 1.5 A legitimate message was filtered out as spam, how do I get it back?

  • Messages detected to be spam are moved to your spam folder, unless you have specifically selected to bypassed this in your anti-spam settings. The easiest way to move a message back is to use the links in your Spam Report email message. Beside the email message's Subject: is a (redeliver) link; click it to have the message redelivered to your Inbox.
  • You can also use Webmail: Login at https://webmail.uic.edu and then click on the spam folder from the left frame. Once you've found your message in the right frame, click to select it, and then click the MOVE button at the top to move it your INBOX.
  • For more information on using Webmail, see the ACCC Webmail Users Guide.

Question 1.6 Can I report spam that came to my Inbox?

  • You can help us develop spam filters by reporting spam that was not caught by our filters. To do so, we have created a mailbox named reportspam for you in your mailserv, tigger, or icarus email account.
  • If you receive spam in your INBOX, move it to this new folder. We will move messages that you put in your reportspam folder out of the folder a few times a day and use them to help us create new anti-spam filters.
  • Note: Your reportspam email folder is on the server, not on your local disk. If you use an email program such as Eudora or Outlook with POP, you will not have access to this folder. If you use IMAP, you might have to subscribe to the reportspam folder before you can use it.

Question 1.7 Too many legitimate messages are being marked as spam. What about them?

  • Legitimate messages marked as spam are known as "false positives." There are some general things to check:

    • Is it mail that is from a outside of UIC, that looks like spam and is marked as spam, but it is actually legitimate? If you receive this sort of email regularly from the same sender, you can just add the sender to the ANTI-SPAM setup page in the section called My Whitelist - Do NOT apply spam filters to certain senders.

    • If you receive too many false positives for a mixture of reasons, you may want to lower the sensitivity.

    • If a note that looks perfectly legitimate was counted as spam, it may be worth our looking at it. Please send these messages to spamfiltering@uic.edu. Please be sure to include ALL the headers of the email message. Sometimes we are able to find and fix problems by looking at false positive messages. But do not expect a reply to every forwarded message.

Question 1.8 That UIC Listserv email is spam but it always comes through anyway. What can I do?

  • By default, all UIC Listserv lists are exempted from spam filtering.
  • What you should do in this case is unsubscribe from the list.
  • Use the ACCC Listserv Subscriber Utility to subscribe, unsubscribe, or change the options for your subscriptions to UIC Listserv lists.

Question 1.9 Spam appears to be coming from my account! What can I do?

  • Spammers normally forge the FROM address in an email. Sometimes they forge it so that it's the same value as the recipient to whom they are sending, hoping to bypass anti-spam filters by doing so. Most spam filters are not so easily fooled, however, so these are usually caught and filtered with the rest.

    It can be disconcerting to users, because it appears as though this spammer is actually using your account to send out these messages. But this is not the case - the fact that someone can send email using your address does not mean that they have any access to your account. Forging email is very easy, as easy as writing whatever you want to write in the return-address part of a physical paper envelope. Mail is delivered as addressed regardless of what is written in that field. Email works the same way.

    In some cases, more rarely, the spammer may choose your address as the FROM address in a large batch of spam sent out to very many recipients. Again, they are hoping that anti-spam filters will allow it through since it appears to come from a legitimate UIC address, but this tactic usually fails as well. Unfortunately this has a nasty side-effect.

    Since spammers often send messages to many invalid recipients, all those messages get bounced back to the sender. But in this case the sender is you. So you may suddenly be deluged with many bounced messages from all over the place, which are bouncing spam messages back to you as though they came from you.

    Spammers won't keep using the same address, they will change with each batch, so this problem normally goes away by itself after a week or two of bounces. But we can, on request, setup a special filter for such bounced messages for you if it persists.

    Can anything be done about this? We do try to catch these with anti-spam filters, but spammers know about these filters too, and the cat-and-mouse game continues, so we will not probably never reach 100%. Can anything be done about forging email FROM fields? Yes, for secure mail there are "PGP" signatures and other encryption techniques. It requires the sender and the recipient to be aware of these methods, so most users have not found the complexity and effort necessary to use it worth their while. At least not yet.


 
     
Configuring Your Anti-Spam Filter
 

Question 2.1 Can I change the subject line of all messages marked as spam?

  • Yes, using the default option in Message Modifications to add ***SPAM*** before the Subject: in spam email messages.
  • This will keep the original subject line the same, but put an indicator before it. So, for example, a note with this subject line,

    Subject: You are over Quota in Webmail

    would come out as ....

    Subject: ***SPAM*** You are over Quota in Webmail

  • Note that, as we move more incoming email to be processed by our new Barracuda antispam and antivirus appliances, all email identified as spam will be marked have their subjects marked with ***SPAM***; you will no longer be able to opt out.

Question 2.2 Can I make sure that I don't accidentally run any auto-execute viruses or Web bugs if I open a spam email message?


Question 2.3 I'm still getting too much spam! What can I do?

This is also changing as we move more incoming email to be processed by our new Barracuda antispam and antivirus appliances. See Upcoming Changes to Spam Filtering for details.

  • You can try setting the Spam Filter Sensitivity threshold lower on the ANTI-SPAM Settings/Filter page.
  • The default setting is Normal. You can lower this to Aggressive, but this makes it the MORE likely that legitimate mail will be filtered out as spam.
  • You can go further than this, also, though we don't recommend this because it will mean more legitimate messages are accidentally filtered out. But if you are vigilant about checking your spam folder for legitimate messages, you may want to do this:
    • Use the CUSTOMIZABLE email filter setup option to create a new filter. Create the filter to say:

        If any header line of the incoming email starts with this text: X-Spam-Level: ***
    • Then below for what action to take, select that you want it filed into your "spam" folder (if that's where you want it).
    • Note the number of stars (*) in the filter text. The above example has three -- that means that it scored 3 on the SpamAssassin tests -- but you could make it more aggressive yet by using only two, and even more so by using only one. Be sure to have at least one, however, or else it will catch ALL of your messages.
  • Or, you can also enter specific custom rules against specific spammers who repeatedly send you similar messages, using their FROM addresses or SUBJECT lines to recognize them. Just use the normal CUSTOMIZABLE filter for this purpose.
  • And -- this is perhaps the best option -- you can turn on greylisting, a new tool in the war against spam that really seems to work. For a description, see Greylisting in Canned Spam Filters. I have the sensitivity set to Normal and greylisting on, and I what spam I still get the Junk email filtering features of my email program (Thunderbird) generally takes care of.
  • There are two problems with greylisting: (1) it can delay the delivery of some incoming email a bit, and (2) greylisted email is never delivered, and cannot be recovered. See the discussion of greylisting to see whether you want to use it. I don't know of any email that I wanted to see that I've lost to greylisting, but, of course, that might not be the case for you. See also the Greylisting FAQ below.
  • See How can I personalize my anti-spam filter to make it more accurate? for a more radical suggestion.

Question 2.4 How can I automatically delete all my spam?

  • We strongly discourage this option, since it is very likely that you will loose legitimate email at some point by doing so.
  • Nonetheless, you can do this simply by creating another filter in the same manner described above. Use any header line, contains, and then type in X-UICClass: UICClass Spam for the text. Then for the action you can select delete the message. See Creating Local Filters for Spam Headers.

 
     
Greylisting -- Note that Greylisting is being phased out as the Barracudas are being phased in.
 

Question 3.1 I have greylisting turned on, but I'm worried that email that I want is being rejected. How do I get a more detailed report on my greylisting?

  • There is a Web page in the Email Filters Utility that lists all recent email address that have gone through greylisting.
  • Go to the Email Filters utility page and login with your UIC netid and ACCC common password. Click ANTI-SPAM Settings/Filter, and scroll down to the bottom of the the blue boxes; click on view my greylisting statistics.
  • I think you will find that the rejected email is all spam.

Question 3.2 I see that a legitimate piece of email has been rejected, can I get it back?

  • There isn't anything that YOU can do, but if the message really is legitimate, then you shouldn't have to do anything. The remote server will re-send it to you shortly, at which time it will not be rejected again.

Question 3.3 How long will the delay be for rejected messages?

  • That really depends on the remote server from which the message is coming.
  • Normally legitimate email servers try to re-send messages within a few minutes after receiving such rejections. Nonetheless, it is rare but possible that the remote server in question is using a larger delay period.

Question 3.4 I've "whitelisted' the address, so why doesn't the mail come back?

  • Whitelisting an address will only affect all FUTURE delivery attempts; it can't undo the rejection that we've already given to a particular message.
  • However, it is true that after you whitelist an address, it won't be subjected to greylisting rejections or any other type of spam filter rejections.


Need Additional Help?

Consider our Troubleshooting Guide. If you need additional assistance, please call the Client Services Office at (312) 413-0003. You can file a problem report or email us at consult@uic.edu.
 
Filtering Out Spam at UIC Previous:  2. Upcoming Changes to Spam Filtering


2010-11-9  systems@uic.edu
UIC Home Page Search UIC Pages Contact UIC