Penn Engineering CETS Answers

How do I filter spam using the SEAS server filter?

There are two important levels to blocking spam:

  1. Server level - This article discusses ways to stop spam at the server level.
  2. Personal level - We have a separate Answers article explaining how to filter spam using your email client.

It is important to implement both levels of filtering to control the amount of spam you receive. If you are interested in knowing more details about why both levels are necessary or just want more details about how we filter mail, please visit our How we filter mail article.

SpamAssassin (our server spam filter) examines the headers and content of a message, and then looks for various features, including SURBL checking. Each feature is associated with a score (which may be negative). The scores of all the features found are totalled, and a higher total score indicates that the message is more likely to be spam.

Any message with a total score over 15 is automatically bounced back to the sender with a "spam score too high" error message. It is extremely rare that someone trying to email you could accidentally get a spam score over 15, but it is possible. If that happens, the sending computer will receive notice of the delivery failure, which will allow the sender to resend the email in a format that does not look so much like spam. See the tips below on how to avoid being marked as spam.

Customizing the server spam filter

The first line of defense against spam (as explained above) is done for everyone automatically by the server. You can also activate spam filtering for your personal account.

To activate spam filtering, follow these steps:

  1. Visit your SEAS Account Management page at http://www.seas.upenn.edu/accounts.
  2. On the left, click on "Configure Your Account", and enter your SEAS user name and password.
  3. On the left, click on "Spam Blocker and Blocked Addresses".
  4. If you would like to have Spam Blocker filter any messages it recognizes as an advertisement to another folder, click on the "Enabled" radio button beneath "Spam Block".
  5. The box at the bottom marked "Always BLOCK" is a place you may enter addresses or domains from which you wish to receive no mail (the system will intercept and delete messages from these). Enter one address per line.
    • To block a specific address, enter the full address (freestuff@spam.hrsprn.com).
    • To block a specific mail server, enter the server's name (spam.hrsprn.com).
    • To block an entire domain, enter the domain name (hrsprn.com).
  6. Click on "Update Email Filters" to save and exit.

Generally, a message with a total score over 5 is filtered, but each individual can adjust this cut off higher (to let in more messages and block fewer legit messages) or lower (to block more spam and risk blocking more legit messages. You can change your "spam score threshold" on the Accounts Management Website

Blocked and Allowed Fields

In addition to the spam blocker, mail can be blocked/allowed from specific email fields. Full email addresses as well as domains and subjects can entered to be blocked/allowed in your SEAS Account Management page under "Configure Your Account" and "Spam Blocker and Blocked Addresses".

Important notes:

  • Blocked mail is automatically sent to your spam folder.
  • The allowed list filter comes after mail is bounced for a spam score over 15 (see above).

Blocking "Russian" (Cyrillic) email

We've received many requests to block spam messages in the Cyrillic ("Russian") alphabet. We can't do this system wide, of course, because several people in SEAS read Cyrillic. But we have added a Cyrillic spam blocking option to the account management web page for those who don't read Cyrillic. We will add additional alphabets to the filter if we receive enough requests. If you wish to block messages whose subjects or "From" lines contain Cyrillic characters, you can use this option.

How to block Cyrillic email.

Additional Information

In addition to blocking spam on the server side, we recommend using a personal filter to increase your spam catching percentage.

While this can get rid of much unwanted email, it's not always 100% accurate. Occasionally, valid email messages may be perceived as spam and delivered to your 'spamfolder'. It is important for you to review your 'spamfolder' contents --to make sure none of your personal email got marked as spam. You should check your spam folder a couple of days after you turned on the filter, so that you can see if anything is getting blocked which shouldn't be. After that, check the spamfolder if you are expecting a message which hasn't arrived, or if you are curious about how much spam is being blocked. Spam that is more than one month old is automatically deleted! You'll still be notified when you receive spam, so you can check something right away if you want to. (See article: How do I view mail that has been filtered by Spam Block?)

You could find that a spammer has been using the same email service that a friend of yours uses, and his or her mail gets marked spam. Through the spam blocker management tool, you can allow specific email addresses, mail servers, or domains through the filter.

The success of this spam blocking varies quite a bit depending on where your spam is originating. People have reported reductions of 10% to 90% of their spam with this system.

If there is a particular address that sends you mail you never, ever want to see, you can block that specific address. This action will cause any mail from that address to be immediately and irrevocably deleted. You will get no notification, and you will never be able to see that mail.

(For more detailed information on how the spam filter works, see article: How Does the Spam Filter Work?)

How you can avoid having your mail blocked by spam filters

All automatic systems try to strike a balance, but they're not perfect. Since there is so much spam now, most people are using some sort of filtering. SpamAssassin, which we use, scores each incoming message. The more spam-like features a message has, the higher the score. If the spam filter is turned on for your account, the SpamAssassin scores are used to move mail into your spamfolder automatically.

Tips to avoid being marked spam:

1. Minimize use of large fonts, colored fonts and ALL CAPS, including in your signature file. All of these raise your spam score. If possible, use plain text instead of HTML. This is a setting available in most mailers, such as Eudora/Tools/Options/Styled Text.

2. Use a specific, descriptive subject. If your subject is something like "urgent assistance needed," your mail looks like the Nigerian business opportunity scam to the filter. Do not begin the subject with "urgent" or "very urgent" and follow with one of these words: confidential, assistance, business, attention, reply, response, help.

3. Send yourself a piece of mail through SEAS or multimail and look at its headers. Check that all the date stamps are correct, since spammers often use dates in the past or the future. Read the spam markings in the mail header and check the spam "score" of what you're sending. Do this once from each location where you send mail. A lower score is better. If your mail score is over 3, please contact cets@seas.upenn.edu, and we will try to work with you to lower it. When the mail system is very busy, usually due to high virus activity, some incoming messages are not marked with spam scores. If you get an unmarked test message, please try again later.

4. Do not send attachments of the file types listed in the Answers article on Prohibited Attachments. These will be interpreted as viruses.

Even if you use the spam filter, you probably get some mail you think is spam, and you probably don't read it. If you choose not to read mail from people whose names or locations you do not recognize, tell your colleagues to use their Engineering accounts when they send you mail. For example, you may be surprised to find out that way2blue@aol.com is in your class.

If you filter for spam, look through your spamfolder regularly. If email from one of your friends or colleagues is marked spam, add that person to your "always allow" list. If that person is a SEAS faculty member or staffer, ask the person to contact CETS so we can work to fix the problem.

You can adjust the settings on your spam filter at http://www.seas.upenn.edu/accounts- select "configure your account." You can increase or decrease the number that you consider to be spam. The default is 5. Lower will remove more spam but risks removing real mail. Higher will remove less spam but is less risky.

© Computing and Educational Technology Services cets@seas.upenn.edu 215.898.4707