• My Spam Quarantine
  • My Spam Preferences
  • SpamBuster Options
  • SpamBuster Headers
  • Stopping Email Leakage
  • Spam Statistics
  • SpamBuster Version
    • By default:

    Overview

    SpamBuster is a centralized spam filter running on the CSE mail system that allows you to filter out most of the spam you receive. You have some degree of control over which messages get identified as spam, and you can control how spam is treated. (And you have control over whether your mail is scanned at all; i.e., you can "opt-out" entirely.)

    SpamBuster is based on the open source SpamAssassin tool, which identifies spam based on a large set of rules and assigns a "spamscore" to each incoming email message. SpamBuster then tags each message by adding some special lines to the message header to indicate the spam score and the rules that contributed to that score. Next, it checks the score of the message against your personal "spam threshold" and will quarantine any message that meets or exceeds that threshold. Any message that falls below your threshold is just passed along to your normal inbox

    Central Spam Quarantine

    You still can't forget about spam altogether, because no automatic detection scheme can be perfect. You can think of the spam score as a sort of probability that the message actually is spam – the higher the score, the more likely it is to be spam. But some legitimate messages might also look like spam. So, you should Check your quarantine periodically to look for any legitimate messages (false positives) that have been inadvertently identified as spam. Individual messages can be previewed in your Quarantine. Each time you review your Quarantine, any messages that you do flag as legitimate will be removed from the quarantine and re-delivered, to wind up back in your regular inbox, irrespective of their original spam score. Other messages (true spam) can be discarded. (How? See FAQ #3.)

    You can affect the number of false positives (and false negatives) you get by adjusting your spam threshold up or down. The default is set at a value that seems to work fairly well, but feel free to play with it as you learn how it performs for you. It's almost certain that you won't want to raise it. But many people lower it and seem to live happily. But your mileage will vary!

    Quota

    Quarantined spam will be automatically discarded after a specific period of time (by default, 3 months), whether you review it or not. You can adjust the "auto-discard" period in your SpamBuster Preferences.

    Options

    You can control many aspects of how the SpamBuster filter operates on your mail, as well how your quarantine operates. For more details of how you can customize SpamBuster, see the SB Options page.

    New Features

    Two features will help cope with extremely large quarantines: mass-discard and auto-discard. The first is something you can use when viewing your Quarantine to discard all messages older than a given age, or higher than a given score. The second (auto-discard) is a type of quota, and will automatically keep your quarantine from growing too large by eliminating old messages nightly. See the Quota section above for more information.

    Grey-listing

    Another new opt-in feature in SB 2.0 is grey-listing, which rejects all incoming mail the first time it is seen from a given sender, and accepts when it is resent. All legitimate mail service providers will automatically resend any rejected mail (typically within about 30 minutes), but few spammers bother to even check for rejected mail, much less queue it for resending. Grey-listing is an "opt-in" feature for individuals — it is disabled by default, and you must enable it in your SpamBuster Preferences. For mailing lists, grey-listing is enabled by default; list administrators can disable it in the Mailman list management interface.

    Frequently Asked Questions...

    Sounds great! But I'm still seeing tons of spam. Why?

    Your spam is almost certainly getting scanned and tagged, but the default Action for my spam setting is probably set to pass-through (which sends all your mail – spam or not – directly to your regular mailbox.) You can change this by visiting your SpamBuster Preferences page, and setting that option to quarantine. (Don't forget to press Save.)

    You can also lower your spam threshold a little bit (like a half-step or so at a time), but it's a good idea to check your quarantine carefully for the next few days, to be sure you aren't getting any false positives (legitimate messages caught by the filter and stuck in the quarantine.)

    I'm already using a spam filter. How do I switch?

    Easy. Just turn off whatever you're using now. Then visit your SpamBuster Preferences and change the Action for my spam setting to quarantine and press Save. Or, you can leave your filter on, if you want. The SpamBuster acts on the mail before it arrives at your mailserver (and your filter might catch some spam that SpamBuster misses.)

    What's the deal with "discarding" spam in my quarantine?

    When reviewing your quarantine, you will mark any legitimate messages as unspam. But you need to explicitly flag messages for discard, too. There is a way that you can flag all messages for discard when you start reviewing, which will save you lots of clicking (special 'mark all' checkboxes are located at the top and bottom of the list -- for any of the settings, actually). But if you do mark everything for discard, be sure that you have scanned all messages before you click the Finish button - otherwise you might overlook a legitimate message that found it's way into your quarantine. Also check out the Default Disposition setting in your Spam Preferences.

    You can also use the mass-discardfeature to discard any message older than some age, or with a spam score higher than level. A huge relief if your quarantine is overwhelmingly large!

    My quarantine is huge and I don't want to page through the entire thing, one small screen-full at a time. What can I do?

    Large quarantines are extremely cumbersome to deal with, since you can only review and dispose of a relatively small number of messages at a time. The mass-discard feature will discard any message older than some age that you specify, or with a spam score higher than a level that you specify. Look for this at the bottom of your spam list (just above the preferences.)

    What is grey-listing? Are there any disadvantages?

    Grey-listing takes advantage of a feature of the Internet mail transport protocol, whereby any message that is temporarily rejected by the receiving mail transfer agent (MTA) will be resent after a short wait. This mechanism was originally designed for reliable mail transport by allowing the receiving MTA to stop receiving mail when it temporarily runs out of resources. But most spammers use fairly unsophisticated mailers (especially those embedded in spyware), and they do not bother to even check for rejected messages, let alone re-queue any rejected messages for resending. The first time a message is received from a given sender, it is simply rejected with a temporary failure status. And if it is received again within 5 hours (most MTAs will resend temporarily rejected messages after about 30 minutes), it will be accepted. Any "accepted" sender (by the sender's email address and /24 IP address prefix of the sending host) to a local address will be remembered, and all subsequent messages received from that sender within one month will be accepted without the reject/resend process. So as long as your correspondents send you something once a month, there will be no delays; if they don't send that frequently, then their next message will go through the same reject/resend cycle.

    There is one small disadvantage... When you register at certain websites, they may send you a registration confirmation message via email which contains a followup URL you must visit before you can proceed. Some web registration systems will send password reminders upon request to your mail address. You don't want to wait 30 mintues for those, which is why grey-listing was established as an opt-in feature. If you like using the grey-list feature, you can always disable it temporarily whenever you are about to request a password reminder or register at a website.

    Grey-listing is an opt-in feature - it is disabled by default, for individuals. You must enable grey-listing in your Spam Preferences.

    For mailing lists, grey-listing is an opt-out feature. Mailing lists are an especially painful spam target, because the effects are multiplied manyfold. And because mailing lists typically do not have the disadvantage described above, grey-listing is enabled by default. It can be disabled by list administrators, in the Mailman list administration pages.

    Does grey-listing affect regular SpamBuster filtering?

    No. Grey-listing is just a pre-filter. Once the resent message has been accepted, it is sent along it's way to the regular SpamBuster filter, where it will get scanned as usual, scored and possibly quarantined.

    What are all the tags that SpamBuster inserts into the header of my message?

    A list of all the headers that SpamBuster includes in your email is available here.

    Why am I not seeing any of the special SpamBuster header tags?

    All incoming email to the department from outside UW is scanned and tagged, regardless of whether it is spam or legitimate mail. There are three possibilities:

    1. Your setting for Scan my mail for spam is set to off.
    2. At times of extreme load, the email system suspends the spam filtering process until the incoming mailstream lightens up. We monitor system performance, and will put appropriate resources in place to address load problems.
    3. More likely, your email client is simply not displaying the header tags. Outlook and Thunderbird, for instance, only display a few of the header fields (e.g., FROM, TO, SUBJECT, DATE). In that case, you may want to enable the SpamBuster setting for "Modify Subject line", which will insert an easily identified string into the subject line of any message that is identified as spam (according to your threshold.) Also, if your mail client has a built-in filtering tool, you can use a tagged subject line to filter for spam. In Outlook, for instance, set up a special folder to hold spam, then use the Rules Wizard to set up a filtering rule to cause any incoming message with a modified Subject line to be immediately diverted to that folder. (Be sure to check that folder – in addition to your SpamBuster Quarantine – occasionally for legitimate messages that might have been mis-identified spam!)
    How do I prevent mail from my regular correspondents (or others) from being treated as spam?

    Add their email address (or the domain name) to your "good list", which you will find on your SpamBuster Preferences page.

    How do I block mail from certain sites or addresses from ever showing up in my inbox?

    Add the email address (or the domain name) to your "bad list", which you will find on your SpamBuster Preferences page.

    How do I specify an email address in a good or bad list?

    Good and bad list addresses are file-glob-style patterns, so "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work. Specifically, "*" and "?" are allowed, but all other metacharacters (special characters) are not. Regular expressions are not permitted for security reasons.