Tag: katharion

Even more Katharion Spam Filter Details

Welcome to the Katharion Anti-Spam Filter!

The first thing you’ll notice is that you’ll get less spam.  You could actually stop here, but becuase you’ve just moved to this system, the filter doesnt’ know the types of emails that YOU might get that you say are NOT spam.

So we need to watch out for ‘false positives’ – this is the term used when a spam filter catches a ‘nonspam’ email and thinks that it is Junk email.

Our next step is to ‘train’ the filter to know which of our emails that it thinks of as spam are not really spam.

Training the Spam Filter: Whitelists, Blacklists, Quarantine

Every evening, you will get a digest containing ALL the email that was caught by the filter over the last 24 hours.  The digest email is split into two parts: Probable spam, and Definite spam. Using traffic patterns, advanced content detection and other methods, Katharion splits your incoming ‘flagged’ junk mail into those two sections.  Probable spam is the section that you will need to look at carefully for the first few weeks.  This is the area that is most likely to have ‘false positives’.

On each email, under each section, it will show you the sender’s name and address, and the subject line of the email that has been quarantined.  For the first week or so, you’ll want to go slowly through this list and look at both the subject line and the from: address.  Sometimes companies use re-mailers to send out their bulk emails, and I personally have had items from reputable mailers quarantined because of their sender (Constant Contact, for example has agreements with most filtering companies that their mailings won’t be quarantined.)

I found an email that is NOT spam!

When you find an email that is good (or suspected to be good) you’ll click the ‘Release‘ button next to that email.    This ‘Releases’ the email from quarantine and allows it to be delivered to your standard email program. (e.g. outlook). If you already know that this email is from a sender you want to ‘whitelist’ (always have their emails delivered to you without quarantine), then you can click the ‘whitelist’ button that will show up on the next page.  If you’re not sure from looking at the subject and/or from: of the email if it is a good email or not, you can release it from quarantine, wait to get it in your inbox, and THEN go back and click the whitelist button.

If you already have a list of email addresses that you wish to whitelist, you can add it to your own personal whitelist after logging into your account.

Do I have to do this EVERY day?

After about a week or two, you may find that a few days will go by between seeing a suspected ‘false positive’ in your quarantine.  When that day comes, you can turn off the daily digest emails, and then you’ll just check on the server if you think that an errant email has been caught.

To sign on, you’ll visit http://iwbyte.katharion.com/ and log in with your email address and password (which It Won’t Byte will supply you).  On the web site, the last 1,000 messages are stored – this could be 2 days or 2 weeks, depending on how many messages you get in a day.  You’ll also be able to see cool data like what percentage of your emails are spam, and customize the sending of your digest emails.

But what about…

If you have other questions, feel free to contact [email protected] and we’ll help you out.

More details for Katharion Anti-Spam filter

Earlier I gave an overview on the Katharion Anti-spam filter available to It Won’t Byte customers.  Here’s some more information:

When your domain uses the Katharion Anti-Spam filter, the administrator for that domain will set up a list of users for the domain.  Each  user then has a number of  email addresses that point to that user’s main address.

e.g. for the domain xyz.com, there may be three users:

Then to each user, we’ll attach email addresses.

So now Katharion knows where to send email that is addressed to any of the addresses @xyz.com.  Note that there is no ‘catch-all’ available for katharion – if someone emails [email protected], that email address will bounce, even if it is set up on your local mail server, becuase the Katharion system will see it is not one of the above users or email addresses, and drop that email.

The reason to set up different users is because every day, a digest of ‘caught’ (also called ‘quarantined’) email messages is sent to the ‘user’ for a particular email address.  So all the spam that is sent to either info@, sales@ and george@ in our example above gets sent in a list to [email protected].

The digest email is split into two parts: Probable spam, and definite spam. Using traffic patterns, advanced content detection and other methods, Katharion splits your incoming ‘flagged’ junk mail into those two sections.  Probable spam is the section that your users will need to look at carefully for the first few weeks.  This is the area that is most likely to have ‘false positives’.

From this digest email, your users will be able to release the email to let them read it and see if it is spam, and if it is not, they will be able to whitelist it so that it never is considered spam again.  The whitelist is based on the sender address.

You may also whitelist specific addresses or even entire domains in advance of messages getting stuck in the quarantine by using the control panel.  These whitelists can be per-user, or the administrator for the domain can make domain-wide whitelists and blacklists that affect all users.

Some clients have a central ‘Junk mail officer’ who checks spam for all the users on the domain.  In their setup, if George is the JMO, they might set up their domain this way:

In the above example, Todd and Mary and George all get their email delivered to them separatley as usual, but their spam is all held in George’s quarantine, and he is the only one who can release the email (to be sent to the original recipient) if he determines that it may not be spam.

The Katharion system also checks for Viruses, but we recommend a desktop anti-virus system in addition to watch for viruses that are not disseminated by email.

Want to learn more? See Part III of our Katharion details write-up

More questions? Contact [email protected] for assistance.

Katharion Anti-Spam Add-on

All hosting accounts at IWByte.com offer built-in filtering for spam using the open-source SpamAssassin program. This is available at no cost with all email accounts. SpamAssassin uses a ‘points’ method of filtering, with various facts about an email receiving specific points. That is, an email with a subject in ALL CAPS would receive .5 points, the occurance of words like “viagra” or ‘Cialis” would be 1 point, saying you’ve won $25,000,000 (TWENTY FIVE MILLION DOLLARS) would be worth 2.5 points, etc.

Then all emails that have ‘spam-point’ totals of more than a certain amount (a default of 5.0) would be marked as ‘spam’ and filtered into a holding box on the server These Spam emails are then saved for 7 days and then auto-deleted.

SpamAssassin (SA) is a great tool, especially for being open source (read: free). Its strength is its Bayesian learning techniques, which improve over time as you receive more spam. That means that each person’s mail filter is personalized based on the specific type of spam they receive. So the more of a specific type of spam you get, the more likely that specific spam will be caught in the filter.

Using these two methods, the built-in SpamAssassin spam filters catch 90% of all spam after running for a few weeks, and for many clients, this is sufficient.

However, over the last few years, spam has become even more prolific, and while SA may catch 90% of spam, with spam levels going from 200 a day to 2,000/day means that the spam that is let through increases as well. For some clients, depending on how public their addresses are, they may recieve more spam than others, and may need a more advanced filtering system.

This is why It Won’t Byte has partnered with Katharion to offer their Anti-Spam filters for our clients. With SpamAssassin, the filters are applied on a per-user basis, but with the Katharion system, all email for a domain is redirected to Katharion’s servers, where it is checked for spam using a more advanced and updated ruleset, and then passed back to It Won’t Byte’s servers, to be run through SpamAssassin and then placed in each user’s mailbox.

Katharion has many advantages to SpamAssassin, including:

  • Discover current spam that needs filtering by use of ‘Honeypots
  • Dedicated staff to adjust rules on-the-fly
  • Large number of accounts – an email sent to hundreds of unrelated accounts at once is more likely to be spam.

We tested Katharion on the IWByte.com domain for several months and then invited some select clients to sign up for the service and they have experienced dramatic reductions in spam. At the time of this post, the pricing for Katharion per-domain (for up to 25 users) is $12.00/domain/month. If you have multiple domains that point to the same address (i.e. [email protected] and [email protected] both point to the same account) then these can be aliased to the main domain at no additional cost.

All billing is done through It Won’t Byte and is synced with your hosting renewal dates, billed in 3,6, or 12 month increments to match your hosting account. Note that a ‘user’ is counted as a specific emailbox that finally receives the email. So if info@ and welcome@ and joe@ all go to Joe’s mailbox, then that only counts as one user toward the 25 user limit.

How does it work?

Once configured for your domain, each user will be provided with a password (if you have a password you would like to use for each user, let us know beforehand). Then each user can log in the administrative panel to manage their preferences.

Each member can adjust their spam tolerances (i.e. how strict do they want the filters to be) as well as how often notices are sent to list the spam that was caught. By default, the configuration is to hold all caught mail in quarantine for 7 days.

On each emailed notice you will be given a chance to release an email from quarantine, or whitelist that user so that they won’t be marked as spam next time, or both.

Each email address and aliases for that address are all covered by one configuration log-in, so an email address of info@ and welcome@ that all go to johndoe@ will all be covered by one log-in.

For more details, see Part II of our Katharion write-up.
If you would like to sign up for Katharion anti-spam filtering, please contact us at [email protected]