Author: IWByte

SpamFlare spam filter

To access your spam filter, visit:

https://iwbyte.spamflare.com/

This spam filter includes a quarantine email that is sent out periodically to all users.  This email contains a list of all the emails that the system flagged as ‘spam’.  You can click on each individual email address or subject line to be taken to a page where you can see a small preview of the email message to help you make your decision.  There you will decide to either: 

  1. Release the email (send it on to you to check and see if its spam)
  2. Release the email and whitelist the sender (send you the email and prevent future emails from this person being blocked by the filter)
  3. Confirm message is spam (Make sure you never see emails like this again)

Because we have just switched to this provider, and the system needs to ‘learn’ from you what types of email you generally receive, I expect there to be more ‘false positives’ than usual, and you may need to release & whitelist emails more often during the next few weeks.
If you find that you’re waiting for an email or want to just go and review which emails have been caught, you may visit

https://iwbyte.spamflare.com/

at any time to check your quarantine.  The first time you visit you will have to generate a password – use the ‘No account? Register now.’ link to have a password sent to you. 

A final note:

You can change when and how many times the quarantine email is sent to you – It may be set in the morning / afternoon, or just once a day at 3pm, etc.  If you’d rather get it early in the morning , just let me know.  You can also have it sent multiple times a day if you like.

Reset user email passwords in Plesk

If you have been previously set up as an email admin for your domain, you can use these directions to reset an email user’s passwords.

Step 1: Log in to your domain’s Mail Administration Control Panel (Plesk).  Usually this is at http://yourwebsite.com/mail

Step 2: Click on ‘Mail’ on the left side if you aren’t already at the list of users, or if you are already there, click on the email address of the user whose password you want to change.  See image below

reset_password_plesk_step_1

Step 3: Enter the new password for the user, and enter the same password in the ‘Confirm Password’ box.  You can click the ‘Show’ button so you can make sure you know the password you are entering.  See image below.

reset_password_plesk_step_2

Step 4: Click the ‘OK’ button to save your changes.

Even more Katharion Spam Filter Details

Welcome to the Katharion Anti-Spam Filter!

The first thing you’ll notice is that you’ll get less spam.  You could actually stop here, but becuase you’ve just moved to this system, the filter doesnt’ know the types of emails that YOU might get that you say are NOT spam.

So we need to watch out for ‘false positives’ – this is the term used when a spam filter catches a ‘nonspam’ email and thinks that it is Junk email.

Our next step is to ‘train’ the filter to know which of our emails that it thinks of as spam are not really spam.

Training the Spam Filter: Whitelists, Blacklists, Quarantine

Every evening, you will get a digest containing ALL the email that was caught by the filter over the last 24 hours.  The digest email is split into two parts: Probable spam, and Definite spam. Using traffic patterns, advanced content detection and other methods, Katharion splits your incoming ‘flagged’ junk mail into those two sections.  Probable spam is the section that you will need to look at carefully for the first few weeks.  This is the area that is most likely to have ‘false positives’.

On each email, under each section, it will show you the sender’s name and address, and the subject line of the email that has been quarantined.  For the first week or so, you’ll want to go slowly through this list and look at both the subject line and the from: address.  Sometimes companies use re-mailers to send out their bulk emails, and I personally have had items from reputable mailers quarantined because of their sender (Constant Contact, for example has agreements with most filtering companies that their mailings won’t be quarantined.)

I found an email that is NOT spam!

When you find an email that is good (or suspected to be good) you’ll click the ‘Release‘ button next to that email.    This ‘Releases’ the email from quarantine and allows it to be delivered to your standard email program. (e.g. outlook). If you already know that this email is from a sender you want to ‘whitelist’ (always have their emails delivered to you without quarantine), then you can click the ‘whitelist’ button that will show up on the next page.  If you’re not sure from looking at the subject and/or from: of the email if it is a good email or not, you can release it from quarantine, wait to get it in your inbox, and THEN go back and click the whitelist button.

If you already have a list of email addresses that you wish to whitelist, you can add it to your own personal whitelist after logging into your account.

Do I have to do this EVERY day?

After about a week or two, you may find that a few days will go by between seeing a suspected ‘false positive’ in your quarantine.  When that day comes, you can turn off the daily digest emails, and then you’ll just check on the server if you think that an errant email has been caught.

To sign on, you’ll visit http://iwbyte.katharion.com/ and log in with your email address and password (which It Won’t Byte will supply you).  On the web site, the last 1,000 messages are stored – this could be 2 days or 2 weeks, depending on how many messages you get in a day.  You’ll also be able to see cool data like what percentage of your emails are spam, and customize the sending of your digest emails.

But what about…

If you have other questions, feel free to contact [email protected] and we’ll help you out.

More details for Katharion Anti-Spam filter

Earlier I gave an overview on the Katharion Anti-spam filter available to It Won’t Byte customers.  Here’s some more information:

When your domain uses the Katharion Anti-Spam filter, the administrator for that domain will set up a list of users for the domain.  Each  user then has a number of  email addresses that point to that user’s main address.

e.g. for the domain xyz.com, there may be three users:

Then to each user, we’ll attach email addresses.

So now Katharion knows where to send email that is addressed to any of the addresses @xyz.com.  Note that there is no ‘catch-all’ available for katharion – if someone emails [email protected], that email address will bounce, even if it is set up on your local mail server, becuase the Katharion system will see it is not one of the above users or email addresses, and drop that email.

The reason to set up different users is because every day, a digest of ‘caught’ (also called ‘quarantined’) email messages is sent to the ‘user’ for a particular email address.  So all the spam that is sent to either info@, sales@ and george@ in our example above gets sent in a list to [email protected].

The digest email is split into two parts: Probable spam, and definite spam. Using traffic patterns, advanced content detection and other methods, Katharion splits your incoming ‘flagged’ junk mail into those two sections.  Probable spam is the section that your users will need to look at carefully for the first few weeks.  This is the area that is most likely to have ‘false positives’.

From this digest email, your users will be able to release the email to let them read it and see if it is spam, and if it is not, they will be able to whitelist it so that it never is considered spam again.  The whitelist is based on the sender address.

You may also whitelist specific addresses or even entire domains in advance of messages getting stuck in the quarantine by using the control panel.  These whitelists can be per-user, or the administrator for the domain can make domain-wide whitelists and blacklists that affect all users.

Some clients have a central ‘Junk mail officer’ who checks spam for all the users on the domain.  In their setup, if George is the JMO, they might set up their domain this way:

In the above example, Todd and Mary and George all get their email delivered to them separatley as usual, but their spam is all held in George’s quarantine, and he is the only one who can release the email (to be sent to the original recipient) if he determines that it may not be spam.

The Katharion system also checks for Viruses, but we recommend a desktop anti-virus system in addition to watch for viruses that are not disseminated by email.

Want to learn more? See Part III of our Katharion details write-up

More questions? Contact [email protected] for assistance.

What do you mean ‘mailbox on the server’?

Here’s an real-world analogy for your email:

Imagine you’re sitting in your house – when the mail truck comes by, do you get your mail auto-deposited in your lap?  No, you have to go out and get it from the mailbox, right?  Then you take your mail back into the house and put it on the counter or desk and go thru it and open the ones you want, delete the ones you don’t want, etc.

Your online email goes thru the same process.  When someone sends a message to [email protected], the message is deposited in your ‘mailbox’ on the server.   Unless you do something, you’ll never see that message.  So how do you ‘walk out to your mailbox’ in this online scenario?  This is the purpose of that ‘check mail’ or ‘get/send messages’ button on your email program (outlook, Eudora, apple mail, etc.).  When you click that button, your computer does a few tasks:

  1. Ask you for your username & password to connect to the server – if you checked the ‘save password’ box at some point in the past, then you’ll skip this step.  It doesn’t mean you don’t have a password, just that your computer is remembering it for you
    Real-world Analogy: Get the key to your mailbox
  2. Connect to the mail server at yourdomain.com and log in using the above username and password
    Walk out to your mailbox at the end of your driveway
  3. Look at your mailbox – is there mail in it?  If so, note the # of messages and the date they came in
    Open the mailbox
  4. Download each message individually to your mail program, then delete that specific message from the online mailbox and continue with the next message.
    Take out an envelope and tuck it under your arm
  5. Once done downloading all the messages, disconnect from the server and display your new mail for you.
    Close the mailbox door, walk back inside the house, spread the mail out and start sorting it.

So what happens in this scenario if you have a check put in the box for your desktop mail program to ‘leave mail on server for 7 days’?  Well, step 4 then becomes:

4.   Download each message individually to your mail program, then delete that specific message unless the message is less than 7 days old, in which case leave a copy of the message on the server.
Take out an envlope, photocopy the contents and put it back in the mailbox, taking the original envelope with you

Why should you do this?

Well, its nice as a back-up – if you were to have problems with your mail program, you could restore from a backup (you have a backup, right?), and be able to re-download all of the mail that came thru in the past week since you made your backup.  It also works great if you are in & out of the office and want to be able to check your mail via web-mail that same day or the next day (more on that in another article)

Why should you not do this?

The big reason is that the messages in your online inbox are taking up space on the server that count against your quota. Each mail account has its own quota of so many MegaBytes (MB) of data – once you reach that quota, your (online) mailbox is Full and any further email you get will be bounced back to the sender.

Again, going back to our analogy – if you keep those photocopies of your mail in your mailbox, eventually there will be so many photocopies sitting in there that the mailperson will be unable to stuff any more mail in your box.  Even if you take the original envelopes that you bring int your house and throw them all away, that won’t do anything to the copies of the mail you left in your mailbox unless you go out and throw those away too.

If you check email once a day or even every few days, you’ll never end up with a full mailbox, since the occasion where you receive 40 MB of email (as an example) in a single day is very rare.  BUT if you leave your mail on the server, then even if you check mail every 10 minutes, that mail is still sitting in your mailbox for 7 days (using our example above).

Therefore, our recommendation is NOT to use the ‘leave mail on server’ option in your mail program checked unless you have a very good reason, and if so, be aware that if you get lots of those ‘oh so funny’ movie files from your friends, even if you delete them all in your mail progrm, they’ll still be taking up lots of space in your online mailbox and you run the risk of bouncing email.

If you have further questions, feel free to contact [email protected] and we’ll be happy to walk you through your specific situation.

I didn’t send this email that bounced back to me!

Here’s a request i’ve been seeing a lot lately:

I came in this morning and found a large number of bounced messages that were all set from me that were sent to lots of random people, but I didn’t send them! My computer even was unplugged/off/in a wheat thresher – do I have a virus?

Quick answer: No, you aren’t infected, you didn’t do anything wrong, nothing to see here – just delete them and move on.

Detailed answer: You have just become another example of Spam Backscatter. When you get a spam message, it usually comes from some random email address, most likely completely unrelated to the topic of the spam. (If it were a real sender and/or related to the message, it wouldn’t be spam, then, would it? ). Well, those email addresses are usually picked out of the millions of ‘good’ email addresses that the spammers have in their database, and since they send out millions of emails, the probability is that every once in a long while, that ‘from’ address they use is going to be you.

UPDATE 4/23/08: It seems that the backscatter spam is actually a tactic chosen by spammers – since bounced emails don’t get read, and the entire contents of the spam are often included in the bounce message, they are more likely to have their messages delivered to a human being, bypassing filters.

Its very easy to spoof (fake) the sender of an email (remember this the next time you get an email from [email protected] telling you to forward this letter to all your friends and you’ll get money). Since the spammers want to make sure their email gets thru the filters, they don’t use the same email address in the From: field every time. So they randomly pick out an email address from their database and use that one.

Also, the spammers really don’t care how many bounce messages they get from rejected emails, or from non-existant addresses, so why should they be bothered with all the bounce messages? Better for someone else to get them.

So fast-forward to today, when you got 127 bounce messages in your inbox from random addresses around the world, saying your email was rejected, or so-and-so is over quota, etc. If you look at the body of the message and see that it is all a spam message, then you can simply delete the bounce messages and go about your day. Since spammers switch email addresses often within the same ‘batch’, most likely you’ll get one group of bounces over a 4-6 hour period, and then nothing else.

It isn’t very likely these days, but if you do get someone writing back to you telling you to ‘take me off your list’ or using not-so-nice words to describe their attitude, you can safely ignore them, or to explain to them that you’re an unrelated victim as well, point them to this article for more information.

Domain Registry of America is not your friend

Before the Internet, it was necessary for businesses to have an ad in the Yellow Pages so customers could find them. Some unscrupulous businesses found that if they sent an invoice to random businesses that looked like a Yellow Pages bill, a few businesses would pay the bill just to make sure they didn’t lose their Yellow Pages ad.

Fast forward to today, when everyone has to have a domain name. Unfortunately, these companies are still at it – you may have gotten a domain name renewal invoice from a number of companies including Domain Registry of America and Liberty Names. These companies send you an invoice for your domain name in the hopes that you’ll be concerned you are in danger of losing your name so you’ll go ahead and pay the invoice regardless.

Sometimes the invoice is actually for search engine promotion (which means they’ll post your web site on hundreds of ad-riddled pages if they do anything at all), but in the case of the Domain Registry of America, they will attempt to transfer the name to their registry, so you will be forced to renew your name through them in the future. Even worse is that if you decide to transfer (back) away from them, they will charge you an extra fee (sometimes up to $150) for the ability to transfer away from them.

D.R.O.A.’s bad business practices were even noted by Canadian courts as being Misleading

Bottom line – if you get anything in the mail for your domain name, feel free to contact It Won’t Byte and i’ll be happy to go over it with you and let you know if its the real deal or not. I’d rather get a phone call or email from you with a question then have you lose control of any part of your internet presence.

Network Solutions “Protects” Name Registrants

Netsol ProtectionOk, I offer domain name registration as part of my suite of services, but I just want to make sure people are aware of all the consequences of doing domain name searches with Network Solutions…

I think that Network Solution is back to its old tricks again. For the last year, there was a loophole in the domain name registration rules that allowed unscrupulous folks to reserve a name without paying for it for 5 days, set up an advertising portal on that name to see if it was worth buying, and if it was had some traffic to it, they would use a series of shell companies to continually re-renew a name (for free) every 5 days and not let anyone else buy it. Thankfully, this practice was ended recently, but just in time for it to be fresh in everyone’s mind, NetSol started a new practice billed as a “Protection Measure“.

Basically if you look up the availability of a name using NetSol’s name-lookup function, they lock up the name for you ‘for your protection’.  BUT, they only lock it up so that no other registrar can reserve it – not so that no other customer can reserve it.  In other words, let’s say you have a great idea and use Network Solutions to see if “XYZABCNet.com” is available, but you’re not sure you want to grab it right now, so you let NetSol ‘lock’ the name for 5 days.  The problem is, they have no problem with anyone else coming along and reserving that name, just as long as they don’t use another registrar to do it.  So anyone can come along and take your great domain name idea if you don’t register it right away. So you have two choices:

  1. Purchase the name right away for $35/year (plus numerous ‘add-ons’ like $9 private registration, etc.)
  2. Don’t get the name, and wait 5 days until NetSol releases their hold and then register it with another registrar (like It Won’t Byte, for $25/year + free DNS & private registration, ‘natch), and hope that in those 5 days, someone else doesn’t register it first…

I personally think that locking someone into doing business with you is not a way to build long-term business relationships, so I recommend against doing WHOIS/domain name searches with Network Solutions until they can start playing nicely again…

Katharion Anti-Spam Add-on

All hosting accounts at IWByte.com offer built-in filtering for spam using the open-source SpamAssassin program. This is available at no cost with all email accounts. SpamAssassin uses a ‘points’ method of filtering, with various facts about an email receiving specific points. That is, an email with a subject in ALL CAPS would receive .5 points, the occurance of words like “viagra” or ‘Cialis” would be 1 point, saying you’ve won $25,000,000 (TWENTY FIVE MILLION DOLLARS) would be worth 2.5 points, etc.

Then all emails that have ‘spam-point’ totals of more than a certain amount (a default of 5.0) would be marked as ‘spam’ and filtered into a holding box on the server These Spam emails are then saved for 7 days and then auto-deleted.

SpamAssassin (SA) is a great tool, especially for being open source (read: free). Its strength is its Bayesian learning techniques, which improve over time as you receive more spam. That means that each person’s mail filter is personalized based on the specific type of spam they receive. So the more of a specific type of spam you get, the more likely that specific spam will be caught in the filter.

Using these two methods, the built-in SpamAssassin spam filters catch 90% of all spam after running for a few weeks, and for many clients, this is sufficient.

However, over the last few years, spam has become even more prolific, and while SA may catch 90% of spam, with spam levels going from 200 a day to 2,000/day means that the spam that is let through increases as well. For some clients, depending on how public their addresses are, they may recieve more spam than others, and may need a more advanced filtering system.

This is why It Won’t Byte has partnered with Katharion to offer their Anti-Spam filters for our clients. With SpamAssassin, the filters are applied on a per-user basis, but with the Katharion system, all email for a domain is redirected to Katharion’s servers, where it is checked for spam using a more advanced and updated ruleset, and then passed back to It Won’t Byte’s servers, to be run through SpamAssassin and then placed in each user’s mailbox.

Katharion has many advantages to SpamAssassin, including:

  • Discover current spam that needs filtering by use of ‘Honeypots
  • Dedicated staff to adjust rules on-the-fly
  • Large number of accounts – an email sent to hundreds of unrelated accounts at once is more likely to be spam.

We tested Katharion on the IWByte.com domain for several months and then invited some select clients to sign up for the service and they have experienced dramatic reductions in spam. At the time of this post, the pricing for Katharion per-domain (for up to 25 users) is $12.00/domain/month. If you have multiple domains that point to the same address (i.e. [email protected] and [email protected] both point to the same account) then these can be aliased to the main domain at no additional cost.

All billing is done through It Won’t Byte and is synced with your hosting renewal dates, billed in 3,6, or 12 month increments to match your hosting account. Note that a ‘user’ is counted as a specific emailbox that finally receives the email. So if info@ and welcome@ and joe@ all go to Joe’s mailbox, then that only counts as one user toward the 25 user limit.

How does it work?

Once configured for your domain, each user will be provided with a password (if you have a password you would like to use for each user, let us know beforehand). Then each user can log in the administrative panel to manage their preferences.

Each member can adjust their spam tolerances (i.e. how strict do they want the filters to be) as well as how often notices are sent to list the spam that was caught. By default, the configuration is to hold all caught mail in quarantine for 7 days.

On each emailed notice you will be given a chance to release an email from quarantine, or whitelist that user so that they won’t be marked as spam next time, or both.

Each email address and aliases for that address are all covered by one configuration log-in, so an email address of info@ and welcome@ that all go to johndoe@ will all be covered by one log-in.

For more details, see Part II of our Katharion write-up.
If you would like to sign up for Katharion anti-spam filtering, please contact us at [email protected]