Inbound Spam Tagging
Although Msen has a strict policy
against Msen customers sending unsolicited email (spam), not all
other Internet Service Providers do.
Msen attempts to filter and slow the amount of spam coming to our
customers from outside machines. This is difficult as many of the
offenders move accounts constantly, and make pre-emptive filtering
difficult. As the Internet community gets more and more fed up with
unsolicited email, more options are being produced to filter mail.
Starting in August of 2000 Msen has added a header line
to email when we suspect that a piece of email may be spam. In
January 2002, we have expanded this processing.
This is an automated system using two different styles:
Source internet address is a known spam source (aka open relay).
This detection is done by the internet addresses found in the headers or envelope of the email message and merely adds a new
header line to me message. Examples of the line added are:
SpamCop is a database of IP addresses that
have been reported by victims of spam. The time a listing is in the database depends
on how many complaints have been made against that IP address.
The source IP address is listed in SpamCop:
The mail was relayed through an IP address listed in SpamCop:
The Open Relay Database is a listing of
known IP addresses that will forward mail from the spammer to the victim. These
are usually misconfigured machines.
The source IP address is listed in Open Relay Database:
The Spamhaus AntiSpam Database is a
combined listing of known Spam kings and the addresses they control with a
database of machines that have been compromised by viruses or are running proxy services that
can be abused.
The source IP address is listed in Spamhaus AntiSpam Database:
These detection services do provide "false positives". Therefore, instead of throwing out the email,
Msen has chosen to only tag the message, and leave it up to the user to throw out the email based on the
recommendation. In the past, one known false positive was Amazon.com's purchase receipts.
That example alone serves as case and point on why we do not automatically throw out suspected spam.
Filtering based upon general key words:
Through the use of scoring features, we have started tagging mail that contains
known spam phrases.
"TIRED OF THE 40 X 40 X 40", "Pill to Increase Your",
"Free Mortgage Rate Quote", and the famous "this is not a spam email".
The more of these phrases that exist in the email, the higher the spam score is. If
the score exceeds the given threshold, it is marked with the following:
X-Spam-Suspected-by-Msen-because-of-Procmail: Spam_score is <number>.
Filtering based upon sexual key words:
A simular filter is used to tag the sexual email that is so common. Example
that filter are:
"teen lolitas", "teen hardcore", "incest porn".
X-Spam-Suspected-by-Msen-because-of-Smut: Smut_score is <number>.
Policy: Msen does not read customer's email. These filters are automated scripts that do not make
moral judgements about the content they process. The "catch phrases"
that the filters are built
upon are based on what spam the adminstrators have received on a reoccuring basis. Care has been
taken in choices to minimize "false positives" that would tag or, if enabled,
delete legitimate email. Since no automated system will perform with 100% accuracy for all people,
use at your own risk.
Options to make use of these headers:
Using filters in email software. Now that Msen has tagged the email, filters in client
software are able to search for the tag. The instructions
for Netscape 4.7 are available. For Outlook Express, searching for the words "Spam_relay_address",
"Spam_score", and "Smut_score" in the headers will allow filtering.
Unix shell users should use procmail.
As part of the procmail rules, we have installed specific trigger files. If the file exists in
your home directory, the email will be deleted instead of marked as spam. It will never arrive
in your mailbox for an opportunity to download.
.msen_kill_spam will delete email that was tagged using the general procmail filter.
.msen_kill_smut will delete email that was tagged using the smut procmail filter.
.msen_kill_address will delete email that was tagged using the address databases.
.msen_kill_all will delete email that was tagged using any of the above methods.
Installing any of these files will delete email immediately. The email will never
go to backup tape, and will not be recoverable. Use at your own risk.
The following form will allow Msen users to enable or disable the spam filtering