home

CALS Information Technology Office

06/30/2003

PureMessage SPAM Ranking System Available

As UVM IT News readers know, CIT has been evaluating Active State's PureMessage for several months. Beginning June 26, 2003, all inbound UVM email has been "rated" for the probability that it is spam.

Why was PureMessage chosen?

While no spam management system will meet everyone's needs, we believe most UVMers will find this product helpful. PureMessage was chosen because:

  • PureMessage allows each end user to decide what email, if any, should be filtered. Filtering is "opt-in". PureMessage does not automatically delete or quarantine email, but rates it for probability that it is spam.
     
  • PureMessage works with all the email systems at UVM. No particular email server or client is required.
     
  • PureMessage had the best balance of features and a relatively low cost. Some other products cost $20,000 (and up) per year and do not allow individuals to choose their filtering threshold. Note that UVM has implemented PureMessage such that users who decide to do nothing will continue to receive all their email with the subject of probable spam being prefixed with a spam rating (see below).
     
  • PureMessage is highly extendible (based on SpamAssassin, a product our technical staff is familiar with).
     
  • Active State has been very responsive to customer requests for feature enhancements.
     
  • Many of our peer institutions are deploying it (Berkeley, Cornell University, Indiana University, Stanford University and University of Washington)

Will PureMessage delete all the spam sent to me?

No. PureMessage does not delete or filter anything. It will only tag messages that it rates as greater than 50 (on a scale from 0-100). Each end user can then choose to use this rating to move probable spam to a spam folder where it can be checked later, if desired. For example, the subject: "Debt Relief is ON THE WAY!" might be modified to appear as: "[SPAM?:#####] Debt Relief is ON THE WAY!". Each # symbol represents 10 points, i.e.,

subject prefix
spam rating

[SPAM?:#]

50-59

[SPAM?:##]

60-69

[SPAM?:###]

70-79

[SPAM?:####]

80-89

[SPAM?:#####]

90-100

Will PureMessage accurately identify every spam message?

Unfortunately, no spam management solution can do that. Like all such systems, PureMessage will occasionally underrate or overrate a message. Nonetheless, most users find that it is helpful in managing unwanted email. Many users report a 98% accuracy. Your mileage may vary. Each user can set the threshold of when spam is diverted to a spam folder -- or choose not divert messages at all (the default). And finally, not everyone agrees on what constitutes spam.

How does PureMessage compute the spam probability?

It uses many factors such as the origin address (known spammers), how many people are receiving identical messages, and the formatting of the message itself. However, spammers are working very hard to subvert spam filters, and some spam will continue to slip through regardless.

What if I have developed a spam filtering system that works for me?

You can continue to use it if you prefer. In such cases, the tagging may help you visually identify probable spam or sort messages by the spam rating. PureMessage tagging is not known to affect existing filtering schemes.

It looks like you want me to use server side filtering (procmail), but I use POP and prefer to use my email client's (Eudora's) built-in filters. Can I do that?

Yes, you can. You can either do all your filtering using Eudora (and other POP clients that support filtering) or filter out the probable spam using the server-side spam filtering(procmail) combined with any other client-side filters you wish. Note that this will require that you use Webmail, an IMAP client (such as Eudora or Outlook Express), or PINE to view your spam folder, and since the server-side filters will always precede the client-side filters, you cannot use the client-side filters to white-list (see below) sites unless you also use client-side filters to handle spam.

I'd like to use the spam rating to filter out spam but I don't want to filter out the spam-like email from a company we do business with. How do I avoid having email from that company moved to my spam folder?

By establishing source specific filters (e.g. "from *webct.com"), you can assure that messages from that source are not affected by a spam filter you may have set up. Note that such filters (called "white list" filters) must precede any spam filter. The Web-based facility will allow you to easily set procmail filters, set your spam tolerance threshold and white-list one or more sites (domains). The Web interface has recently been expanded to allow individuals to:

  1. View / Edit / Remove Filter Rules (Recipes)
  2. Add a New Filter Rules (Recipes)
  3. Manage Your SPAM Settings
  4. Change the Order of Your Filter Rules (Recipes)
  5. Edit your Procmail RC by Hand (Advanced Users Only)
  6. View Your Procmail Log File

Notes:

Option 3 allows you to set the spam threshold for email (50-90) or to override (white list) messages from a particular domain so they are not considered for moving to your spam folder. It will leave messages from that domain in your inbox. This may be especially useful for those who want to use use server-side filtering and a POP client.

Option 4 allows you to revise the order of your filters. Note that the filter that comes first, takes precedence. For example, if you wish to put all your email from a particular UVM listserv into a particular folder (mailbox), but also have a default mailbox for other uvm.edu email, the UVM listserv filter(s) must come before the general uvm.edu filter.

Send your questions to helpline@uvm.edu. Send comments and suggestions to IT@uvm.edu.

Related Terminology

SPAM Often described as "unsolicited commercial email" (UCE), but in practice some people mean "any mail I don't want to read". For information on the origin of the use of this term, see this article.

Filters, Rules and Recipes User-specified criteria, such as the spam rating or message origin, for separating or handling some messages differently from others.

White-listing Identifying origin addresses that you do not wish to filter into your spam folder. This tends to be useful for some listservs and business partners who send spam-like email. For example, both WebCT.com and educatorsportal.com regularly send out spam-like email. Note that uvm.edu is automatically white-listed.

Server-based filtering Filtering on the uvm.edu email server. This can filter your email as it arrives on your server account. To set up filters, establish a spam diversion threshold, or white-list a site, go to UVM filter management interface.

Client-side filtering Supported by some post office protocol (POP) email clients (e.g. Eudora). Filtering is done as email is down-loaded by client computer. Usually the spam filtering is also done on the client, but it can be done on the server, in which case, you will need to use Webmail, and IMAP client, or PINE to access your spam folder on the server, should you wish to.

Quarantine Folder A term sometimes used to describe the folder (mailbox or directory) where probable spam messages are automatically filed for possible later review. This term is more commonly used to describe to a place where virus-infected email attachments are stored by virus protection software. The uvm.edu email server virus protection software removes, but does not save, viruses.

Printed with permission from http://www.uvm.edu/cit/IT-news/?Page=IT-news-2003-7.html

Last modified July 01 2003 04:32 PM

Contact UVM © 2014 The University of Vermont - Burlington, VT 05405 - (802) 656-3131