The Spam Vault icon in
your Control Panel is used to do the following:
SpamVault allows you to block e-mail from
spammers. Although SpamVault is very easy to use, it's also very powerful
and if not used properly can delete e-mail you may have wanted to receive.
Please read these instructions before using SpamVault as we cannot
retrieve lost e-mail.
Getting Started with SpamVault
To begin
using SpamVault, you need to add an entry in the text box appropriately
names, "Add an entry:". An example of an entry would be a spammers e-mail
address. There are 4 radio buttons called Block-triggers that follow this
box with the letters F,T,R,S next to them. These represent the area of the
e-mail header that is used to trigger the blocking of the e-mail For
instance, the "F" stands for e-mail"From" someone. In the example here, we
want to block any e-mail coming "From" the e-mail address spammer@spamnetwork.com
so we would make sure the radio button next to the "F" is checked.
The
following are the areas of the e-mail header that can be blocked:
F = From (block e-mail 'From' someone or some
network)
T = To (block e-mail sent 'To' someone at my domain)
R = Received (block e-mail with special text in the 'Received'
section of an e-mail header)
S = Subject (block e-mail with this word or phrase in the 'Subject
of the e-mail)
Adding an Entry Here is what your entry should look like
Add an
entry.
Block-trigger:
F
T
R
S
After
entering this information press the "Update Entries" button at the bottom:
Once
entered, your entry will show up on the list and looks as follows:
1)
Block-trigger:
F
T
R
S || Status:
BLOCK
ALLOW ||
DELETE
Editing an Existing Entry Once an entry is entered, you can change it in
real time just by editing the existing entry. For instance, if you wanted
to test this entry to see if you were still getting e-mail from this
particular address, you might change the status from 'Block' to 'Allow'.
You can edit as many entries as you wish but be sure to press the 'Update
Entries' button after you're finished editing.
1)
Block-trigger:
F
T
R
S || Status:
BLOCK
ALLOW ||
DELETE
Understanding e-mail Header Information Every e-mail sent has a section called the
'header'. This section includes commonly known data such as who the e-mail
is being sent from and who it is being sent to along with some other
information that will help you manage your spam. The header is not usually
viewable in the default settings of your e-mail program. You may need to
read the documentation on your e-mail program to find out how to view the
header.
An e-mail
header can be broken down into some basic parts. Each part it identified
by a title such as "From:".
Rather than getting into too much detail about all the sections, we'll
just focus on the ones SpamVault looks at to
filter out spam. We've highlighted the data that we'll be focussing on in
red.
SAMPLE
e-mail HEADER:
---------------------
X-POP3-Rcpt: you@youre-mailaddress.com
Received: from welove.spamnetwork.com (spammers_isp.com
[209.90.160.156])
by youre-mailserver.com (8.10.2/8.10.2) with SMTP id g05HX0N10982
for <me@youre-mailaddress.com>; Sat, 5 Jan 2002 12:33:04 -0500
Message-Id: <200201051733.g05HX0N10982@spmmers_isp.com>
Content-Type: text/html; charset=US-ASCII
Date: Sat, 5 Jan 2002 09:33:13 -0800
To: you@youre-mailaddress.com
From: Bob Spammer <bob@phonyaddress.com>
X-Mailer: Version 5.0
Subject: You may have already won $10,000!!!
Organization:
The "To:" Section
Info in this section can be shows where the e-mail was delivered to.
Often, this is a weak place to put a block because spammers take advantage
of catch-all e-mail boxes. The send it to Anybody@yourdomain.com and
whoever has the catch-all e-mail box will get it. So you might set up a
block on anything sent to Anybody@yourdomain.com. Tomorrow they'll use
NoBody@yourdomain.com and get by the block of "Anybody@yourdomain.com"
that you'd set up. One thing this section is good for is to stop mail from
going to someone who's left the company.
The "From" Section
In short, this is easily forged and can be changed as easily as the "To:"
address. This is good to block out those annoying friends who keep sending
you chain letters. Blip, you'll never have to look at those again.
The "Subject:" Section
Now we're getting some power. Want to stop the e-mails with XXX or SEX or
Work At Home in the subject line. This is the place to do that. Just use
the snippet of the subject that you know will be offensive. If the subject
reads, "XXX Pictures of Warm blooded carbon based life forms, " you may
just want to block "XXX" or you might block out your son's biology
assignments.
The "Received:" Section
Info in this section is blocked using the R (Received) trigger in
SpamVault. This is one of the most powerful and most overlooked areas for
blocking because you can block and entire network in one fell swoop. There
are some services that are friendly to spammers, they even encourage it.
The permit or profit from spamming on their server network. Often, you'll
get many different looking spams from once network and not realize it
because the return addresses are phony. Before we decide what to block,
remember to block as little as possible. Casting too wide a net or making
a lot of unnecessary entries just makes the server work harder for no
reason. So, looking at the Received: section here are the things I would
consider candidates for blocking in order of preference. 1)
spamnetwork.com 2) spammers_isp.com but be careful, if the guy's on
America Online, you've just blocked everyone on AOL.
Spammers and Their Tricks We have to confess that SpamVault is not the end
of all spam but it will give you better control over your circumstances.
Spammers are always devising tricks to work around SpamVault and we're
constantly trying to prevent them from doing so. One way they will get
around SpamVault is to trick you into blocking the wrong section of the
e-mail header. Technically speaking, it's easy to fake all but the
"Received" section of an e-mail. You might block everything coming from
one e-mail address and all they have to do is fake you out by using
another e-mail address. Using this trick it can look like they're sending
from a hotmail.com address today and tomorrow you'll get the same spam
from yet another address. Here is where the power of the 'Received'
section comes in and why it's important to review the header of your
e-mail rather than the default to and from sections.
A spammer
typically not be able to change the information in the 'Received' section
of the header. So, using that as a filter can be the strongest method of
blocking e-mail. Please do not just paste the entire 'Received' section
into SpamVault. You need to review the header for a specific server name
and sometimes an IP number (but these change regularly so it is not
recommended). In the example above, the network that the spam is coming
from is welove.spamnetwork.com. We would recommend that you only use the
last and second from the last section of the network name: spamnetwork.com.
Configuration Section You can show or hide the configuration data of
SpamVault by checking or clearing the box appropriately called "Show
Configuration Data" located below the 'Update Entries' button.
Sample
Configuration Data Section
Show Configuration
Data
==================== Configuration ====================
WHERE DO YOU WANT TO PUT YOUR SPAM?
Send My Spam Into Never Never Land! OR
Save my spam to a repository
file
Current spam repository file size: 59074 Bytes
Clear this file?
LOG
BLOCKED SPAM?
Keep a log of how many
e-mails have been blocked
Current spam log file size: 5045 Bytes
Clear this file?
Blocked spams since the log was last cleared: 10
Total Spams Blocked: 1151
====================================================
Let's
review the options in the is section.
Where do
you want your spam to go. You can delete your spam (AKA Never Never Land)
or send it to a special file by placing a check in the box labeled, "Save
my spam to a repository file". This file is called "spamvault" and is
located in your /www/sv/ folder. As this file grows it uses disk space, so
it is always a good idea to 'Clear this file' regularly. You must press
the 'Update Entries' button for these changes to take place.
Log Blocked
Spam. SpamVault can keep a log of all the e-mails that it has filtered.
This log file is called 'spamvault.log' and is also located in your /www/sv/
folder. As this file grows, it also uses disk space, so it is always a
good idea to 'Clear this file' regularly. You must press the 'Update
Entries' button for these changes to take place.
SpamVault
keeps a tab on how many spams it has blocked in the last line of the
configuration section and is guaranteed to provide a personal sense of
satisfaction.
Hidden Benefit of SpamVault Your account uses bandwidth twice when you
receive an e-mail. When the e-mail arrives at the server and when you
retrieve it from the server. SpamVault completely eliminates the spam at
the server so you will avoid using the extra bandwidth when you check your
e-mail. The less e-mail traffic there is, the faster your website is
served up when people visit it.
Warnings and Cautions When someone uses the term 'powerful program,'
this is code for 'you can really mess things up with this program if
you're not careful.' SpamVault is a powerful program and therefore
you should be very selective in the entries you make. Adding an entry that
only contains the letters '.com' in it will block all e-mail coming from
any e-mail address that has '.com' in it. If
all of a sudden your e-mail doesn't work, check your entries in SpamVault
before you contact support.
Illegal Characters. Only use the following
characters in your entries as other characters such as a bracket "[" will
cause very predictable results (all bad). You can use the following
characters: A - Z, a - z, 0 - 9, period (.), quotes (" or '), At symbol
(@), dollar sign ($), exclamation point (!), and the question mark (?).
Copyright
2001-2002 by Thomas Leo. All rights reserved.