Main menu

VANREE Spam Filter System

Updated: 01/04/2016 15:00

Our e-mail server is protected by a spam filter system (MailWatch), which is located between our firewall and the e-mail server:

MailWatch Environment

Access to the web interface of the spam filter: https://spam.vanree.com (see also below: More control). The username is for both the MailWatch and the e-mail server the same, your e-mail address and given password.

How does it work?

Each incoming and outgoing e-mail goes through the spam filter system and is checked on a large number of potential problems, like virusses, known spam sender servers, contents of the e-mail, etc. It calculates a spam likelyhood number (between 0 and 100), with 0 = no spam and the higher the number the more likely it is spam. The system has 2 thresholds: Spam Score and High Spam Score. Our global settings currently are:

  • below 3 = No spam. These e-mails are delivered straight to your mailbox.
  • between 3 and 7 =Spam Score. These e-mails result in a "spam not delivered" e-mail, see below.
  • above 7 = High Spam Score. These e-mails will only be quarantined and no info e-mail is generated.

Spam not delivered (quarantine) e-mail

When an e-mail is classed as Spam (with a score between 3 and 7), it will not send that e-mail to your mailbox but will send a small "spam not delivered" e-mail, like:

Subject: {Spam not delivered} <subject line in the blocked e-mail>

Contents of spam information e-mail:

Our UCE (spam) detectors have been triggered by a message you received:-

  From: sender_email@sender_server.com

  Subject: <subject line in the blocked e-mail>

  Date: Thu Jan 01 11:11:11 2015

This message has not been delivered. The detectors that were triggered are <reason of block>.

The message to you has been detected as spam based on either its contents or the mail server which sent the message to us, or both.

If you have any questions about this, or you believe you have received this message in error, please contact the site system administrators.

Your system administrators will need the following information:

  Server name: spam.vanree.com

  Message id: AAAAAAAAAAAAAAA

  Date code: 20150101

If you are satisfied that this message is not spam, you can release it from quarantine by clicking http://spam.vanree.com/cgi-bin/release-msg.cgi?datenumber=20150101&id=AAAAAAAAAAAA&token=xxxxxxxxxxxxxxxxxxxx

Note that if this mail has been send to multiple recipients you will release this mail to all users.

--

VANREE Software Consultancy

http://www.vanree.com

The highlighted parts in the example e-mail are the parts which you can use to determine if you would like to receive this e-mail. In the From:, Subject: and Date: fields are the blocked e-mail details. The slightly cryptic reason refers to the rule(s) causing the block. The last highlighted link, starting with http://spam.vanree.com/, you can click to release the blocked e-mail for delivery. When you click it will open your web browser and it requests to release your e-mail (you can only do this once per e-mail). The response will look like this:

Message released
Your message has been released from quarantine.
If you find that similar messages are mistakenly tagged as spam, please forward the notification emails you recieved to your mail administrator or service provider with a brief description of the problem.

As the spam filter uses your responses to improve its spam detection, please do not release messages unless you are sure they are not spam.

Soon afterwards you should receive the blocked e-mail.

Quarantined e-mail not delivered

 When delivery of the quarantined e-mail failed the following message is displayed:

Quarantined mail not released message

One of the main reasons your quarantined e-mail cannot be delivered through the click on the link is that the quarantine message is older than 3 days. You will have to release the message by logging in to the spam system. The process of managing the quarantine folder via the Spam system web site is described below.

More control over spam process

Our new spam filter system (MailWatch) does not automatically throw out e-mails, all e-mails are kept in quarantine storage for up to 30 days. The spam filter system has a web interface where you can control all your quarantined e-mails and set white- and black-lists for your mailbox. A whitelist contains e-mail addresses of known senders, which will bypass most of the spam checking (NOT all: detected virusses are never send through to the e-mail server). A blacklist contain e-mail addresses of known spammers who continuously bug you with unwanted e-mails; once in this list these senders are always blocked/filtered.

To access the spam filter system (MailWatch) via the web browser you need to navigate to https://spam.vanree.com/ and login with your own e-mail address and given password:

 MailWatch login

MailWatch Home page - RECENT MESSAGES

The home page (RECENT MESSAGES) of the spam filter system looks like:

MailWatch Home

 I just showed the e-mail flow list (under RECENT MESSAGES) with 3 most appearing situations:

  1. Normal e-mails which are not filtered and sent through to your mailbox.
  2. Green background: White listed or system e-mails, in this case it is the small spam information e-mail as explained above.
  3. Light red: blocked e-mail, which could be released and which caused the green one to be generated.

The box with color codes explains all possible situations and e-mails which are dark red cannot be released. MCP = Message Content Protection.

The Status box gives you a little insight in the operation of the MailWatch program components and the CPU load it causes.

The more interesting box is Today's Totals, which shows you the statistics of your e-mail flow. Please note that domain administrators will see an aggregation over all mailboxes in the domain (contact us if you need to be admin).

The green bar with first item RECENT MESSAGES is the menu bar giving you access to different options in the spam filter system:

  1. RECENT MESSAGES: list of last 50 messages.
  2. LISTS: white and black lists (see below).
  3. QUARANTINE: access to messages of last 30 days, ordered per day in folders.
  4. REPORTS: various interesting reports about your e-mail flow and statistics.
  5. TOOLS/LINKS: contains a link to user management (see below).
  6. LOGOUT: leave the system.

MailWatch White/Black Lists

MailWatch Lists

With this page you can add and delete e-mail addresses to your Whitelist (good senders) and Blacklist (known bad senders).

You can specify a single e-mail address, like my_email@my_domain or you can omit the part before the @ and specify an entire domain.

Please note that whitelists will not mean that all e-mails will be delivered, still e-mails with detected virusses will be refused.

Manual release of blocked e-mail

Each e-mail in the MESSAGES list (in RECENT MESSAGES or QUARANTINE) is preceded with a funny looking button: [ ]. You can click inside the two brackes and that will open a message control page. Below is an example blocked e-mail I received. I annotated over the image with some explanations of the area, the bottom area is discussed below:

MailWatch e-mail

On the presented page you can determine the source of the blocked e-mail and the reason for blocking, which can be a little complicated to follow even for us. It must be noted that the spam filter system is continuously learning and updating with information from various sources (e.g. anti-virus data, central blacklists).

The bottom area, Quarantine control, gives you a few options, which are processed when clicked on the bottom-right Submit button:

  1. Release checkbox: when checked the e-mail will be (re)-released to your mailbox.
  2. Delete checkbox: permanentely delete the e-mail from the spam filter system (note: all e-mails will be removed from the spam filter system after 30 days). This does NOT delete the e-mail from your mailbox if it already was delivered. Once deleted from the spam filter system, the e-mail cannot be released again.
  3. SA Learn checkbox and list: this will instruct the spam filter system to learn from the e-mail in the following sense:
    1. As Ham: this is a good e-mail which should not be blocked
    2. As Spam: this is a bad e-mail and should be blocked
    3. Forget: forget any previous learned information about this specific e-mail
    4. As Spam+Report: same as b. (please do not use this one)
    5. As Spam+Revoke: same as b. (please do not use this one)
  4. Alternate recipient(s): other than your own e-mail address you like to send the e-mail to when releasing it.

After selecting any of the above settings, you need to click on the Submit button to report it back to the spam filter system.

Most used option is: check Release + check Learn As Ham then click Submit. 
This is also what happens when you click the release link in the spam information e-mail.

Please be patient with the spam filter system, especially when you just started to use it, it takes some time before the system learned enough to be more precise with the filtering process. This spam filter system will not throw out any e-mail, like our previous spam system did sometimes, you can always check the recent messages to see if there is a missing e-mail you have not received. If there is any issues with this system please inform us.

Reports page

This spam filter has some powerful search and report capabilities under the REPORTS menu item.

After clicking the menu you directly see how many e-mails went through the spam filter for your e-mail address(es) in Message Count, together with the first and last date of the records. Please note that the spam filter system keeps 30 days of e-mails in its store but keeps the meta information for longer. In other words, you can search further back in time but you can only action e-mails in the last 30 days.

The top past of this page is all about filtering the records. You can build quite smart filters, based on many criteria such as Date, From (e-mail address), To, Subject. Every time you Add a Filter the Statistics will be recalculated instantly. Adding more Filters will make the selection more restictive, so they all add together to give you the result.

It is possible to save a frequently used filter as well by first creating a suitable filter set, then typing a descriptive name under Load/Save Filter and then click Save. Later when you return you can Load your saved filter using the combobox and the Load button.

The Reports part on this page gives you a comprehensive list of ways to view the results.

The "Message Operations" lets you action filtered e-mails, like release them. See at the bottom of the report page the description of each Ops column letter.

User Management page

The spam filter system allows you to control a few more global settings, which only affect a single user. When you click on the TOOLS/LINKS menu item, the only tool presented is User Management. The following page is opened:

 

Please note that the password change option appears to work, but in reality it does not, since the spam filter system does not store passwords and only checks your login via the e-mail server.

The Quarantine Report can e-mail you (or any provided other e-mail address) a daily overview of all filtered e-mails. This report can be generated, however the links in that report, to release e-mails, do not yet work. This is why we do not yet automatically send these reports, because they are of limited use at the moment.

The tickbox "Scan for Spam" can be used to totally disable all spam scanning on your incoming e-mails and make all (non-virus detected) e-mails deliver to your mailbox. 

The next two items should be changed with caution and when set wrongly can cause undesired effects (we are not responsible for lost e-mails). The "Spam Score" setting is the spam likelyhood number (between 1 and 100) threshold for classing an e-mail as spam. Our system default is currently 3, this is choosen when the value here is set to 0 (=Use Default). If you would like to lower the amount of blocked e-mails slightly you could set this value to 4 or 5. The "High Spam Score" setting must be higher than the "Spam Score" and is the cut-off value of sending a "spam not delivered" e-mail. The system default is currently 7. When you increase this High Spam Score threshold, you will receive more "spam not delivered" e-mails, informing you of more very likely spam.

Any change on this page must be confirmed by clicking on the Update button.

The Reset button will change all setting back to the standard settings.

Some obvious reasons to class an e-mail as spam

  • No subject line given.
  • Attachments with double extensions, like filename.doc.exe. Most often used to trick you into opening a virus infected program.
  • Sender = Recipient address.
  • More than 100 recipients addresses per e-mail.

Please note that no spam filter system on the Internet can guarantee 100% safe e-mails, people create virusses and malware every day and any system is as good as the knowledge is has about virusses and malware, which by definition always runs behind the facts.

So always be aware that opening attachments from unexpected AND known senders can be dangerous and potentially destroy all your data.

Make sure you have up to date anti-virus and anti-malware on your computers. We can only lower the risk of problems with multi-layered protection.