Anti-spam

From DreamHost
(Redirected from Junk Mail)
Jump to: navigation, search

Hate spam? So does DreamHost! DreamHost has an anti-spam feature you can turn on from the panel's Mail -> Anti-spam page.

How does anti-spam filtering work?

The filters scan incoming emails and compare them against a set of rules or characteristics shared by spam emails. For each item matched, that rule's score is added to the email. If the email's total score is greater than the quarantine setting, the email is quarantined instead of delivered to the inbox.

Enabling anti-spam filtering

Filtering can be turned on for a domain and all email addresses on the domain in the panel's Mail -> Anti-spam page. Domains that have a catch-all address or use non-DreamHost mail service cannot use this filtering. Individual email addresses can have their own settings, but filtering can only be turned on and off completely for an entire domain.

Accessing quarantined emails

Emails are quarantined in the special 'Junk Mail' folder. This folder is not stored as part of the regular mail account. It can only be accessed from the mailboxes website and SquirrelMail webmail.

  • The mailboxes website is linked from the panel's Manage Email page.
JunkMailFolder.Mailboxes.png
http://mailboxes.your_domain.com or https://mailboxes.your_domain.com
        replace your_domain.com with the actual domain
http://mailboxes.dreamhost.com or https://mailboxes.dreamhost.com
JunkMailFolder.SquirrelMail.png
http://webmail.your_domain.com or https://webmail.your_domain.com
        replace your_domain.com with the actual domain
http://webmail.dreamhost.com or https://webmail.dreamhost.com

Inside the Junk Mail quarantine

JunkMailFolder.Contents.png

The Junk Mail folder is the same from each URL, they all point to the same place.

The four columns (From or sender, Subject line, spam Score, and Date) can each be sorted ascending or descending using the small up and down black triangle arrows. Use the column of checkboxes on the left to select one or more emails to work with.

  • Emails that are legitimate (not spam) - "Move to Inbox" button moves them them to the Inbox, "Whitelist/Inbox" button to move to Inbox and also whitelist the sender at the same time.
  • Emails that are spam - "Delete" button deletes the emails completely and they cannot be recovered. "Blacklist/Delete" button deletes the emails completely and also blacklists the sender at the same time.

Emails will be automatically deleted from the Junk Mail quarantine folder after 35 days. It is a good idea to delete spam emails when you see them so that there are less emails in the folder to sort through.

Customizing the settings

All settings can be controlled from the panel's Anti-spam page. Individual mail account users can control their own settings in the mailboxes website.

Domain-wide versus mail account settings

Filtering is enabled for an entire domain at a time. Each fully-hosted mail account has their own filtering settings, including quarantine score and whitelist/blacklist entries. The domain has a separate set of filtering settings that are used by all forward-only addresses on the domain.

Adjusting the quarantine score

The default "Quarantine email with a spam score above" is 4. Emails must have a spam score lower than that to be delivered to the inbox.

  • A higher score requires emails look more like spam before being quarantined, so less emails are quarantined and more emails are delivered directly to the inbox.
  • A lower score lets emails that look less like spam be quarantined, so more emails are quarantined and less emails are delivered directly to the inbox.
  • If you are having too many spam emails delivered to the inbox, lower the quarantine score to have more emails quarantined.
  • If you are having too many emails quarantined and legitimate emails are not being delivered to the inbox, raise the quarantine score to have fewer emails quarantined.

To choose a quarantine score, look at the scores on emails you are receiving. Look at both spam emails and legitimate emails and pick a score between them. You want to select a quarantine score that is lower than spam and higher than legitimate email. The score can be fine-tuned to one decimal point at most, ex 3.7.

The line in the full email headers with the score looks like this:

X-Spam-Score: 4.013

Whitelist and blacklist

Blacklist entries are email addresses or domains you know you never want to receive mail from. Emails from blacklisted senders will be quarantined regardless of the email's spam score. These emails will always be quarantined in the 'Junk Mail' folder, not any IMAP quarantine folder.

Whitelist entries are email addresses or domains you know you always want to receive mail from. Emails from whitelisted senders will be delivered to the inbox regardless of the email's spam score.

List entries can be individual email addresses user@domain.tld or one entry to cover an entire domain @domain.tld.

The limit is 1000 blacklist entries and 7500 whitelist entries. If you are getting close to that limit, consolidate multiple email addresses on a single domain with just one entry for for entire domain. Adjusting the quarantine score can improve the effectiveness of spam score based sorting and also reduce the need for individual whitelist and blacklist entries.

NOTE: Whitelist and blacklist entries apply to the envelope or SMTP sender, which does not always match the information in the From header. The envelope sender is often recorded in an email's full headers as the original sender or the return path.

Priority

The priority of a whitelist or blacklist entry is generally ignored, and only used when an incoming email could match more than one entry.

All whitelist & blacklist entries are stored together, and any incoming email is potentially compared against all of them. If there is only one (black/white)list entry for sender@domain.tld, and no entry for @domain.tld (all senders on that domain), then the priority doesn't matter, the entry for sender@domain.tld will simply be used as-is.

The priority comes in to play when there are multiple entries. The priority informs which entry will take precedence. Think thunderdome -- higher priority wins; if two are tied it is a random toss-up which will win (aka be used to route the email).

Example: all mail you get from AOL is spam or chain letters, mail you don't ever want to read. BUT, you have to read your mother-in-law's emails on penalty of death. Create a blacklist entry for @aol.com with priority low, and a separate whitelist entry for mother-in-law@aol.com with a higher priority. With that combination, emails from mother-in-law@aol.com will be handled by the higher priority whitelist entry, and all other emails from other senders @aol.com will be handled by the lower priority blacklist entry.

Changing the quarantine location

The default quarantine location is the 'Junk Mail' folder, accessible from the mailboxes website and SquirrelMail webmail.

Quarantined emails can be put in a regular IMAP folder, accessible from any mail client program using IMAP, instead of the 'Junk Mail' quarantine folder. Three settings are involved:

  1. Set to 999 the "Quarantine email with a spam score above" setting so no emails are sent to the 'Junk Mail' folder.
  2. Enter the quarantine score (default 4) for the "Tag as spam if the score is above" setting.
  3. Select an existing IMAP folder and enter it for the "Quarantine to IMAP folder" setting. A folder name that does not exist may not be automatically created, so pre-make that folder to ensure emails are moved to it and not lost.

NOTE: Emails from blacklisted senders will still go to the Junk Mail folder.

Junk Mail Report notification email

Quarantine reports are emails containing a summary of all the emails currently in the mail account's Junk Mail folder. This "Junk Mail Report" is delivered by default every Friday, the other schedule options are every day, the first day of each month, or never.

Troubleshooting

Too much spam is still showing up in the inbox

No emails are being filtered or quarantined

Email from a whitelisted address is still quarantined

Email's sender is blacklisted in the SquirrelMail's SpamAssassin Settings but the email was not quarantined

  • Make sure filtering is turned on for the domain in the panel's Mail -> Anti-spam page. SquirrelMail's SpamAssassin Settings are inactive if the domain does not have filtering active in the panel.

This is a header for all the super-technical details

MX Records

Anti-spam filtering is enabled by changing the domain's MX records to route incoming emails to the filtering servers. Domains using non-DreamHost nameservers will need to manually update their MX records to reflect the change.

MX 0 fltr-in1.mail.dreamhost.com.
MX 0 fltr-in2.mail.dreamhost.com.

Special considerations for forwarding addresses

  • If the domain is being filtered, and the address is being forwarded to another DreamHost email address which is also filtered: email gets sorted based on the junk mail settings of the receiving mailbox/primary address. You don't need to set separate settings for the forwarding addresses, as they will just inherit those.
  • If the domain is being filtered, and the address is being forwarded to another DreamHost email that is not filtered or is being forwarded to an outside address only (like @gmail), then the settings for the forwarding address's domain will be used. The quarantined spam emails will not be stored, they will be discarded.
  • If the domain is NOT being filtered and it forwards to a DH email address that is on a filtered domain, the mail will not get filtered.

This table shows how Anti-spam filtering works for/with forward-only addresses. A@example.com is forward-only and sends emails to B@example.net a fully hosted mail account.

A@example.com uses filtering B@example.net uses filtering Is filtering done on incoming mail? What score is used?
Yes Yes Yes B@example.net
Yes No Yes, but filtered spam emails are discarded. A@example.com
No Yes No filtering done N/A
No No No filtering done N/A

Headers related to filtering

All emails that pass through the filtering servers have some extra headers added. Here's examples of each of those headers and what they mean:

> X-Spam-Score: 2.4

The total spam score the email had, the sum of the scores of all the rules it matched on

> X-Spam-Level: **

The X-Spam-Level line contains a number of "*" that describes the spam score. The number of asterixis shown is based on the digit(s) to the left of the decimal point - The score of 2.4 becomes 2 asterixis and a score of 12 would result in 12 asterixis listed in this field.

> X-Spam-Flag: NO

Yes or no, did the total spam score exceed the setting used by quarantine to IMAP, "Tag as spam if the score is above".

X-Spam-Status header has two slightly different ways it can look.
> X-Spam-Status: No, score=2.4 tagged_above=-999 required=999 tests=[HTML_MESSAGE=0.001, MIME_HTML_ONLY=2.299, RDNS_DYNAMIC=0.1]
> X-Spam-Status: Yes, score=2.09 tag=-999 tag2=999 kill=2 tests=[HTML_IMAGE_RATIO_04=2.089, HTML_MESSAGE=0.001, T_DKIM_INVALID=0.01, T_RP_MATCHES_RCVD=-0.01]

A summary of all the above and more.
  • No/Yes: whether the email's spam score was higher than the quarantine score.
  • score: the spam score, same as the X-Spam-Score header
  • tagged_above or tag: emails w/ spam scores above this get headers added, -999 means all email get done
  • required or tag2: score required to add 'spam detected' headers (set X-Spam-Flag to Yes), 999 is never
  • kill: score required to quarantine in the Junk Mail quarantine folder
  • tests: the rules the email matched on, with each rule's score

What does the filtering?

SpamAssassin does the spam scoring. Additionally, Clam AntiVirus scans emails for trojans, viruses, malware and other malicious threats.

Alternative filtering setups

  • SpamAssassin or other filtering programs can be installed and run from your own hosting space, giving you full control over them.