SpamPal
is very configurable but the default settings
should suit most user's needs. If however you need to change the
default settings, you can tune SpamPal using the Options
panel, in many different ways.
|
3.1. Spam-Detection: Whitelist: Email Addresses
3.2. Spam-Detection: Whitelist: Automatic
3.3. Spam-Detection: Whitelist: Automatic: Exclusions
3.4. Spam-Detection: Blacklists: Public blacklists (DNSBLs)
3.5. Spam-Detection: Blacklists: Countries
3.6. Spam-Detection: Blacklists: Email-Addresses
3.7 Spam-Detection: Blacklists: I.P. Addresses
3.8. Spam-Detection: Ignore-Lists: Providers
3.9. Spam-Detection: Ignore-Lists: I.P. Addresses
3.10. Spam-Detection: Ignore-Lists: Automatic
|
|
Whitelists are critical to ensuring that mail from your regular
senders and mailing lists gets through. A whitelist entry is a golden
bullet. Regardless of what any blacklists say, if an address is
whitelisted, the mail will not be marked as spam.
The Whitelist is the inverse of the Blacklist. It has the same format
- one email addresses per line, with '#' meaning the line is a comment
line.
You can also use asterisk characters as wildcards, so that you whitelist
anything from an email address (or domain) and it will therefore,
never be tagged as spam by SpamPal. It's useful if you have a friend
at an ISP that's in one of the DNSBL lists - just add them to your
whitelist and their emails won't end up in your spamtrap folder!
For example, you might decide That James Farmer, he's a nice guy,
he'll never send me spam and
add this to your whitelist:
# James Farmer won't ever send me spam
jjf@spampal.twinlobber.org.uk
Or alternatively you might think I know lots of people at Hotmail
and they never send me any spam and add:
# Hotmail = nice people!
*@hotmail.com
Entries in the whitelist will
override entries in the blacklist. This mean that you could
(for example) put *@hotmail.com
in your blacklist and then add to your whitelist, the individual
email address of people
you know at Hotmail.
|
|
|
The
whitelist function only looks for email addresses in certain
headers of your email.
These headers are currently: From:,
Reply-To:,
Sender:, Mailing-List:
and Return-Path: |
|
::Top:: |
|
The normal whitelist is all very well, but
you still have to spend time adding people to it. Wouldn't it be
nice if SpamPal did this for you, well, through the Automatic Whitelist
- SpamPal can!
Email addresses get added to the automatic whitelist once they have
sent you email on a certain number of days, so you can rest secure
that people with whom you correspond regularly, will almost never
end up in your spamtrap folder.
It is usually a good idea, to enable the
tickbox Create a log file for
every entry, as this will provide
you with information, as to why the email address get auto-whitelisted.
From the main screen (seen below) you can also, move your auto-whitelisted
emails directly to your whitelist (to keep things tidy), blacklist
them or even remove and never
auto-whitelist them.
|
|
|
| the
auto-whitelist function will only
auto-whitelist emails that haven't
been marked as **SPAM** |
|
Occasionally, a spammer might forge
the email address of someone who is in your auto-whitelist -
for example, a colleague or an alternate email address or yours.
While you don't want to put this person in your blacklist because
they send you lots of genuine email, you don't want them to
end up in your auto-whitelist and bypass SpamPal's spam-checking
features.
To do this, select an email from the list of auto-whitelisted
addresses and then click the remove
and never auto-whitelist button.
The email address you selected
will be removed
and will never be added
to the auto-whitelist. |
|
| If
you are using this, especially in a business, as this is recording
all outgoing addresses, some people might view this as an infringement
upon their privacy, (if you are in UK you need to tell staff
of this policy before you start collecting data) |
|
::Top:: |
Occasionally, a
spammer might forge the email address of someone who is in your auto-whitelist,
for example, a colleague or an alternate email address of yours.
While you don't want to put this person in your blacklist because
they send you lots of genuine email, you don't want them to end up
in your auto-whitelist and bypass SpamPal's spam-checking features.
In this pane you can enter the email addresses of people who should
never be added
to the auto-whitelist.
Just add your own email addresses here and you won't have to worry
about spammers forging your own addresses to bypass SpamPal's filtering.
You can even add your entire employer's domain - e.g. *@acme-widgets.com |
|
|
::Top:: |
|
SpamPal works by checking your mail against a number of DNSBL lists
which list parts of the Internet that facilitate spamming. This
pane allows you to choose which DNSBL lists you want to check your
mail against.
The right-hand area lists the available DNSBL lists; those with
a tick beside them are the ones you are currently using. Click on
a list, to toggle whether you are using it or not.
Sometimes one DNSBL list incorporates all the data from another;
in these cases, if the first DNSBL service is selected then the
second will be grayed out in the list.
As the mouse pointer moves over a list, information about it appears
to the right; the list name, website (click on it to go to that
website), and a short description.
Each list also has a Header Code,
which is used to identify the list in the X-SpamPal:
header, for example: X-SpamPal:
SPCOP
It's usually best to see if changes to your DNSBL choices can find
spam rather than blacklisting individual entries, as Spammers are
continually changing address, so it's not very productive to blacklist
them.
You can copy and past IP addresses here
to see which blacklists would have caught each IP address in the
header. Start with the first Received
line and work your way through the rest of them.
See here for more information on how
to Optimise your DNSBL selection.
|
|
|
Different lists will have different
characteristics. A couple of the more popular DNSBL services will
have been selected by default, but feel free to experiment with other
lists.
If a list seems to aggressive and blocks too much legitimate email
(because spam-friendly providers may well have non-spamming customers
too!), you can just deselect it from the list. You can see which DNSBL
marked you email as spam, by looking at the headers
of your email message, see this page
for more details about SpamPal headers. |
During the installation of SpamPal
you are asked what level of filtering you want to use; Safe,
Medium or Agressive.
You may want to change the setting you originally used and you can
do this by clicking on the
red arrow (Pre-created Filtering
Strategies) to bring up this screen, where you can default
your DNSBL selection: |
|
|
|
By using the SpamPal Status page
(right click on the Systray Umbrella and select Status),
you'll be able to see which of DNSBLs you are using and how effective
they have been during a recent session.
If you look at the statistics on SpamPal's status screen, it will
show you the hit rates being achieved by the various DNSBLs you
are using for recent queries. You will probably notice that some
of the DNSBLs regularly give high numbers, 20-50%,
and others may be very low, or even zero hits.
Deselecting the ones with low hit
rates, will probably improve speed, without affecting your spam
detection capability.
For example, in the screen below, Abusive
Hosts Blacklist dnsbl has detected little spam in this session
and therefore may be a good idea to deselect this from your list
of DNSBLs (public blacklists), in order to save time. Taiwan
and Hong Kong county code DNSBLs are also possible ones to be removed.
You can also see that Brazil
has a slightly
higher Average Response time
(0.391s)
than the other DNSBL's and also doesn't detect as much spam may
also be a candidate for removal.
|
|
|
| In
the left window, note the words filtering operations summary.
This isn't the same as number of messages; if your email program
(Outlook Express is one example) fetches a preview of your message
first and then the message
itself, that's two filtering operations, so it counts twice.
|
|
| In
the right window, note the words Recent DNSBL Queries. these
numbers will get reset to zero every time you restart SpamPal,
e.g. when you reboot your machine. |
|
::Top:: |
If you are receiving a
lot of spam from certain Countries, you can in this pane, select the
Countries which you want to be blocked by SpamPal.
At the time of writing, a lot of spam seems to be routed through open
relays in China. If you are absolutely sure that you
never receive legitimate email from China, you could select
this country in the countries blacklist.
However, you need to exercise great
consideration when blocking by country, for example, if you're
running a global business, you certainly don't want to be using the
blocking by county feature! |
|
|
::Top:: |
|
If you're getting lots of spam with the same email address in the
From line, you can use the Blacklist
to have it automatically tagged by SpamPal.
Basically, the blacklist comprises of a list email address, one
per line, which will mean that all email from one of those addresses
will be tagged as spam.
Blank lines are allowed in the blacklist, and you can add comments
by starting them with a '#', so you can document what you put in
your blacklist, e.g.: #
#Porn spammer keeps emailing me
sexygirl@bigpornspammer.com
sexygirl2@bigpornspammer.com
sexyboy@bigpornspammer.com
# Chain letter pyramid scheme spammer
really_stupid_idiot@aol.com
You can also use an asterix *
as a wildcard, which allows you to stop email with a given ISP in
the From: line.
For example:
# All I get from Hotmail is spam, so let's block it all!
*@hotmail.com
# And I don't know anyone with sexy
in their email address
*sexy*
You can also use:
*@*.theinsidersedge.com
*theinsidersedge.com
|
It's
generally best not to do this for normal spam, relying on the
DNSBLs or plugins to catch that.
Blacklists are more appropriate for individuals or companies
who are bothering you but aren't generic spammers.
Remember also that the From:
line in email messages, can easily be forged, so blacklisting
the addresses of all the spams you receive, is largely a waste
of time
Some email programs, such as Outlook have a Junk Mail facility
which will blacklist email address, it's normally a good idea
to disable this feature (which will give you a small speed boost)
and just use SpamPal to do the work. |
|
|
|
::Top:: |
This
is similar to the normal blacklist, except it works on I.P. addresses
and netblocks rather than email addresses.
Like the DNSBL lists, any email from one of the machines on the advanced
blacklist will be tagged as spam. |
|
|
|
1)
Use a list of
single IP Address,
eg. 216.88.68.119 (Wildcards
(e.g.. 127.0.0.*)
aren't permitted in netblock specifications)
2) Use a list of single hostnames,
eg: mta10.adelphia.net
3) Use a list of NetBlock Address, either by using the start and end
addresses, e.g.: 127.0.0.0-127.0.0.255
or use the network prefix notation, e.g.: 127.0.0.0/24
|
|
::Top:: |
|
Unfortunately, some aggressive DNSBL's might
place a whole provider on one of it's blacklists.
This is a list of common providers, which if ticked, won't be checked
to see if they are spammers against those DNSBL's
|
|
|
::Top:: |
This is a list of
server IP addresses or ranges which won't be checked to see if they
are spammers. For speed and safety you should add all of the mail
servers of your own ISP, possibly taken from Received
lines of mail you send to yourself,
to this list.
Servers are ignored but just mentioning one of these IP addresses
won't prevent a mail from being marked as spam, if another IP address
in the headers, is that of a spammer. |
|
|
|
1)
Use a list of single
IP
Address, eg. 216.88.68.119 (Wildcards
(e.g.. 127.0.0.*) aren't
permitted in netblock specifications)
2) Use a list of single
hostnames,
eg: mta10.adelphia.net
3) Use a list of NetBlock Address,
either by using the start and end addresses, e.g.: 127.0.0.0-127.0.0.255
or use the network prefix notation, e.g.: 127.0.0.0/24
|
|
If you have an email that for some
reason, you cannot whitelist by email address (or by using one
of the plugins),
you can add the IP address(s) of the server(s) it uses to the
ignore list, so that it's IP address(s) aren't
checked against the DNSBL's (public blacklists)
Example:
Return-Path: <asasas@mail.cicg.com>
Received: from mail.cicg.com ([216.88.68.110])
by mail3-lx.icom.com (8.12.9/8.12.5) with ESMTP id h6EN50DD032210
for <me@myisp.com>; Mon, 14 Jul 2003 19:05:01 -0400
Message-Id: <200307142305.h6EN50DD032210@mail3-lx.icom.com>
Received: from mail.cicg.com (77.44.d858.cidr.airmail.net [216.88.68.119])
by mail.cicg.com (Post.Office MTA v3.5.3 release 223 ID# 0-58581U100L2S100V35)
with ESMTP id com
for <me@myisp.com>; Mon, 14 Jul 2003 18:06:39 -0500
Content-type: text/plain
Date: Mon, 14 Jul 2003 18:03:55 -0500
From: ADB
Subject: **SPAM** WebRep Alert from AIR-C in MAIN
To: me@myisp.com
X-UIDL: Tc9!!T`'!=*E!>M!
X-SpamPal: SPAM DSBL 216.88.68.110
Add
216.88.68.110 and 216.88.68.119
to the Ignore List,
which will stop this email being checked |
|
::Top:: |
|
This is an automatic
list of server IP addresses (or ranges) from
which you have received email over several days,
which won't be checked
to see if they are spammers,
For speed and safety
the mail servers of your own ISP, possibly taken from Received
lines of mail you send to yourself,
will normally be addess to this list
Even though you ISP's mail servers will end up being placed on the
ignored list, other IP addresses in the headers from a spammer,
won't prevent a mail from being marked as spam
|
|
|
::Top:: |
|
