|
1. Getting Started
2. Whitelist your friends or clients
3. SpamPal Status Screen
4. What should I expect from SpamPal?
5. Checking for Updates
6. Backup your settings
7. Change which programs SpamPal filters
8. Changing your blacklists/whitelists
|
|
By default SpamPal installs itself in your
StartUp folder and will always be present, when windows starts up.
You can obviously, remove
it from your StartUp folder to save boot up time, however, you must
remember to start SpamPal again, before you check your email, otherwise
you cannot receive your email.
If you're on a dial-up link then you may find a product like NetLaunch
useful.
On a startup, SpamPal will
install itself in your system tray and you should see an umbrella
icon, to indicate the fact that it's running:
|
|
|
| Every time you check
your email, your email program will invisibly use SpamPal (although,
while this process takes place, you should see the SpamPal umbrella
icon rotate). |
|
|
| Next, your email
program's mail filters/message rules will move any messages that SpamPal
has marked as **SPAM**, into your spamtrap
folder, which will help keep your inbox
clean!
Although SpamPal won't find and tag all
your spam, however, you should find that it will at least catch
90%, in normal use. If you want
to gain the extra % then you may
need to install one of the many SpamPal plugins, which can be found
here.
Every so often, perhaps make it a weekly task, you should skim through
your spamtrap folder to make sure
that there's no mail you actually wanted to read in there and then
delete the rest.
SpamPal is very configurable and most users
will be happy with the default settings. If however, you need to
change the default settings, you can tune SpamPal to your own personal
needs using the Options dialog.
To access the Options dialog,
Right-click on SpamPal's umbrella tray icon, then click on Options.
|
|
|
::Top:: |
|
In order to speed up the processing of your emails
and to prevent SpamPal from marking your friends or contact's emails
as spam, it's a good idea at this point to whitelist all your important
email addresses.
This can be done in four ways:
a) Use the pop3
automatic whitelist: this will whitelist non-spam
email's that you receive on a frequent basis
b) Use the smtp
automatic whitelist: which (if setup in 3.3)
will whitelist all email addresses that you send out
|
| the
auto-whitelist function will only
auto-whitelist emails that haven't
been marked as **SPAM** |
|
Occasionally, a spammer might forge
the email address of someone who is in your auto-whitelist -
for example, a colleague or an alternate email address or yours.
While you don't want to put this person in your blacklist because
they send you lots of genuine email, you don't want them to
end up in your auto-whitelist and bypass SpamPal's spam-checking
features.
Clicking on the Exclusions
pane will bring up a window into which you can enter the email
addresses of people who should never be added to the auto-whitelist.
Just add your colleagues here and you won't have to worry about
spammers forging their addresses to bypass SpamPal's filtering.
You can even add your entire employer's domain - e.g. *@acme-widgets.com |
|
| If
you are using this, especially in a business, as this is recording
all outgoing addresses, some people might view this as an infringement
upon their privacy, (if you are in UK you need to tell staff
of this policy before you start collecting data) |
|
|
c) use
the Add to Whitelist option on
SpamPal's system tray: to manually
whitelist your email addresses by typing in an address (or by using
the dropdown box; to select from a list of recently received address):
|
|
|
| If
you wish to select a number of whitelist entries then you can
tick the Keep dialog open option and you can then keep selecting
your whitelist entries, one after another. Once you've finished,
you can un-tick the Keep dialog open option |
|
| If you try to add an email
address that you've already entered before, or it matches a domain
that you have already added with a wildcard (eg. *.cheshire.gov.uk)
then you'll see this error: |
|
|
| d) Use
the SpamPal Whitelist Email Addresses
page to manually
whitelist your email addresses: |
|
|
The
whitelist function only looks for email addresses in certain
headers of your email.
These headers are currently: From:,
Reply-To:,
Sender:, Mailing-List:
and Return-Path: |
|
|
Initially, you will notice that using SpamPal
makes fetching your email a little slower. This is because SpamPal
has to check everything against the DNSBL lists (Public Blacklists)
to see which email's are from a spammer and which aren't.
However, through it's Auto-Whitelist feature(s),
SpamPal will quickly learn about the people and machines that send
you lots of email, and adds them to a list of trusted senders. Because
they're trusted, SpamPal doesn't waste time any checking the DNSBL
lists (Public Blacklists) for them and so the more you use SpamPal,
the quicker it will get.
There are more hints and tip on how to optimise SpamPal here |
::Top:: |
|
By using the SpamPal Status
page (right click on the Systray Umbrella and select Status),
you'll be able to see which of DNSBLs you are using and how effective
they have been during a recent session.
If you look at the statistics on SpamPal's
status screen, it will show you the hit rates being achieved by
the various DNSBLs you are using for recent queries. You will probably
notice that some of the DNSBLs regularly give high numbers, 20-50%,
and others may be very low, or even zero hits.
Deselecting the ones with low hit
rates, will probably improve speed, without affecting your spam
detection capability.
For example, in the screen below, Abusive
Hosts Blacklist dnsbl has detected little spam in this session
and therefore may be a good idea to deselect this from your list
of DNSBLs (public blacklists), in order to save time. Taiwan
and Hong Kong county code DNSBLs are also possible ones to be removed.
You can also see that Brazil
has a slightly
higher Average Response time
(0.391s)
than the other DNSBL's and also doesn't detect as much spam may
also be a candidate for removal.
|
|
|
| In
the left window, note the words filtering operations summary.
This isn't the same as number of messages; if your email program
(Outlook Express is one example) fetches a preview of your message
first and then the message
itself, that's two filtering operations, so it counts twice.
|
|
| In
the right window, note the words Recent DNSBL Queries. these
numbers will get reset to zero every time you restart SpamPal,
e.g. when you reboot your machine. |
|
DNSBL queries
are queries to the various public blacklists (and public ignorelists)
that you select to use from SpamPal's options window.
Positive
means a positive result - for a public blacklist it means the message
in question is probably spam, for ignorelist it means the I.P. address
in question will be ignored. Negative
means the opposite, and Hit Rate
is the number of positive queries divided by the total number of queries.
When SpamPal fliters an email message, it extracts
I.P. Addresses from the headers
(these indicate which computer systems the message passed through
before it hit yours), and for each I.P. Address queues a DNSBL
query to each selected public blacklist (and ignorelist).
It doesn't mean the spam mails are being blocked
before they reach your computer; the statistics are just given as
a way for you to judge which blacklists are catching the most spam
for you.
|
::Top:: |
| The following Questions
and Answers are a must read
to ensure you get the most out of SpamPal |
| How much
spam should Spampal catch?
As a guideline, it should be possible to get Spampal
to catch at least 90% of the spam,
without flagging any legitimate mail as spam. In practice, you can
probably catch 95% of the spam safely, and some people reckon they
catch 99% or more of the spam. However, as you become more aggressive
in your spam filtering, so too will you increase the chance of flagging
legitimate mail as spam, and no matter how good your anti-spam tools
are, there will always be one or two spams which sneak under the
barrier. Be realistic in your expectations.
Why didn't this
mail get flagged as spam?
To find out why spam is getting through you need
to look at your X-SpamPal header
in the email and find out what reasons it is giving for PASSing
the mails. You may have accidentally whitelisted something that
you intended to blacklist or you may have got your caching times
wrong. It may not give a reason, indicating that none of your existing
strategies or blacklists detected this as spam. Whatever the reason,
the X-SpamPal
header is the starting point to improving spam detection
performance. See this page
for more details about SpamPal headers.
Why did my mail get flagged as spam!
To find out why an email is being marked as spam
you need to look at your X-SpamPal
header in the email and find out what reasons it is giving for marking
the email as SPAM. You may have
accidentally blacklisted something that you intended to whitelistlist
or perhaps a public blacklist (DNSBL) you have selected, seems to
be too aggressive and blocks too much legitimate email (because
spam-friendly providers may well have non-spamming customers too!).
Whatever the reason though, the
X-SpamPal header is the key to finding
the solution, so see this
page for more details about SpamPal headers and what they mean
|
|
|
|
Do I have to keep adding
addresses to my blacklist?
No. Please don't
use massive email address blacklists with SpamPal,
particularly not those from general purpose sites. Those are intended
for spam detecting systems which can't use DNS blacklists, regular
expressions or other advanced spam detection methods.
Using a massive blacklist is not usually productive, as spammers
usually forge their email address and
never use the same address twice. If you regularly get spam from
the same address and for some reason it is not being picked up by
the public blacklists then it can be useful to add it to your own
personal blacklist.
|
|
|
However, most people
only have a handful of addresses in their blacklists. If
you have too many you will slow down SpamPal quite significantly,
and be creating a lot of work for yourself without achieving anything
useful.
This reasoning also applies to email programs, such as Outlook and
Outlook Express that have the facility to block senders by email address
(called Junk
Senders/Adult Content senders). It is usually better to
stop using those features and leave SpamPal to do it's job.
The first way to cut the spam with SpamPal is to adjust the DNS blacklists.
Using Easynet and SpamCop should catch 90% of spam for most people.
If you don't get at least that high a detection rate, or want a higher
rate, let us know and we'll make
more suggestions to help to improve the success. |
|
Should I use all the DNSBLs?
No, you only need three
or four good DNSBLs to get good results. Adding more will
not necessarily improve matters. If
you've got them all ticked, that is overkill. It is also
using an unfair amount of resources. The people who provide these
DNSBLs are doing so free of charge and we'd all like it to stay
that way.
Some DNSBLs work better than others, and it also
depends on where you are in the world. Good general purpose ones
include SpamCop, Spamhaus
SBL+XBL and NJABL.
|
During the installation
of SpamPal you are asked what level of filtering you want to use;
Safe, Medium
or Agressive. You may want to change
the setting you originally used and you can do this by clicking on
the
red arrow (Pre-created Filtering
Strategies) to bring up this screen, where you can default
your DNSBL selection: |
|
|
If you look at the
statistics on SpamPal's status screen, that will show you the hit
rates being achieved by the various DNSBLs you are using for recent
queries. You will probably notice that some of the DNSBLs regularly
give high numbers, 40-50%, and others may be very low, or even zero
hits. Deselecting the ones
with low hit rates will probably improve speed without affecting your
spam detection capability.
For example, in the screen below, Abusive
Hosts Blacklist dnsbl has detected little spam in this session
and therefore may be a good idea to deselect this from your list of
DNSBLs (public blacklists), in order to save time. Taiwan
and Hong Kong county code DNSBLs are also possible ones to be removed.
You can also see that Brazil
has a slightly
higher Average Response time
(0.391s)
than the other DNSBL's and also doesn't detect as much spam may also
be a candidate for removal. |
|
|
|
I'm still not catching enough spam: How
do I improve my DNSBL selection?
You could look at the country lists. At the time
of writing, a lot of spam seems to be routed through open relays
in China. If you are absolutely sure that you never
receive legitimate email from China, you could select this
country in the countries blacklist. However, you need to exercise
great consideration when blocking by country, for example,
if you're running a global business, you certainly don't want to
be using the blocking by county feature!
A more likely cause of poor DNSBL performance
is that you are checking your mail too
often. We have found that from the time a wave of spam starts,
it takes about 30 minutes before
the culprit IP numbers start appearing on the DNSBLs. If you are
checking your mail at one minute intervals then you are probably
downloading the spam before the DNSBLs have had a chance to react.
Change the settings in your mail program to only download mail at
30 minute intervals or longer, or even just to download manually,
and you should find a big improvement in DNSBL performance. Despite
what people often think, the world will not end if you don't get
your emails within a minute of someone sending it.
You should also look at the cache times on DNSBL
checks. The caching improves speed but may lead to slightly less
accurate results. Unless speed is a problem for your connection,
the best results will come from setting SpamPal to remember positive
(Spam) results for three days, and negative
(legitimate mail) results for zero days zero hours. These
settings can be found in the Advanced panel of SpamPal's options.
On the same page, you should have a DNSBL
time out setting of 10 to 20 seconds, and a maximum number
of simultaneous DNSBL queries of about
25 should be a good choice for most people.
I'm still not catching enough spam: how
do I improve SpamPal's performance?
If you are still not catching enough spam then
you are better trying alternative strategies, not just piling on
more DNSBLs. Look at the available plugins.
There is one called URLbody which will apply DNSBL
checks on the websites (URLs) listed in the spam mails. Although
spammers can disguise their email address and send the mail through
circuitous routes, they still need to advertise their website in
the spam they send you, so this plugin can be very effective at
trapping them.
RegEx will examine the body of mails for a whole
mess of different phrases and other good solid indicators of spam,
and both of those should pick up lots of spam, although I think
there is a slightly higher risk of false positives with RegEx patterns.
However, the latest version uses a combined scoring system which
should greatly improve its discrimination sensitivity. Some
people have reported catching well over 90% of the spam just using
RegEx and no DNSBLs at all.
The MX blocker is used to detect mails which are
sent through desktop MX programs on dial-up lines, a common tactic
of spammers. You may find this mops up lots of spam which is escaping
the DNSBLs. However, use with caution initially as desktop MX is
a legitimate tool which is used for legitimate purposes so you may
find you need to whitelist a few regular correspondents.
There is also a Bayesian plugin which takes a
completely different approach to detecting spam, although the nature
of it means it is perhaps more likely to get false positives to
begin with and it does need a period of training to learn the patterns
in your email.
For more details about plugins, see this
page
As with DNSBLs, do
not just install everything at once because it will just be overkill.
Try the plugins one at a time and find out what is working best
for you.
I have old spam email's in my inbox that
arrived before I started to use SpamPal, can SpamPal now mark these
as spam?
No. Retrospectively checking
headers on emails is not an option because blacklists are dynamic
entities. They say what the status of an IP number is now, not what
it was when you received the mail.
Why doesn't SpamPal bounce messages back
to the spammer like other products?
The usual reason people like to bounce messages back to a spammer,
is that they think a bounced message will tell the Spammer that
an email account does not exist and their address will be removed
from the spammer's database and therefore that they won't receive
any more spam.
But in reality bounce
messages are normally useless because:
1. A Spammer
sends, in a few minutes, millions of emails at once. Why should
he spend time on deleting a few thousand addresses that do not exist?
Usually the same addresses are spammed again next time (it does
not cost the spammer any time or money, to send a few emails more).
Bounces from users will only increase traffic over the internet
and end up costing the user either time or money, to bouce back
a lot of messages, back to the spammer.
2. 99.9% of
the spam, has an invalid return address that has nothing to do with
the real spammer.
Here are a few "real world" examples:-
a) the sender
does not exist and the error message cannot be delivered.
So you return the (fake) message again and since
most Spammers can recognize that this is not a real error message,
you end up wasting time and money.
b) the (innocent)
sender exists and the spammer has used their email address for his
spam.
Spammers often use email addresses of innocent
persons (very often they use addresses of persons who have tried
to stop the spammer by their complaints). As as reult, these persons
receive thousands of real bounces and additional bounces (ie. Fake)
sent by software that allows you to send fake bounce messages.
c) the sender
is the spammer (in a very few cases).
The spammer can verify that your account exists
(when he is clever enough to identify your error message as fake).
What do I do with spam that still gets through
undetected? Is this a bug in Spampal? Should I post the spam to
you so you can study it?
No, there is always going to be some spam which
gets through, no matter what antispam tools you use. We suggest
you sign up for a free spamcop.net
reporting account (also see this
page for more details on how to report spam), and report the spam
there. When the spam has been reported by several different people,
it will be added to the SpamCop DNSBL and then other SpamPal users
will benefit from your reporting.
But a spam STILL got through, this is a
disaster!
No, it isn't. The objective is not to kill every
last spam. The objective is to reclaim your inbox and to get rid
of the bulk of the spam with the absolute minimum of effort. Do
not become obsessive about spam!
|
::Top:: |
|
SpamPal will periodically check to see if
a more recent version of the program itself has been released. It
won't update itself, but it will tell you about it so you can download
the new version if you want to. It will also tell you about any
new plugins that have been released, and any updates to plugins
that you have installed.
SpamPal will also automatically update the
list of DNSBL services (Public Blacklists) every so often. So, should
one of the DNSBL services you are using, become permanently unavailable,
it will tell you about it and you can select an alternative from
the Options
dialog.
If there is a new version of SpamPal or a
plugin available then follow the this
procedure to ensure the process of upgrading, is as quick and
smooth as possible.
|
::Top:: |
|
First you need to locate the directory where
your Spampal configuration files are stored, which will also have
settings for any plugins you currently use.
Do a right click on the umbrella in the systray
and select options. Now select the advanced menu.
You should now see at the bottom of that screen
a box that says SpamPal's configuration
is stored in this folder.
This is the directory that needs to be backed up.
Now, use windows explorer (or an archiver program) and backup the
whole folder.
|
|
|
If
you decide to change this directory, then you must remember
to change the following directories as well:
a) SpamPal's log file
path (eg. d:\spampal\log.txt)
which is in SpamPal's options,
Logging
section
b) SpamPal's startup directory command line (eg. -configdir
d:\spampal) |
|
::Top:: |
|
You can stop SpamPal filtering all
of your emails, without having to change any of the setup
in your email program, by using the disable
filtering option from the systray icon.
You can see when SpamPal won't filter any emails when the icon changes
to:
|
|
|
The transparent proxy
programs screen, as seen below, is basically used for three reasons:
a) to stop anti-virus scanners from scanning
your email twice;
b) to exclude a program that doesn't seem
to be compatible with SpamPal's transparent proxy;
c) to exclude an email program from using
SpamPal to filter your mail
|
|
|
|
In order to decide which processes SpamPal will filter and which
ones it will ignore, SpamPal will check it's list of known processes,
some of these are on a filter list (like email programs)
and some of these are on a don't filter list (like anti-virus
scanners).
Obviously, this list of processes will vary from user to user, so
when SpamPal come across a process that it doesn't know about, you'll
need to inform SpamPal to either filter the connection or ignore
the connection,
You can tell SpamPal, using the above
filter mail for that process option, to always filter
any new unknown processes, SpamPal finds.
You can tell SpamPal, using the above
not filter mail for that process option, to always not
filter any new unknown processes, SpamPal finds.
By Default, however, SpamPal will always ask the user what you
do and you'll see a message box like the screen below popup:
|
|
|
| The above screen works
in much the same way as firewall rules do. So, if you want SpamPal
to filter PopTray's request to access your email server and have SpamPal
filter the mail it see then click the Filter
button. If you select the Don't
Filter button then PopTray will still access your email server
but SpamPal will not filter out the spam from any email that it sees. |
|
|
|
|
The Don't
Filter screen is basically used for three reasons:
a) to stop anti-virus scanners from scanning
your email twice
Most probably SpamPal is filtering your mail once between your email
program and your anti-virus scanner, and once between your virus-scanner
and your mailserver.
Have a look in the status window, or activate the SpamPal logfile
and have a look at what processes SpamPal is filtering mail for. Now
go to the port properties dialog, click on the "Control"
tab, and enter the name of one of these processes in the list of programs
for which mail won't be filtered. |
b)
to exclude a program that doesn't seem to be compatible with SpamPal's
transparent proxy.
I'm sure there's going to be incompatibilities with some software
out there; probably email-related software but I don't rule out the
possibility of other software not being compatible with the transparent
proxy.
If you encounter a problem, just post a message in this forum
thread; saying what version of SpamPal you're using, what version
of the incompatible software is and briefly describe the problem,
including any error messages that will appear. |
c)
to exclude an email program from
using SpamPal to filter your mail
Normally you'd want all your email programs and checkers (such as
Poptray) to use the transparent proxy,
in order to filter out the spam. You might however, want to keep your
main email program (such as Outlook Express) to filter the spam but
disable filtering for your email checker (such as Poptray), in order
to speed things up.
You can do this by just adding the program/process name in the list
of programs for which mail won't be filtered. For example, in the
above Poptray case, just add the following line (which uses # as a
comment)
poptray.exe # disable filtering for Poptray |
| If you need to close down
SpamPal at any time then you can close down SpamPal from the systray
icon: |
|
|
|
::Top:: |
|
While using Spampal your blacklists/whitelist can get updated in
various ways:
a) blacklist: using the systray manual blacklist
b) whitelist: using the systray manual whitelist, auto-whitelist
or smtp auto-whitelist
If you wish to look or edit these, just go to:
SpamPal Options, Blacklists,
Email Addresses and Edit as required
SpamPal Options, Whitelists,
Email Addresses and Edit as required
|
::Top:: |
|
