Spam Firewall FAQ
From CFAES Help Documentation and FAQs Project
CFAES Messaging System Support Center > Spam Firewall FAQ
| This article is a WORK IN PROGRESS. It is still missing much information. |
Please e-mail docwiki@cfaes.osu.edu if you have a question you would like to see on here.
General Questions
What is "Barracuda"?
Barracuda is a brand name for a spam firewall server appliance. A server appliance is a self contained, vendor supported computer that usually provides one dedicated function. Barracuda is to spam firewalls as Kleenex is to facial tissues.
The CFAES Spam Firewall is currently based on a Barracuda firewall appliance.
What is a spam firewall
A spam firewall is a service that rates incoming email based on a number of factors and marks their probability of being spam. The email can then be prevented from delivery or transfered to the CFAES mail sever.
How does the spam firewall handle incoming mail?
The spam firewall will handle incoming mail in one of four ways. The spam firewall will score the incoming mail using a formula to assign a numeric value.
- It will detect that the mail is spam or contains a virus and block the mail.
- It will score the mail and based on the score send the mail to quarantine.
- It will score the mail and based on the score send the mail to your inbox with a [SPAM] tag.
- It will score the mail and based on the score send the mail to your inbox as normal mail.
Is there a way to turn off my spam filtering?
By default, spam filtering is enabled. Spam filtering for an individual account can be disabled, forcing all mail to be delivered. The setting is found under the account "Preferences" tab and then under the "Spam Settings" tab.
User Quarantine
What is a Quarantine?
Quarantine is a state of enforced isolation for e-mail that is somewhere in between being spam and not spam. E-mail in this grey area will be put into an individual's account quarantine.
I’ve been expecting an email but it ended up in the spam firewall quarantine. How do I have it delivered to my inbox?
The Spam Firewall sends you a daily Quarantine Summary Report at 1:30 PM. You can view the quarantined messages you did not receive. Using the quarantine summary report you can add messages to your whitelist, delete messages, or have messages delivered to your inbox. If you need to deal with more than one or two messages; it may be easier to log into your account on the spam firewall. There is a link at the bottom of the Quarantine Summary Report that reads "To view your entire quarantine inbox or manage your preferences, click here." Click on the link labeled "click here" and you will be logged into your account. You can select multiple messages and perform any action on them as a group.
Can I disable messages from being put into the quarantine?
Quarantining e-mail can be disabled, allowing e-mail that would normally be put into the quarantine to be delivered. With the quarantine disabled, messages that would have been put into the quarantine will be tagged “[QUAR]” on the subject line. This option is set in the account Preferences tab and then under the Quarantine tab.
How long are messages kept in the quarantine?
Based on the results of the CFAES Spam Survey, messages within a user quarantine are maintained for two weeks. After that period, the messages are automatically removed.
E-Mail Classification
Why are some of my incoming e-mails marked as spam?
An e-mail may contain a number of key words or phrases the spam firewall may consider a marker for spam. After a number of these markers are accumulated during the scanning of the e-mail, the spam firewall will tag the e-mail as spam.
What do I do if an e-mail I sent is marked as spam?
The spam firewall is configured to notify a sender their email was classified and blocked as spam. This allows the sender to dispute the classification.
First determine if the notice references an email you actually sent or not. If the orginal offending email looks completely unfamiliar to you, you shouldn't need to do anything.
If the offending email is something you sent or had sent on your behalf, closely follow the instructions that should be provided to get your original email delivered. This usually entails sending an email to a systems manager requesting a review of your original email.
I recently sent email to an on-campus colleague; it was reported that “[SPAM?]” appeared at the beginning of the subject line. Should I be concerned?
No. The message was delivered but received a "score" that was high enough for it to be labeled as potential spam. Mail is graded based on message content and the structures used in the message (how much of the message is html, links in the message, font size, etc.) It is likely that a combination of these attributes contributed to your message being labeled.
Note: Messages sent directly to cfaes.osu.edu email accounts from other cfaes.osu.edu accounts are not evaluated by the Spam Firewall. Only messages that are sent to an osu.edu address should have this label.
A message I sent to an external (off-campus) address was bounced as spam, or was filtered and not received by the intended recipient. Why?
Many organizations implement spam firewall systems similar to the CFAES Spam Firewall. In addition, many end users have their own spam filtering software and techniques. Your message could have been blocked by either the remote spam firewall or the recipient's spam blocking software. Ask the recipient to have your address whitelisted so that you can communicate freely in the future. In addition, you may want to take steps to help prevent your email from being classified as spam by any system.
What steps can I take in composing an email that would minimize the likelihood it will be tagged as spam?
When sending a message, consider the elements that you commonly see in spam messages - colored text, graphics, bold words, capital letters, and so on. The more your message resembles a piece of spam, the more likely it is to be labeled as spam.
Here are a few guidelines that should help minimize the likelihood of your own messages being considered spam:
- Keep the structure of the message as basic as possible.
- Remove unneeded attachments, backgrounds, or signatures.
- Keep pictures, fonts, colors, bold, underline, and other styles to a minimum.
- Use Plain Text if possible.
While this may result in a "visually unappealing" message, following this basic guide will help ensure your messages do not end up in another user's quarantine.
"Whitelisting" and "Blacklisting"
What is "whitelisting"?
Whitelisting an email address or email domain forces email from that address or domain to be delivered unconditionally. Even if an email would otherwise be considered spam, it is delivered. This is useful to protect known senders or gray content from specific senders from being marked as spam.
What is "blacklisting"?
Blacklisting is similar to whitelisting but has the opposite effect. An email address or domain on a blacklist will be rejected unconditionally. This method is useful in preventing known spamming senders from being delivered.
Why the terms "whitelisting" and "blacklisting" ?
These terms are an industry standard and are used consistantly throughout our current spam firewall. Other products may use terms such as "Blocked Senders" or "Safe Senders".
How do I whitelist an email address to ensure it does not get trapped by the spam firewall?
Log into the spam firewall and select the “Preferences” tab. Under the Allowed Email Addresses and Domains heading, enter the email address you want to whitelist and click on the “Add” button.
See the Spam Firewall User Guide for more information on Whitelisting and Blacklisting.
Can I whitelist or blacklist more then one address at a time?
No. There is no way import a list of addresses.
Other Problems and Questions
I manage a mailing list serve, are there any spam firewall issues I should be aware of?
Yes. Your email address should be listed as the “Notification Address”. This ensures that the daily Quarantine Summary will be delivered to you rather than being sent to everyone on the list. This setting is found in the account "Preferences" tab and then under the"Quarantine" tab.
Do email attachments affect how the spam firewall treats my incoming email?
Yes. Attachments with the file extension pif, scr, and vbs are blocked. Attachments with the file extension ade, adp, bas, bat, chm, cmh, com. cpl, crt, dll, exe, hlp, hta, inf, ins, isp, js, jse, lnk, mde, msc, msi, msp, mst, pcd, reg, sct, shb, shs, vb, vbe, wsc, wsf, wsh are quarantined.
