One of the services we provide to our clients is spam filtering. The goal is to stop the spam BEFORE it gets to the mail server so it doesn't wind up on the users' desktop, laptop, iPad, smart phone, etc.... Each month when we do the reporting and roll up the numbers, it's amazing how much volume there is. Overall, around 80% of all email traffic is flagged as spam. For some of our clients, this means blocking out tens of thousands of messages a month. I looked at our own domain yesterday, and in February, over 10,000 messages were blocked or quarantined, including 348 emails containing viruses.
One of the frustrating things is that with all the sophisticated algorithms involved with the spam security filters we put in place, some spam still gets through. Just yesterday we heard from two clients who reported receiving a spam message that to any human reviewing the email, the disposition should be obvious, but to a computer scanning thousands of messages with respect to certain algorithms, a few get through. In both cases, we saw "Breaking News" emails where for one user, the server logs showed that one email got through and seven were blocked in the past week, and for the other users, one got through, and 65 were blocked/quarantined. In this case, we can see that the filters ARE working, but they are not 100%. For a message with carefully crafted language, the initial emails typically get through, and it isn't until the volume of identical messages is detected that the rest get properly dispositioned as spam.
It's annoying for all of us that these spam messages just keep coming to us, but at least with good filtering, the vast majority are stopped.
Whenever there's a mystery regarding a "missing" email, the first thing we look at is if the email is sitting in a spam filter. We always recommend just using one spam filter, preferably "in the cloud" so mail is filtered BEFORE it gets to your mail server, and distributed to your laptop, smartphone, iPad, and wherever else you read your mail.
Recently, I installed a new solid state drive in my laptop, and when I had problems with moving over the disk image, I ended up re-installing Microsoft Office. I didn't realize it at the time, but when I completed the installation, the "Junk" filter was turned "on" by default, and I was breaking one of my major rules - I had TWO filters guarding my mail. A few weeks ago, I was looking for a mail message that I couldn't find, and thought perhaps I had deleted it by mistake, and didn't think much of it. Just this week, a client mentioned an mail message he had sent, and I couldn't find it. "Search" of my inbox didn't reveal the message, but when I looked at the mail history in the "People" pane, there it was. It was sitting in my "Junk" box, which I never check because I'm opposed to using it in the first place!
Changing your "Junk" settings is easy. On the "Home" tab in Microsoft Outlook 2010, click on "Junk" in the upper left hand corner. This will open up a window where you can change your settings.
In the main tab, "options", you can turn off the Junk filter, or select an appropriate setting if you want. You also have the option to select "Safe Senders", "Safe Recipients", "Blocked Senders" and "International" settings. The built in Junk filter does provide a lot of options, and will work well if the only place you read your mail is in Outlook on your main system.
But these days, with so many other devices, we highly recommend a cloud based spam filter so you mail gets filtered BEFORE it gets to your mail server, and you have only one place to check for the invariable "false positives" - those messages that you DO want to receive that get falsely dispositioned as spam.
Next time you find yourself searching for a missing email message, make sure you have only one spam filter running! Two spam filters are NOT better than one!
Here's a question we hear a lot: "Why doesn't my spam filter block ALL my spam?" We typically implement Postini spam filtering for our clients (sometimes Barracuda), and when we examine the monthly reports, overall, about 80% of incoming mail is either blocked or quarantined as spam. This is a HUGE amount of mail, and consistent with industry reports which typically track even higher in the 90% range. The filters, though not perfect, keep a LOT of clutter out of your inbox and off your smart phone.
Even with sharp attention to setting proper specs on the filters, though, some spam will still get through. A big portion of spam is blatant, and in Postini is put in a "black hole". The rest of the questionable mail is put in a "quarantine". The interesting thing to note is that what is obvious to any human (hey, this is spam!), may not be obvious to a computer, so a few will get through.
When we analyze a message, we look at the "Internet Header". This is the technical detail embedded in the email (not just the "to:", "from:", and "subject" line), that shows how the mail was processed and the path it took through the Internet. To see the header of an email in Outlook 2010, click on the message and hit the "File" tab and "Properties" button. At the bottom of the pop up, you'll see "Internet Header", filled with a bunch of technical information. Here you can see who the message is really from (is it spoofed?), and whether or not it went to the spam filtering servers (sometimes if there are cached or extra "mx" records, mail can bypass the filters). Using the Internet Header, we can also analyze the scoring for the filters. In some cases, we'll see something barely pass through the spam filters with carefully chosen words, but will later be blocked when the filters catch up to the volume of the same message. It's a bit of a cat and mouse game.
Many users are frustrated when the opposite happens, that is, a message is falsely flagged as spam. In some cases, legitimate bulk mail (such as sales promotions from a favorite store) are quarantined because they are in fact bulk commercial mail (safe-list the ones you want), but in other cases, an individual message can get blocked. Unfortunately, the "bad guys" who are producing huge volumes of junk create an inconvenience for the "good guys".
For a short tutorial (4.5 minutes) on how to use the Postini message center, please check out our YouTube Video at: http://www.youtube.com/watch?v=vxPu_BxAxMo&feature=plcp
This sounds like a funny question because who would ever send themself a spam email? What you really received is a "spoofed" message. It's actually easy to alter an email to change the "from" address to make it appear that it's coming from someone else. Basically a forgery. (This is one of the reasons that if you use a spam filter, you shouldn't necessarily safe list your own address.)
Typically, spoofed messages are an attempt to get ads and phishing exploits through spam filters. You may see that the message is from a familiar sounding name, and then open a message you wouldn't ordinarily open. In a phishing message, someone pretending to be someone you do business with is actually trying to steal your secure information (account number, password, etc).
We typically advise clients to set up an SPF (Sender Policy Framework) record which is an email verification system that checks the true source of an email. This is a code set up in your DNS records that tells the world what the legitimate sending server is for your domain, and mail servers will reject other mail. Keep in mind that if you use an email marketing tool like Constant Contact, you'll also need to add this information to your record (or your legitimate emails will appear to be spoofed.). This will help prevent your good name from being exploited in spoofed messages.
For any incoming mail, always use caution and know that the sender may not be who they say they are!
There's no such thing as 100% protection for any threats on line, but having an SPF record is another layer of defense thats worth a few moments to add to your aresenal.
A customer contacted us a few days ago with an email dilemma. They had been receiving a valued daily report through email, and all of a sudden they stopped receiving it and found that it was in their spam filter and wondered why.
After taking a look at it, it turns out that the sender had changed their "from" address for their bulk email. Just about all bulk mail (spam if you don't want it, bulk mail if you do), will get flagged by spam filters. The recipient had already "safe listed" the old address, but with the new address, it was getting stopped again. This was easily fixed by updating the safe sender list to include the new address.
In your own small business, if you send out a newsletter or other sort of daily, weekly, or monthly update, keep in mind that many of your recipients may find it valuable and want to receive it, but spam filters may stop it. Think carefully before changing your "from" address, because many of your recipients may stop receiving it if you do!
Have you ever had an important email go missing? An important customer order that just doesn't arrive in your inbox? Well, the the first place to look is your spam filter. There's a good chance that the email may have gotten flagged as a "false positive" for spam. If you check your spam filter, you'll find the message. As long as you only need to look in one place, it's a quick detour.
The exact numbers vary, but according to a 2010 report from the Messaging Anti-Abuse Working Group (MAAWG)in the first half of 2010 covering about half a billion mailboxes, spam accounts for 88-92% of all mail.
With such a high volume of junk, its tough for your one important message of the day to get through properly.
We typically recommend filtering mail BEFORE it gets to your mail server. We've been working with Postini for years and find it to be an effective solution, but there are many other options. Filtering spam on your desktop means that spam will still show up on your smart phone and if you filter in multiple locations, it becomes difficult to track the "false positives". Some people may assume that two filters will help, but it just means more places to look for the false positives. Problems really pickup when users unknowinglyrun two spam filters. Perhaps your junk filter is on in Outlook, or you change a setting directly on your mailserver (often controllable by the user in webmail).
Bottom line - select ONE spam filtering solution that's effective and get rid of the spam BEFORE it even gets to your mail server. Unfortunately, the spammers aren't going away, so its just one more thing to deal with on your computer. No filter will be perfect, but if you can efficiently check for false positives in only one place, you'll make things much easier for yourself.