SpamVault allows you to
block e-mail from spammers. Although SpamVault is very easy to
use, it's also very powerful and if not used properly can delete
e-mail you may have wanted to receive. Please read these instructions
before using SpamVault as we cannot retrieve lost e-mail.
To begin using SpamVault,
you need to add an entry in the text box appropriately names,
"Add an entry:". An example of an entry would be a spammers e-mail
address. There are 4 radio buttons called Block-triggers that
follow this box with the letters F,T,R,S next to them. These represent
the area of the e-mail header that is used to trigger the blocking
of the e-mail For instance, the "F" stands for e-mail"From" someone.
In the example here, we want to block any e-mail coming "From"
the e-mail address spammer@spamnetwork.com so we would make sure
the radio button next to the "F" is checked.
The following are the areas
of the e-mail header that can be blocked:
F = From (block
e-mail 'From' someone or some network)
T = To (block e-mail sent 'To' someone at my domain)
R = Received (block e-mail with special text in the 'Received'
section of an e-mail header)
S = Subject (block e-mail with this word or phrase in the
'Subject of the e-mail)
Adding an Entry:
Here is what your entry
should look like
Add an
entry.
Block-trigger:
F
T
R
S
After entering this information
press the "Update these entries" button at the bottom:
Once entered, your entry
will show up on the list and looks as follows:
1)
Block-trigger:
F
T
R
S || Status:
BLOCK
ALLOW ||
DELETE
Editing an Existing
Entry:
Once an entry is entered,
you can change it in real time just by editing the existing entry.
For instance, if you wanted to test this entry to see if you were
still getting e-mail from this particular address, you might change
the status from 'Block' to 'Allow'. You can edit as many entries
as you wish but be sure to press the 'Update these entries' button
after you're finished editing.
1)
Block-trigger:
F
T
R
S || Status:
BLOCK
ALLOW ||
DELETE
Understanding e-mail Header Information:
Every e-mail sent has a
section called the 'header'. This section includes commonly known
data such as who the e-mail is being sent from and who it is being
sent to along with some other information that will help you manage
your spam. The header is not usually viewable in the default settings
of your e-mail program. You may need to read the documentation
on your e-mail program to find out how to view the header.
An e-mail header can be
broken down into some basic parts. Each part it identified by
a title such as "From:".
Rather than getting into too much detail about all the sections,
we'll just focus on the ones SpamVault looks at to
filter out spam. We've highlighted the data that we'll be focussing
on in red.
SAMPLE e-mail HEADER:
---------------------
X-POP3-Rcpt: you@youre-mailaddress.com
Received: from welove.spamnetwork.com (spammers_isp.com
[209.90.160.156])
by youre-mailserver.com (8.10.2/8.10.2) with SMTP id g05HX0N10982
for <me@youre-mailaddress.com>; Sat, 5 Jan 2002 12:33:04
-0500
Message-Id: <200201051733.g05HX0N10982@spmmers_isp.com>
Content-Type: text/html; charset=US-ASCII
Date: Sat, 5 Jan 2002 09:33:13 -0800
To: you@youre-mailaddress.com
From: Bob Spammer <bob@phonyaddress.com>
X-Mailer: Version 5.0
Subject: You may have already won $10,000!!!
Organization:
The "To:" Section
Info in this section can be shows where the e-mail was delivered
to. Often, this is a weak place to put a block because spammers
take advantage of catch-all e-mail boxes. The send it to Anybody@yourdomain.com
and whoever has the catch-all e-mail box will get it. So you might
set up a block on anything sent to Anybody@yourdomain.com. Tomorrow
they'll use NoBody@yourdomain.com and get by the block of "Anybody@yourdomain.com"
that you'd set up. One thing this section is good for is to stop
mail from going to someone who's left the company.
The "From" Section
In short, this is easily forged and can be changed as easily as
the "To:" address. This is good to block out those annoying friends
who keep sending you chain letters. Blip, you'll never have to
look at those again.
The "Subject:" Section
Now we're getting some power. Want to stop the e-mails with XXX
or SEX or Work At Home in the subject line. This is the place
to do that. Just use the snippet of the subject that you know
will be offensive. If the subject reads, "XXX Pictures of Warm
blooded carbon based life forms, " you may just want to block
"XXX" or you might block out your son's biology assignments.
The "Received:" Section
Info in this section is blocked using the R (Received) trigger
in SpamVault. This is one of the most powerful and most overlooked
areas for blocking because you can block and entire network in
one fell swoop. There are some services that are friendly to spammers,
they even encourage it. The permit or profit from spamming on
their server network. Often, you'll get many different looking
spams from once network and not realize it because the return
addresses are phony. Before we decide what to block, remember
to block as little as possible. Casting too wide a net or making
a lot of unnecessary entries just makes the server work harder
for no reason. So, looking at the Received: section here are the
things I would consider candidates for blocking in order of preference.
1) spamnetwork.com 2) spammers_isp.com but be careful, if the
guy's on America Online, you've just blocked everyone on AOL.
Spammers and Their Tricks:
We have to confess that
SpamVault is not the end of all spam but it will give you better
control over your circumstances. Spammers are always devising
tricks to work around SpamVault and we're constantly trying to
prevent them from doing so. One way they will get around SpamVault
is to trick you into blocking the wrong section of the e-mail
header. Technically speaking, it's easy to fake all but the "Received"
section of an e-mail. You might block everything coming from one
e-mail address and all they have to do is fake you out by using
another e-mail address. Using this trick it can look like they're
sending from a hotmail.com address today and tomorrow you'll get
the same spam from yet another address. Here is where the power
of the 'Received' section comes in and why it's important to review
the header of your e-mail rather than the default to and from
sections.
A spammer typically not
be able to change the information in the 'Received' section of
the header. So, using that as a filter can be the strongest method
of blocking e-mail. Please do not just paste the entire 'Received'
section into SpamVault. You need to review the header for a specific
server name and sometimes an IP number (but these change regularly
so it is not recommended). In the example above, the network that
the spam is coming from is welove.spamnetwork.com. We would
recommend that you only use the last and second from the last
section of the network name: spamnetwork.com.
Configuration Section:
You can show or hide the
configuration data of SpamVault by checking or clearing the box
appropriately called "Show Configuration Data" located below the
'Update These Entries' button.
Sample Configuration
Data Section
Show Configuration Data
==================== Configuration ====================
WHERE DO YOU WANT TO PUT YOUR SPAM?
Send My Spam Into Never Never Land! OR
Save my spam to a repository file
Current spam repository file size: 59074 Bytes
Clear this file?
LOG BLOCKED SPAM?
Keep a log of how many e-mails have been blocked
Current spam log file size: 5045 Bytes
Clear this file?
Blocked spams since the log was last cleared: 10
Total Spams Blocked: 1151
====================================================
Let's review the options
in the is section.
Where do you want your
spam to go. You can delete your spam (AKA Never Never Land) or
send it to a special file by placing a check in the box labeled,
"Save my spam to a repository file". This file is called "spamvault"
and is located in your /www/sv/ folder. As this file grows it
uses disk space, so it is always a good idea to 'Clear this file'
regularly. You must press the 'Update These Entries' button for
these changes to take place.
Log Blocked Spam. SpamVault
can keep a log of all the e-mails that it has filtered. This log
file is called 'spamvault.log' and is also located in your /www/sv/
folder. As this file grows, it also uses disk space, so it is
always a good idea to 'Clear this file' regularly. You must press
the 'Update These Entries' button for these changes to take place.
SpamVault keeps a tab on
how many spams it has blocked in the last line of the configuration
section and is guaranteed to provide a personal sense of satisfaction.
Hidden Benefit of SpamVault:
Your account uses bandwidth
twice when you receive an e-mail. When the e-mail arrives at the
server and when you retrieve it from the server. SpamVault completely
eliminates the spam at the server so you will avoid using the
extra bandwidth when you check your e-mail. The less e-mail traffic
there is, the faster your website is served up when people visit
it.
Warnings and Cautions:
When someone uses the term
'powerful program,' this is code for 'you can really mess things
up with this program if you're not careful.' SpamVault is a
powerful program and therefore you should be very selective
in the entries you make. Adding an entry that only contains the
letters '.com' in it will block all e-mail coming from any e-mail
address that has '.com' in it. If all of a sudden your e-mail
doesn't work, check your entries in SpamVault before you contact
support.
Illegal Characters.
Only use the following characters in your entries as other
characters such as a bracket "[" will cause very predictable results
(all bad). You can use the following characters: A - Z, a - z,
0 - 9, period (.), quotes (" or '), At symbol (@), dollar sign
($), exclamation point (!), and the question mark (?).
