FTGate has a powerful set of features that can be used to eliminate most of the UBE Unsoliceted Bulk Email - commonly known as SPAM mail before it reaches the users mailbox. The most effective way to eliminate UBE is to not let it onto your system. If it does reach your system then you need to use the Filtering facilities to filter out the UBE.
The best solution to filtering UBE is to reject it before it is received by your server. This is best achieved by filtering the messages as they are sent to FTGate.
Recommendations:
Have your ISP send your mail to you using an SMTP Simple Mail Transfer Protocol (A message send protocol)
feed. It is much harder to filter spam once your ISP has accepted it for
you. If possible bypass your ISP and have your mail delivered directly
to your PC.
Turn on PTR A term used for the reverse pointer record in a DNS system. This allows
a server to determine the name of a computer from its IP address.
record checking
This will verify that the PC sending you mail has published its details
on the Internet. Most legitimate machines do this, most UBE sources do
not.
Turn on HELO checking
Only mail clients should use a dotted IP address as their HELO, mail
server should use their domain name.
Turn on SPF Sender Policy Framework: A system utilising DNS servers to validate
that a given IP address is authorised to send mail for a specific domain
This will require that the server sending you mail is authorised to
handle mail for the specified domain. UBE rarely comes from the domain
it pretends to use, and thus it will usually fail an SPF check. (See SPF)
Turn on RBL Real time Blackhole Lists: a list of mail server that are considered
sources of SPAM by the list owner
This will stop all servers that are known to be sources of UBE (See
RBL)
Turn on GL
This will prevent practically all Spam and Virus messages from being
accepted and the cost of a small delay in mail delivery to your system
for unknown senders. See Greylisting
Once the mail reaches your system, the only way to block UBE is to filter it. FTGate includes a powerful set of filters that can eliminate practically all of the UBE received. To obtain the best filtering the following should be considered:
Filter Policy/UbeBlock
Adjustment if recipient's mailbox is in the Subject
Many UBE sources place the mailbox name in the subject line.
For example if "Great
news fred@somedomain" is received the rating could be increased by
25
Adjustment if there are three or more consecutive
spaces in the Subject
Adjust the rating for messages that have a sequence of spaces in the
subject.
For example if "New offer HKQOF"
is received the rating could be increased by 25
Acceptable proportion of unknown words against
known words (Unknown ratio).
This detects how many garbage words there are. Often SPAM is padded
with garbage to try to confuse bayesian filtering and hit any safe word
detectors. Detecting that a message is padded in this way can simplify
filtering.
The ratio is calculated as the number of unknown words/known words.
Thus if there are 25 unknown words and 5 known words the ratio is 25/5
= 5
Adjustment when message exceeds Unknown ratio
threshold
This adjustment is applied when the above ratio is exceeded. Thus if
the ratio were 5 and there were 25 junk words and 5 known words the specified
adjustment would be made.
Weighting for images
This weighting is applied for each image in a message.
e.g. if the weighting were 5 and 5 images were in the message, the
rating would be increased by 25
Weighting for external images
This weighting is applied for each image in a message that is a link
to an external image on the Web. This is often used by Spammers to track
emails. Your address is verified by them when you view the message and
the image is downloaded from their server.
e.g. if the weighting were 5 and 5 images were in the message, the
rating would be increased by 25
Weighting for web links
This weighting is applied for links to the internet. UBE often has
links, while normal mail usually does not.
e.g. if the weighting were 5 and 5 links were in the message, the rating
would be increased by 25
Weighting for unknown words
This is a simple weighting applied for the number of words in the message
that are unrecognised
e.g. if the weighting were 2 and 50 unrecognised were in the message,
the rating would be increased by 100.
In addition the main UbeBlock filter will obtain a rating which will be modified by the above values. All of these settings result in an overall UBE rating which can then be used with the Filter rules to filter messages.
It is recommended that all filtered mail be directed to a mailbox which can be examined by an administrator, this will allow the administrator to verify that the filtering is operating as expected and that any false positive messages can be retrieved and delivered to the correct user.