Email Filters, Spam and Computer Viruses Explained!
has two levels of email filter...|
If you have a CyberXpress (or chch.planet.org.nz) mail account
you can ask to have a mail filter activated for your account for free
- all you have to do is ask
, and filter options can be changed (some
of the filter is free, some incurs a little cost).
- The first stage rejects ("bounces") some viruses and some
types of forged or mis-formed emails. If
you were referred to this web page by a mail rejection warning please
read the [Bounce Warnings]
- The second level of protection depends on the options the customer
has taken - with three settings for spam
and four for viruses
(there is no second-level filter until you ask for it). Mail that
gets stopped at the second filter is not lost/returned but held in a
special area at the mail server. After some time, usually a week,
a summary of the held messages are sent to the customer, who may choose
to have some sent on. Otherwise, after a while (more than another
week later) they are deleted (with no bounce message to the sender).
Be aware that the virus filter does not block every
virus, but it does spot a surprising number of new viruses that conventional
scanners might miss, because it works differently. We assume you
will also have a good, up to date commercial anti virus program on
your computer. And note that spam filters sometimes hold back genuine
mail (or let spam pass)... hence the need to study the automatic summary
for good messages.|
[Enabling a filter]
[What is SPAM?]
[What are computer viruses?]
[What is forged email?]
- Decide if you want us to filter just spam or just email
viruses or both (if you don't specify we will do both).
- Send an email to
- Set the subject to "Yes Please!"
- If you have problem mail from just one or two senders
let us know the details
- If you just want to filter viruses or just spam, or want
any of the other options below, let us know.
- By default you get a virus+spam filter, with the virus
filter "normal" and weekly summaries; this is probably the best to start
with unless you are accustomed to getting strange mail that needs very prompt
Check the first summary well...
Are there any messages being filtered
that shouldn't be? If so let us know (copy lines from the summary
report). We can send those held messages and adjust the filter to avoid the mistake in the future.
If there is an annoying number of spam messages getting through
contact us with the subject lines and dates of them, we may be able
to adapt the filter to these.
Mail Filter Options
- If you run a business where it is important not to have
good mail misinterpreted as spam or a virus, our system of holding
(rather than immediately destroying) suspect mail is good, but you
probably need a summary daily rather than weekly. You can ask for a summary
other than the default of weekly, but there is a slight cost depending
on your requirements (email email@example.com and explain what
- There are custom filters possible; blocking specific annoying senders is a common request (simply holding them like "spam",
but putting them in a separate "other" folder is the default, and free, but automatically sending specific "bounce" messages
back is an option that could be appropriate in some cases). If you have special requirements, such as restricting the types
of messages that you will allow into
your mailbox, or limiting the size, or automatically translating HTML to plain text, please ask us. Not all special mail filters
have a cost associated with them, but some do incur a small charge, and you will be advised if that is the case.
- You can have just spam rejection or just virus rejection (if you ask for a filter you normally get both).
- Spam rejection currently has four options: none, normal, paranoid (holds anything that smells a bit like spam) and lenient (only blocks messages very likely to be spam)
- Virus rejection has four levels of detection:
Specific addresses of friends, mailing lists, etc. can
be specified to pass without going through the filter (take care in
case they accidentally send viruses!).
Specific sources (or subjects) of annoying mail can be
specified to always block.
- 0: Off (no virus filter other than "level one",
as described in the introduction).
- 1: Normal (spot many PC viruses in attachments)
- 2: Paranoid (don't allow any executable through, don't allow
any HTML other than very simple, non-executable content that does not
refer to external websites)
- 3: Lenient (block only some of the more common viruses and
PC executables where the attachment "lies" about its type).
You can specify addresses (or subjects, or any header lines)
to always accept or always reject when you ask for the filter to be
enabled, or you can email
to request a change in the filter options.
|You can request, via email, several types of reports concerning your mail. Most of these reports only apply to customers that have requested a mail filter of some type. The summaries are always mailed back to the normal mailbox. Send mail to the firstname.lastname@example.org address with a suitable subject line chosen from the list below...
- SEND SUMMARY - send a summary of all mail (filtered or not) recently sent to your mailbox. You can then request any of these messages be re-sent by replying to email@example.com with the subject "RESEND".
- SEND FILTER SUMMARY - send a list of messages currently held back by the filter since the last weekly summary.
- SEND ANALYSIS - requests a short analysis of the email messages identified in the body (e.g. using From/Date/Subject lines from a previous summary); where they really came from, are they likely to contain viruses, why were they blocked, etc. This may take some time to process.
- SEND FULL SUMMARY - sends summary reports of copies of messages that can be re-sent (by category, and a combined list), going as far back as possible, plus the following two summaries, of the mail log and POP activity...
- SEND MAIL LOG SUMMARY - send a list of mail in and out relating to your mailbox.
- SEND POP SUMMARY - send a summary of what mail has been "popped" (downloaded to a computer from your mail box) recently.
Note: if you don't have a mail filter enabled only the last two reports are possible.
|Email is cheap and easy to use, and it is often
just as easy to email 2 million people as 2 people! Unfortunately
this makes it easy for people to send many annoying messages, with
the idea that even if only 0.1% result in business they will make a
fortune, even though millions of people may be upset.
Spam has become the popular name for unsolicited (usually
commercial) bulk email, a name that dates back to Bulletin Board Systems
and an episode of
Monty Python's Flying Circus
. You can find more information
|Given the pornographic and illegal content of a lot of the
there is good reason to try to get rid of it. Unfortunately
there is no 100% certain method of solving the problem. Another
risk from spam is the huge number of bogus deals - often Nigerian scams
about transferring money to help some widow of an African leader,
or plausible advertising that get you to fill in your credit card details...
never trust unsolicited emails from unknown sources. They are out
to get you! See: http://www.scamwatch.com/
Possible anti-spam strategies
- Keep your email address secret - may work for a while,
but eventually spammers will probably find it. And now spammers send to zillions
of random email addresses (usually from other people's computers that have
been hacked into!)
- Reply to the senders, asking to be taken off their
lists - works well if the sender is a well behaved mailing list operator,
otherwise does no good (they probably work from a huge CD-ROM of stolen
email addresses) or may simply confirm to them this is a valid email address,
so it will be targetedmore in the future!
- Legal action - some law in the USA places hopelessly
pathetic restrictions on spam. I wish a good law (backed up with action)
would fix the problem, but don't hold your breath. There are people
lobbying politicians to say it is their right to force email into
people's mailboxes, even if it is a cost to the recipient. Possibly
the best attack is to clamp down on email forgery
, since most serious spammers lie blatantly about who really is sending
- E-mail filters - either on your computer (looking
for subjects or senders known for spam) or on the ISP's mail server
(more efficient, and can be updated efficiently with new filter details).
CyberXpress offers a free spam and virus filter for its customers.
What are Computer Viruses??
|Computer viruses are pieces of program designed to sneak
into computer systems (now often quickly by email, but it used to be slowly,
on diskettes and from bulletin board downloads in the good old days).
They they try to copy themselves from there onto other systems. For
more information see:
Some do direct damage to files on your computer,
or even send some of
your private files off into the Internet! Even if all they do, like
the early "stoned" virus, is to display a message and stop your computer,
imagine the damage that could do in the context of a hospital computer
in some life-support application. The cost of cleaning
up the damage of computer viruses all over the world is
How are viruses transferred through email
There are three main ways a virus can arrive
in an email message:
- As an attachment - requiring you to decide to
open it (perhaps the text of the message says "here is that photo I promised
to send you"); when you open the attachment a program might run (this
tends to be specific to MS Windows systems, but in some cases Macintoshes,
Linux/Unix and OS/2 could be affected by the contents of the attachment).
Not that the attachment could even be a word document, with Visual
Basic virus scripts.
- As something (usually an "iframe") referred to in HTML
code as your mail reader is displaying the message - this
potentially causes the virus code to run even though you
haven't said you want to open any attachments! Not all
mail readers are susceptible to this trick - if you have
Miscroft's (Outlook or Outlook Express) please see their
technet website for an update to fix the problem.
- Active content (Active-X or Java) within
an email message (true "plain text" messages cannot have executable code,
that is why they are sometimes the only type of message accepted by some
people). Again, these don't need to get the sender to open an
attachment or do anything other than look at the message itself on
a system that can be infected!
What can you do to avoid computer viruses?
- Only accept "plain text" email messages (by choosing
a safe, simple mail reader instead of Microsoft Outlook for example), or
possibly specifying to your mail reader (if it has the option) that HTML,
etc. will not be accepted, or asking us to enable an email filter that
won't pass any HTML or MIME attachments (a moderately severe way to remove
risk, since many people expect people will receive forms of email that
are dangerous). Sticking to plain text (if you can enforce it) stops
the second two methods of infection, and means your computer can only
be infected from incoming email if you choose to do something with
- Use conventional commercial virus scanners - they
now often check mail as it comes in. By "conventional" I mean they probably
look to fragments of known viruses, which means new viruses will get through
virus scanners for a while. Everybody using a Microsoft Windows system
now really must have a virus scanner and that is is checking incoming email
automatically - and make sure it is kept up to date!
in messages (if your mail reader lets you do this).
- Don't open attachments from unknown senders (unfortunately
this doesn't help much now - viruses may come from your friends' computers
without their knowledge, and some viruses don't need you to decide to
open an attachment).
- Get a virus filter enabled
on your CyberXpress mailbox!
When you receive an email the sender you see listed is simply what the sending
program put into the "From:" header line - it need not be the real
sender. Some checks are made at some mail servers on
how truthful various parts of the mail header information is, but generally
the name of the sender is quite easy to
. If you care a lot about proving the mail is from yourself and
nobody else, there are ways of adding
that are hard to forge. But most of the trouble with forged mail
comes from the fact that computer virus writers, and spammers, love to
Getting a message from firstname.lastname@example.org saying you can save heaps
on insurance does not mean fred really sent the mail. Spammers falsify
their true identity so they can keep spamming a little longer, but eventually
they will be tracked down and loose their Internet account.
Virus writers now often pick up lists of email addresses from each
infected computer and send out new infected messages to all these people
but with a sender address of not the infected machine (since the complaints
might lead to the virus being found earlier).
These two factors combine to make a nuisance for system administrators.
People complain about spam or viruses coming from one person, when
it didn't, yet we tend to have to go through the logs and prove that
the ISP and its customer aren't to blame.
But the fact that spammers forge the sender's email address and
often the hostname of the sending computer, can actually help spot spam.
Exactly how we do this will have to remain a secret (in case any
spammers are watching!). But you can learn a lot about where mail really
came from by looking at the "Received: from...by..." lines if you know
how to view the full
for a received message.
- In Netscape choose "View Source" from the View
- in MS Outlook (or Outlook Express) choose "Properties"
from the File menu then click on the Details tab.
- For other programs see
Sample headers from a real spam message:
In the following example the message claimed to come from a
hotmail.com address but really came from an unnamed computer ("
unknown" here means there was no official "reverse lookup" for the
computer) with the IP address 22.214.171.124
which pretended to be called john000 (not a
valid hostname) and might have come from Taiwan (the Return-Path and
Message-ID lines mention "pavo.seed.net.tw",
but that could also be faked, as could the "Received: from gcn
" section that claims the computer before 126.96.36.199
in the path was tpts6.seed.net.tw). We
can look up that IP address to see where it was, but that is beyond the scope
of this discussion (and usually there is no point trying to complain to whoever
looks after that part of the Internet.. they have probably gone by the time
Another characteristic of spam (although also of good mailing lists and "Blind
Carbon Copies"): even though it was really sent to
Mark.Aitchison@cyberXpress.co.nz, it claimed to be addressed to (non-existent)
accounts like "MAIL2001-1.TXT" (the @protov.plain.co.nz
was inserted because no email domain was given in the original headers);
the real destination never occurs in the To: line or any
Received: from john000
by protov.plain.co.nz (Postfix)
with SMTP id 3285E3C2AC
Mark.Aitchison@cyberXpress.co.nz>; Wed, 11 Sep 2002 08:37:24 +1200
Received: from gcn
with SMTP id cbrEnNCtsNals2I6WIbAOIv;
Wed, 11 Sep 2002 04:27:05 +0800
Subject:NEW TECHNOLOGY - Smart IP Technology (DVR)
Date: Wed, 11 Sep 2002 08:37:24 +1200 (NZST)
|If you get a "bounce" message warning
that some message cannot be delivered, yet you don't recall sending such a
message it could be because:|
- Your computer is infected with a
, and tried sending out a message without your knowledge, but was caught
by our mail server (or some other server), or
- Somebody else's computer is infected and has sent
out an infected message claiming to be from you (viruses tend to
the sender), so the warning message is incorrectly being sent to
If you have tried to send an email that looks a lot like a virus
(or have tried to send from a location that is known for
or is not a valid location for sending mail with the domain name
given), yet cannot see what the problem is you may need to email the filter
, or phone us at (064) 3 364-5888.
| If you have any further