|
|
Joe St Sauver, Ph.D.
Director, User Services and Network Applications
joe@uoregon.edu
One easy way to add additional spam protection for your email is through use of a so-called "client-side" spam filter. Unlike the server-side spam filters we run for you on the uoregon.edu mail servers, client-side spam filters run on your PC or Mac and are installed, configured, and administered by you. One example of a client-side spam filter is the filter that's integrated with Thunderbird, our recommended PC and Mac IMAP email client.[3] Thunderbird offers two types of filtering: simple manually configured filters, and Bayesian junk email filters.
Simple manually configured filters are great if you have unwanted messages that have a consistent, easily identified characteristic (such as an unchanging sender address, or a Subject: line that consistently contains the same word or words). To create a manually configured filter, start Thunderbird and go to Tools->Message Filters. A Filter Rules window will appear. Define a rule in the top of this window, then choose what you'd like to have happen to messages that match that rule in the bottom of the Filter Rules window. For example, assume you're getting unwanted mail from jersmith@uoregon.edu and you want to automatically delete all messages coming from that sender. You could set up a filter rule that looks like this:
 |
Junk mail filter rule manually configured to screen out messages from a specific sender.
While you can create as many rules as you want, most spammers don't use an easily filtered, unvarying From: address or consistent Subject: header. You need more potent medicine to deal with typical spam today.
When you go beyond simple manually configured filters, Thunderbird relies on a content-oriented Bayesian approach[4] to spam filtering. This provides a nice complement to the UO's server-side spam filtering, which focuses on blocking known spam sources and spam from compromised end-user systems ("spam zombies.").
Bayesian spam filtering sorts messages into two categories: "spam" (unwanted junk mail) and "ham" (legitimate mail). Assigning messages to one group or the other is initially done manually by you, as part of the process of training the Bayesian filter. Once you've manually shown the filter what's ham and what's spam for awhile, you can then turn on automatic filtering and the spam filter will begin to categorize new messages based on the words that the filter has "seen" in your historical spam and legitimate mail messages.[5]
After a couple of weeks of initial training, the Bayesian filter will usually categorize correctly, but sometimes it may tag a real message as spam (a "false positive"), or it may still sometimes mistakenly allow unwanted messages (a so-called "false negative"). No filter is ever 100% free of false positives or false negatives, but I think you'll find that the Bayesian filter in Thunderbird does an excellent job of minimizing those errors.
To access Thunderbird's built-in client-side spam filter, launch Thunderbird as you normally would. Then go to Tools->Junk Mail Controls. You'll see a panel that looks like this:
 |
Begin by checking "Do not mark messages as junk mail if the sender is in my address book." By doing so, any messages that appear to come from a known correspondent (e.g., someone who's listed in your address book) will automatically be exempted from consideration as spam. This is a process usually known as "whitelisting."[6] If you plan to use Thunderbird's integrated junk mail filtering, you should be absolutely religious about whitelisting regular correspondents via your Thunderbird address book.
The next step is also key. Do not (yet) check "Move incoming messages determined to be junk mail." You'll want to first train your filter for a while by manually tagging stuff as junk, and reviewing what it tags as junk, before you trust the filter. To repeat: do not (yet) check the "Move incoming messages determined to be junk mail" box! Wait a few weeks while you train your filter, then come back and check that box if you want to.
Heads up about one other key setting on this panel: If you check the line beginning "Automatically delete junk messages older than 14 days from this folder," Thunderbird will also automatically delete messages that are at least two weeks old. If those messages are truly all junk, this is very convenient--and a good idea. Of course, if a real message accidentally gets mismarked, automatically deleting messages marked as junk means that you may unknowingly delete real mail messages unless you notice and "rescue" (unjunk) them in time.
Your next option concerns what happens to manually flagged junk mail. For now, set Thunderbird to move messages that have been manually flagged as junk to your Junk folder.
Another setting on that same panel is the "When displaying HTML messages marked as junk, sanitize the HTML." That box should also be selected for your protection. You're now ready to go to the other tab of the Junk Mail Controls panel, the "Adaptive Filter" tab:
 |
Check the "Enable adaptive junk mail detection" box on that tab, and then click OK.
The preliminaries out of the way, you're now ready to review your Inbox and manually flag any spam you find. By doing so, you'll be training your spam filter, essentially showing it examples of the sort of thing you don't want to receive in the future.
To flag messages as Junk, highlight one (or more) junk messages then click the Junk icon in the Thunderbird tool bar. If any good messages are erroneously marked as Junk, select them, then mark them as Not Junk by clicking on the Not Junk icon in the Thunderbird tool bar.
After you've trained the Bayesian filter for a few weeks, you can return to Tools->Junk Mail Controls... and tell Thunderbird to begin automatically filing junk mail in the Junk folder.
Outlook and Outlook Express email clients also offer integrated spam filters similar to Thunderbird's. However, due to historical security issues with Outlook and Outlook Express,[7] we recommend that you consider migrating to our supported IMAP mail client, Thunderbird, instead.
POP (at least when used with large mailboxes) tends to be hard on the mail server, and POP doesn't work particularly well when you're filtering spam to a separate Junk folder (remember that as far as POP's concerned, it basically wants to deal with your default Inbox, and only your default Inbox). We urge you to use Thunderbird with IMAP rather than POP if you're planning to use Thunderbird's spam filtering features.
Because you're not running Thunderbird on a PC or Mac when you're using the UO's green or blue Webmail, the Thunderbird-specific filtering options described in this article do not apply.
If you like the idea of a client-side spam filter but you'd prefer a commercial client-side antispam filter, you may want to check out PC Magazine's review of PC antispam products. See http://www.pcmag.com/category2/0,1874,4795,00.asp (you'll probably want to sort by editor rating by clicking on the up- and down-arrow in the editor rating column).
If you're a UO faculty member, a UO student, or a UO staff person and have questions about client-side spam filtering, feel free to email Joe St Sauver at joe@uoregon.edu
[1] Your uoregon.edu account is spam filtered unless you opt from the default spam filter by visiting https://password.uoregon.edu/allowspam/
[2] Another alternative to our default spam filtering is described in "Taking Control of Your Email…," http://twin.uoregon.edu/~joelja/taking-email-control.html
[3] If you don't have Thunderbird installed, you can download it from http://www.mozilla.com/thunderbird/
For information about how to configure Thunderbird for use with your uoregon.edu account, see http://micro.uoregon.edu/email/
[4] Paul Graham's article, "A Plan for Spam," is a nice semi-technical introduction to Bayesian filtering ( http://www.paulgraham.com/spam.html ).
[5] Now you know why so many spam messages include text from online books or other seemingly random gibberish; the spammer's trying hard to avoid being blocked by Bayesian spam filters.
[6] Even if you whitelist particular correspondents by adding them to your Thunderbird address book, they may still be blocked by uoregon.edu's server-side spam filtering unless you opt out of the default server-side spam filtering as mentioned in note [1] above.
[7] See http://www.sans.org/top20/#w4 or check http://secunia.com/ for a list of vulnerabilities specific to the version of Outlook or Outlook Express that you're using.