Configure SPAM and Virus Filtering

Before you try to configure anything, you first need to learn a little bit about how the JTAN mail system works with respect to spam and viruses. Once you understand what we offer, you can decide if the default configuration is right for you, or if you need to make changes.

Lines of Defense

In general terms, these are our lines of defense against spam and viruses that we deploy for the protection of all our customers and the survival of our business.

All senders with unconfigured DNS or RFC issues are blocked. This first line of defense alone eliminate 99% of spam -- an average of 200 messages/min.
Received Mail is Optionally Scanned for Spam and Virus Characteristics
Viruses are Quarantined
Spam is Scored
Optional filtering and tagging is performed.

What To Do With Spam

JTAN inserts a special "Spamness" score into the headers of each message. Once the determination is made that mail is spam (based on the score as explained below), JTAN mailboxes have the option to tag, delete, or accept the mail as-is, or possibly perform some advanced tricks. This is configurable from the JTAN Mailbox Configuration page, or through the Members page.

Spam Tagging is the default. Tagging means to alter the subject line with a {SPAM?} tag at the beginning. This is convenient because you can easily configure many popular email programs to put messages with certain subjects into a special folder. Even if you don't, the tagging helps you see spam for what it is instantly -- those tricky subject lines spammers use may never fool you again.

Click here to learn how to configure Outlook to put your Spam in a special folder

But the subject tagging may bug you. If so, you can turn it off from the Mailbox Configuration page. The X-JTAN scoring headers will remain. of course. On the other hand, you might want all spam deleted outright. We don't recommend this option, but some people hate spam so much they are willing to risk the loss of legit mail. We've heard of people setting their children's mailboxes to delete spam, with a score threshold set to "2" or even lower. This makes it very unlikely that your kids will see a penis elargement advertisement.

Private Blacklists and Whitelists

Our spam scoring system isn't perfect. To help it, you can define a private "blacklist" and "whitelist" on the JTAN Mailbox config page described above. All mail coming from an address in your blacklist will be treated as spam. Mail coming from an address in your whitelist will never be treated as spam. (Blocking for DNS or RFC issues supersceeds the whitelist, however.)

There are many interesting ways you can combine white and blacklists with score based decisions. The defaults are good for most people. However, other possibilities abound. For example, you could set your spam threshold really low (categorizing most mail as spam) and enter everyone you correspond with into your whitelist. Conversely, you can set your threshold high -- admitting most all mail -- and use specific blacklist entries to ban senders you don't like.

Advanced Mail Rules

We offer an advanced rule-based filtering system that you can use for anti-spam purposes. The system is described in our Mail Rule FAQ. Besides being useful for spam defense, our advanced rules are useful for other purposes as well. Perhaps you might like to put a special flag on certain messages from loved ones, or to prevent mail with large attachments from going to your handheld. Our advanced rule system can do all these things, and more.

Forwarding Bypasses Spam Filters

It's important to note that if you don't use a JTAN mailbox -- if you have your mail forwarded elsewhere or sent to a JTAN shell machine -- then we will not be able to do any subject tagging or spam deletion or support blacklists and whitelists. Forwarding occurs before we do any filtering. Therefore, the mail will be delivered as-is, spam or not, if you have selected any form of forwarding. Only the X-JTAN-AntiSPAM headers will remain. Of course, you can use those to make your own spam disposition decisions later on.

Spamness Score

Mail without a virus is scanned for spam and scored. We will add an headers that look something like this

X-JTAN-AntiVirus: Found to be clean
X-JTAN-AntiSPAM: SpamAssassin (score=11.3 required 5,
        NO_REAL_NAME, PLING, PLING_PLING, FRONTPAGE, SUBJ_ALL_CAPS,
        SUBJ_FULL_OF_8BITS)
X-JTAN-SpamScore: sssssssssss

The important part of that header is the "spamness score". We give the score numerically in the X-JTAN-AntiSPAM header, and also give it as a string of "s" characters in the X-JTAN-SpamScore header (count them above and you will find 11 in total, matching the 11.3 score). The score is used to decide what is, and is not spam. If you use a JTAN mailbox on pop.jtan.com, then you can configure your mailbox to treat mail with a certain spamness score as spam. You can set the minimum threshold from the Mailbox Config page. The default is 5; mail with a score of 5 or greater will be considered spam.

The phrases like NO_REAL_NAME, PLING... are the reasons why the mail got the score it got. For explanations of some of these, see the Spam Assassin ruleset page.

Sometimes you might see a scoring like this:

X-JTAN-AntiVirus: Found to be clean
X-JTAN-AntiSPAM: not spam,
        SpamAssassin (score=19.2 required 5,
        MSG_ID_ADDED_BY_MTA_2, FROM_ENDS_IN_NUMS, PLING, CLICK_BELOW,   
        EXCUSE_6, OPT_IN, NUMERIC_HTTP_ADDR, WEIRD_PORT, REMOVE_PAGE,
        SLIGHTLY_UNSAFE_JAVASCRIPT, HTML_WITH_BGCOLOR, BIG_FONT,
        CLICK_HERE_LINK, CTYPE_JUST_HTML)
X-JTAN-SpamScore: sssssssssssssssssss

With a score over 19, this is quite obviously spam. However, take notice of the "not spam" phrase that is added at the beginning of the X-JTAN-AntiSPAM header. That phrase "not spam" indicates that this mail is considered not to be spam because it originated at JTAN or was otherwise whitelisted by JTAN. JTAN Mailboxes will not tag this message as spam because of that "not spam" indicator. However, if you do spam disposition yourself with procmail, you can ignore this "self-whitelist" indicator if you think some JTAN senders might be spammers. (If you find any that actually are, please let us know so that we can terminate their accounts!)

Disposing of SPAM with Procmail

If you have your mail forwarded to a shell account, you can use procmail to perform your own spam disposal. For example, you could use the following Procmail recipe in your .procmailrc file to put all mail with a spamness of 6 or more in a separate "spam" folder

:0:
* ! ^X-JTAN-AntiSPAM: .*not spam
* ^X-JTAN-SpamScore: ssssss
spam

The first rule is interesting to explain. We add the phrase "not spam" to any mail originating from JTAN as explained above. Since we have strict anti-spam policies, we assume that anything coming from JTAN is not really spam. Regardless of origin, we still attach a spamness score so it's possible for JTAN originating mail to be accidentally classified as SPAM. Therefore the first rule is needed to prevent these false alarms. Of course, some people might not feel so confident about our policies and will drop the first rule.

Policy Blocking

We do not use blocklists or RBLs as we believe they hurt legitimate senders more than they hurt the spammers.

We do policy blocking based on technical correctness in the mail headers and due dillegence with respect to DNS configuration. We try to keep these in accordance with the Best Practices for ISPs and Anti-Spam Services proposed by the EFF. We do not block on the content of the messages, or lack of pre-approval, or third party static block lists.

On extremely rare occasions a legitimate sender will be blocked by our policy blocks. We do everything we can to prevent this, but it can somethimes happen. If you think this has happened to you, or one of your correspondents, check here for detailed information about our blocking system and what to do about it. We emphasize that the need for exceptions are very, very rare.

Policy blocking is not optional. Yet we do recognize that some special customers prefer to receive 100% of the mail from all spammers. (Maybe they are developing anti-spam software of their own!) If this is the case, if you want to be able to receive mail from all servers, regardless of the blocklists, please contact us and we will make special arrangements for you to have a dedicated server mail account that is wide open to everyone.

To Scan or Not To Scan

All mail that is accepted may be optionally scanned for viruses, spam, and dangerous content. This is optional if you have your own domain. If you use the jtan.com domain for you email, you must have your mail scanned. The default for everyone is to opt-in and have all the email to your domain scanned. So, if you do nothing, we will scan.

If you have a domain, You can opt in or out of the various scanning possibilities through the domain configuration page on the JTAN Members Only area. Click on the little config "wrench" icon next to your "DNS and Mail Service" feature. Then click the Mail Scanning link for your domain. The scanning option selections look like this:

The first three of these, when turned on, are good for most people. These are on by default. Some people may be bothered by the fact that Virus and Content checks might alter your mail. If this bothers you, turn them off. You can disable just the content and virus checks (eliminating the chance of mail being altered or quarantined) while still keeping spam scanning headers.

The fourth option, Block HTML, will strip all HTML tags from your mail and just display the plain text. With this turned on, you will still be able to read the text of mail, but it will be extremely unlikely that anything reaining in the message is still dangerous (other than any dangerous ideas, of course!). If you don't like seeing porn in spam, turn this on and inline images will not be seen. Of course, HTML blocking has the potential to interfere with innocent HTML content. Yet, if you think HTML has no place in email and want all correspondence as text. This option is for you.

There really is little disadvantage to spam scanning as it does not alter messages (other than adding headers). We highly recommend you leave spam scanning enabled. When virus scanning is enabled, viruses found in email will be removed from the email and quarantined. In place of the virus, a note will be added explaining how to retrieve the virus should you really want it. I know, you're thinking: "Eeewww!" But some misguided people do email legit EXE files occasionally. If you receive one, you can always retrieve it, unhurt, from our quarantine.

Conclusion

It's important to emphasize that if you do nothing, leaving all your recommended defaults as we set them, all your email will be scanned automatically and still delivered, spam or not. Other than our blocks against known and well demonstrated spammers, no email will be dropped just because it seems to be spam, unless you explicitly select that option. Viruses will be quarantined, but they still will be available in the rare occasion that we mistake a legit attachment for a virus.