Minimising Junk/UBE mail

FTGate has a powerful set of features that can be used to eliminate most of the UBE mail before it reaches the users mailbox. The most effective way to eliminate UBE is to not let it onto your system. If it does reach your system then you need to use the Filtering facilities to filter out the UBE.

Stopping the UBE before it gets into the system

The best solution to filtering UBE is to reject it before it is received by your server. This is best achieved by filtering the messages as they are sent to FTGate.

Recommendations:

  1. Have your ISP send your mail to you using an SMTP feed. It is much harder to filter spam once your ISP has accepted it for you. If possible bypass your ISP and have your mail delivered directly to your PC.
     

  2. Turn on PTR record checking
    This will verify that the PC sending you mail has published its details on the Internet. Most legitimate machines do this, most UBE sources do not.
     

  3. Turn on HELO checking
    Only mail clients should use a dotted IP address as their HELO, mail server should use their domain name.
     

  4. Turn on SPF
    This will require that the server sending you mail is authorised to handle mail for the specified domain. UBE rarely comes from the domain it pretends to use, and thus it will usually fail an SPF check. (See SPF)
     

  5. Turn on RBL
    This will stop all servers that are known to be sources of UBE (See RBL)
     

  6. Turn on GL
    This will prevent practically all Spam and Virus messages from being accepted and the cost of a small delay in mail delivery to your system for unknown senders. See Greylisting

Using Filtering

Once the mail reaches your system, the only way to block UBE is to filter it. FTGate includes a powerful set of filters that can eliminate practically all of the UBE received. To obtain the best filtering the following should be considered:

Filter Policy/UbeBlock

  • Adjustment if recipient’s mailbox is in the Subject
    Many UBE sources place the mailbox name in the subject line.
    For example if  ”Great news fred@somedomain” is received the rating could be increased by 25
     

  • Adjustment if there are three or more consecutive spaces in the Subject
    Adjust the rating for messages that have a sequence of spaces in the subject.
    For example if “New offer           HKQOF” is received the rating could be increased by 25
     

  • Acceptable proportion of unknown words against known words (Unknown ratio).
    This detects how many garbage words there are. Often SPAM is padded with garbage to try to confuse bayesian filtering and hit any safe word detectors. Detecting that a message is padded in this way can simplify filtering.
    The ratio is calculated as the number of unknown words/known words. Thus if there are 25 unknown words and 5 known words the ratio is 25/5 = 5
     

  • Adjustment when message exceeds Unknown ratio threshold
    This adjustment is applied when the above ratio is exceeded. Thus if the ratio were 5 and there were 25 junk words and 5 known words the specified adjustment would be made.
     

  • Weighting for images
    This weighting is applied for each image in a message.
    e.g. if the weighting were 5 and 5 images were in the message, the rating would be increased by 25
     

  • Weighting for external images
    This weighting is applied for each image in a message that is a link to an external image on the Web. This is often used by Spammers to track emails. Your address is verified by them when you view the message and the image is downloaded from their server.
    e.g. if the weighting were 5 and 5 images were in the message, the rating would be increased by 25
     

  • Weighting for web links
    This weighting is applied for links to the internet. UBE often has links, while normal mail usually does not.
    e.g. if the weighting were 5 and 5 links were in the message, the rating would be increased by 25
     

  • Weighting for unknown words
    This is a simple weighting applied for the number of words in the message that are unrecognised
    e.g. if the weighting were 2 and 50 unrecognised were in the message, the rating would be increased by 100.
     

In addition the main UbeBlock filter will obtain a rating which will be modified by the above values. All of these settings result in an overall UBE rating which can then be used with the Filter rules to filter messages.

It is recommended that all filtered mail be directed to a mailbox which can be examined by an administrator, this will allow the administrator to verify that the filtering is operating as expected and that any false positive messages can be retrieved and delivered to the correct user.