• 
| •
|
|
Filtering
Mail sent through the ANU campus mail gateways is filtered by software called
PureMessage. This software scans messages for Viruses and Spam.
Virus Scanning
All messages are scanned using the Sophos virus scanning engine. Updates to
this service are automated, and new viruses are protected against as soon as
definitions for them are released.
If a virus is found the entire message is deleted. Nothing is delivered to the
intended recipients.
Spam filtering
Messages originating outside the university are checked for spam, or unsolicited
commercial email.
Spam filtering is a black art and there is unfortunately no easy way to detect
spam. In the past we have run an access control list which allowed us to block
known "bad" email addresses or domains from which the junk mail originated.
This method still works to a limited extent however spammers have become more
sophisticated over time and use a number of ways to overcome these simple blocks.
With the proliferation of ISPs and free email accounts many spammers simply
apply for one of these accounts and use it for as long as they can. Often within
hours of posting out their junk email the ISP will be alerted and will close
the account. Consequently by the time an offending email address is reported
to us to be blocked the damage has already been done and the email address is
no longer valid. Adding it to our access control list as a blocked site is then
a waste of time.
The more usual practice which is now occurring is that the spammer will forge
the email address and even the machine from which they are coming. This explains
why you can now receive junk mail from what appears to be legitimate sites or
even from yourself! If we added these addresses to our access control list we
would be blocking legitimate email.
So what can be done?
PureMessage software open each mail and performs a number of checks for viruses
and spam.
The spam filtering is done by looking at the content of the message and scoring
it against a set of rules. Each rule is worth a number of points and at the
end of scanning the message, the system simply adds up the number of points
which a particular message has scored. The more points that a message scores
the more likely it is going to be spam. Both the content of the message and
the formatting and other characteristics are used when classifying.
When is it spam?
Messages with more than a 50% likelihood of being spam are rejected.
Messages with between a 30% and 50% chance of being spam are delivered, marked
with an additional header to assist in client-side filtering.
Mail identified at this level will have the header X-Spam-Score: * (5)added.[might
be worth linking to the instructions for mail clients linked from http://its.anu.edu.au/email/spam.html,
although they may need updating.]
But it's not SPAM!
If you continue to receive mail from a particular address which is being marked
as SPAM we can "whitelist" this address. The whitelist is a list of
trusted email address which do not have their content scanned for spam. To have
an email address added to this list please email the address to doi.helpdesk@anu.edu.au
along with details of why it should be added to the whitelist. Email addresses
submitted will be reviewed before being accepted and added to the whitelist.