PureMessage @ NC State
What is PureMessage?
PureMessage is a mail filtering agent that attempts to identify spam and
viruses by using text analysis and predetermined definitions.
How
does it work?
When an email passes through NC State's mail relay system, it
is processed by the PureMessage daemon, which attempts to determine if it
is spam
or contains a virus. If an email message satisfies one or more of the definitions
used by PureMessage, it is assigned a hits percentage. The greater this percentage,
the more likely that the message is spam. When a message is processed, up
to three additional headers may
be added to it -- two for spam and one for virus detection.
What
headers does PureMessage add?
Depending on your email client, PureMessage
adds one or both of its spam headers to a message to reflect its hits percentage.
The third header is added when PureMessage detects a virus-infected attachment.
You can create filters for your email based on each
of these headers:
- X-Spam-Level header -
includes the hits percentage expressed in terms of only the two letters
X (= ten) and/or I (= one). NOTE: This resembles
a Roman numeral, but L and V are not used.
Examples:
X-Spam-Level: XXX (hits of 30%)
X-Spam-Level: XXXXXIIIIIIII (hits of 58%)
- X-Spam-Flag header -
includes the word "YES" if the hits percentage exceeds the threshhold
selected by OIT (currently 50%). This header will appear if your email
client can match only simple patterns.
Example:
X-Spam-Flag: YES
- X-Virus-Detected header - includes the word "YES" and
the name of the virus. PureMessage adds this header
when it removes a virus-infected
attachment (see below). This header will appear if your email client can
match more complex patterns.
Example:
X-Virus-Detected: YES, W32/Netsky-P
What does PureMessage do with a virus-infected
email?
There are two possibilities:
- If the message is legitimate but contains a virus, PureMessage will strip out the virus and deliver the cleaned message to the user.
- If the message itself was generated by a virus, PureMessage will discard the entire message. This is the only situation in which PureMessage will delete email.
What does PureMessage do with spam?
If your email account was created on or after May 2, 2006, OIT inserted a folder named "Spam" into it and automatically puts spam-flagged messages there so that you can review them. If you have an older account, PureMessage sends spam to your Inbox unless you have created a special folder for spam and set up a filter to send spam there, as outlined below.
Does PureMessage ever
delete spam?
No. Spammers
are constantly finding clever, new ways to trick users
and filters into thinking that spam messages are valid. Even though PureMessage
is highly successful at differentiating spam, it will sometimes mistakenly
mark a
valid message as spam or vice versa. Consequently, OIT does not configure
PureMessage to delete
any messages, and we are constantly fine-tuning
its sensitivity. Depending on the email program you use, it may be possible for you to automatically delete the messages that PureMessage flags as spam before you look at them, but OIT cautions against doing this. For more information, see the page on Deleting Spam-flagged Messages Automatically (not recommended).
Since PureMessage does not delete spam,
how do I filter it out of my email?
The best way is to set up a server-side filter on the NC State WebMail server. OIT strongly recommends that
you store all messages
flagged
as spam in a designated folder so that
you can retrieve any legitimate ones that were put there by mistake. You could also set up filters in various email programs such as Outlook, Outlook Express, Mozilla E-Mail and
Thunderbird, but a server-side filter would be easier and more useful, as noted below.
How do I set up PureMessage email filters?
If your email account was created on or after May 2, 2006, it already contains a folder named "Spam" where spam-flagged messages are stored automatically by means of a server-side filter so that you can review them. If you have an older account, we recommend that you set up a server-side filter if you have not already done so.
- On the NC State mail server
Server-side filtering has some significant advantages over client-side filtering:
- Works continually
A filter that you set up on a mail server will filter your mail all the time, even when you aren't checking it.
- Works anywhere
No matter where you are or what email program you are using when you check your NC State email, the filter you've set up on the NC State mail server beforehand will work. For example, if you use WebMail or an email program at an Internet cafe, your filter will screen your mail as you've specified.
- Simple setup
It's very easy to create a server-side filter at NC State. All you need is a Web browser, and you can do it over any Internet connection. A tool designed to do this for you automatically is available at https://sysnews.ncsu.edu/tools-php/spam-filter-setup.php. To set up a server side filter manually in Webmail, see http://help.ncsu.edu/services/get-soln.pl?id=3099.
- In an email program (client)
Alternatively, you could create a client-side filter in each email program that you would need to use. Before you do so, be sure to set up a folder (if you don't already have one) to receive the messages that will be filtered out. Below are links to step-by-step procedures for constructing spam filters for a number of email programs.
Where do I report spam?
The place to report spam will depend on its origin:
- If the spam was generated on-campus (as determined by its headers),
forward it to abuse@ncsu.edu.
NOTE: Off-campus
generated spam messages sent to this address will be ignored.
- If it was generated off-campus, forward it, with full headers, to spam@ncsu.edu.
NOTE: Sending many such messages to this address will be considered a denial of service attack and will be dealt with according to the NC State Computer Use Regulation, section V, subsection B.
Content last updated August 1, 2006 by nlil
Page last modified
April 1, 2008
by cawalker
|
Page Top | Site
Map | OIT
| Policy
Disclaimer | Site
Survey
