PureMessage - Anti-Spam Defences

Note!

To login to PureMessage to make changes to what the spam filter does for you, you must be either physically on campus or logged in through Citrix via the web (staff only), or be using a Virtual Private Network (VPN) client to connect to the Flinders network. You CANNOT login to Puremessage from off campus otherwise.

Spam is the unsolicited commercial email that you receive. Processing it is frustrating and time-wasting for most staff and students, and while we have had limited defences to this scourge in the past, we have now purchased a major anti-spam application called PureMessage from Sophos.

This application is integrated with the Sophos Anti-Virus software that we already run to protect the desktop computers on campus. There is more extensive information on spam and its impact on this page.

How does PureMessage affect me?

By default, incoming email for all staff and students is processed by PureMessage. Any email that satisfies the criteria to be considered as spam is quarantined on the email server rather than sent to your email inbox. PureMessage will send you a brief email with a list of messages that it is holding in quarantine on your behalf, as per the example below:

You now have a number of options. If you agree with the assessment, just delete the email and in 28 days time that set of quarantined email will be deleted from the server. On the other hand, if there are messages that you want to have delivered, simply click on the message ID in the column labelled ID. An email with just that ID in it will pop up and when you click send the email will be automatically released and sent to your email inbox for you to deal with. Alternatively, you can reply to the email from PureMessage and it will automatically release all of the quarantined emails into your inbox.

Can I opt out?

Yes, you can instruct PureMessage to deliver all email directly to your inbox without filtering. See "How can I change what PureMessage does for me" below.

How accurate is the spam filter?

Sophos claim 98% accuracy and our initial trials have shown that it is very effective. However, software cannot detect all forms of nuisance email.

Wiil spam still get through?

Yes a small amount will still get through, but our experience is that for people who were typically receiving 20 spam emails per day PureMessage has reduced it to perhaps one per day.

Can I block email from specific addresses?

Yes, you can keep a list in PureMessage of all those email addresses which you want automatically quarantined (called a blacklist). Also, if you find that PureMessage is consistently flagging email from one address as spam (when it isn't), you can maintain a whitelist in PureMessage containing those email addresses that should always get through.

There is a web page where you can login and change the way PureMessage deals with your email. The following sections provide more detail but most of the web pages are intuitive and there is on-line help available on the web page itself.

Do I have to do anything about PureMessage via the web?

No, most people will just read the new emails from PureMessage to see what's been quarantined and click on the email items they still want to receive.

What Is PureMessage?

PureMessage is a mail-filtering program that runs on the University's email server. All incoming email messages pass through PureMessage. The PureMessage filter looks for certain message characteristics and performs actions on the message when these characteristics are found.

The web interface to PureMessage allows you to view the spam messages which have been quarantined on your behalf. You can then choose to have any of them delivered to your email if you wish. If you agree with PureMessage's analysis and leave them in quarantine, then they will be automatically deleted after 28 days, or, if you are going to be away for a while, you can specify a date and PureMessage will hold all quarantined messages until that date plus 28 days.

You have the ability to specify addresses from which all email to you will be blocked (a black list), and you may also specify email addresses from which you wish to always receive email, regardless of its spam content (a white list).

This document describes PureMessage from the perspective of an end user whose email is filtered by PureMessage.

How Does PureMessage Identify Spam?

PureMessage contains several hundred spam tests that analyze individual characteristics of each message. Each of these tests has a numerical weight. When a message is analyzed by PureMessage, the weights from all the spam tests that matched the message are added up and converted to a spam score that expresses the message's "spam probability".

By default, PureMessage only checks for spam in messages that originate from outside the network, not in messages that originate within the local domain. If a message is found to have a spam probability of 50% or more, it is copied to the PureMessage Quarantine, unless you have chosen to have all your email delivered regardless of its spam content (see below)

PureMessage End User Web Interface

There is a web interface which gives PureMessage users access to control the email-filtering. This includes: viewing and managing messages that are quarantined (blocked) by PureMessage, managing user-specific sender lists, and the ability to configure various email-filtering options.

The web interface is comprised of the following components:

• Navigation Menu:
  The menu located on the left side of the page.
• Main Page:
  The current page accessed through the navigation menu. Links to additional pages include:
  Blocked Messages,
  Deleted Messages,
  Approved Senders,
  Blocked Senders, and
  Options.
• Email Message Viewer:
  A viewer that opens when a message's "Subject" link is clicked.

Accessing the End User Web Interface

The PureMessage Administrator sends you an email message containing your login and password. This message also contains a web link to the web interface (for example, http://computer.example.com:28080). To access the web page

1. Click the web link in the email message. The login page is displayed.
2. Enter the Login and Password provided in the email message.
3. Click Login. You are logged in and the Blocked Messages page is displayed.

Blocked Messages

The Blocked Messages page displays all email messages that are quarantined by PureMessage due to spam content. Using the Blocked Messages page, you can:

• view blocked messages
• release misclassified legitimate messages from the Quarantine and deliver them to your mailbox
• delete and send messages to the Deleted Messages page
• deliver and approve a sender
• delete all messages in the list

Uou can sort quarantined messages based on the spam "Score", the email address listed in the "From" header, the message's "Subject", or the "Date" the message was delivered. Note that the date column displays the time in hours and minutes for messages blocked in the last 24 hours. Both the time and date are shown for messages blocked more than 24 hours ago.

View a Blocked Message

To view a blocked message:

1. On the left navigation menu, click Blocked Messages. The Blocked Messages page is displayed.
2. On the Blocked Messages page, click the "Subject" of the message you want to view. The message opens in another browser window.
3. To close the message, click the "X" in the upper-right corner of the window.

Deliver Message

Use the "Deliver Message" feature to release legitimate messages from the PureMessage Quarantine and deliver them to your mailbox.

1. On the left navigation menu, click Blocked Messages. The Blocked Messages page is displayed.
2. On the Blocked Messages page, under the Score column, select the check box(es) beside the message(s) that you want delivered to your mailbox.
3. Click Deliver Message. The selected messages are released from the Quarantine and delivered to your mailbox.

Delete Message

Use the "Delete Message" feature to remove messages from the Blocked Messages page and send them to the Deleted Messages page.

1. On the left navigation menu, click Blocked Messages. The Blocked Messages page is displayed.
2. On the Blocked Messages page, under the Score column, select the check box(es) beside the message(s) you want to remove.
3. Click Delete Message. The selected messages are removed from the Blocked Messages page and sent to the Deleted Messages page.

Deliver and Approve Sender

Use "Deliver and Approve Sender" to send the selected message(s) to your mailbox and add the sender(s) of those messages to your Approved Senders list.

1. On the left navigation menu, click Blocked Messages. The Blocked Messages page is displayed.
2. On the Blocked Messages page, under the Score column, select the check box(es) beside the message(s) that you want delivered to your inbox and whose senders you want added to your Approved Senders list.
3. Click the Deliver and Approve Sender button. The Approve Senders page is displayed.
4. On the Approved Senders page, select if you want to Approve just the sender or Approve all email from the sender's domain.
5. Click Approve. The selected messages are released and will appear in your inbox. The selected sender(s) are added to your Approved Senders list.

Delete All

Use the 'Delete All' feature to remove all messages from the Blocked Messages page and send them to the Deleted Messages page.

1. On the left navigation menu, click Blocked Messages.The Blocked Messages page is displayed.
2. On the Blocked Messages page, click Delete Message. All messages are removed from the Blocked Messages page and sent to the Deleted Messages page.

Deleted Messages

Displays messages deleted from the Blocked Messages page. You can sort "Deleted Messages" based on spam "Score", the email address listed in the "From" header, the message's "Subject", or the "Date" the message was blocked. Note that the date column displays the time in hours and minutes for messages blocked in the last 24 hours. Both the time and date are shown for messages blocked more than 24 hours ago.

Use "Delete Messages" to view and undelete messages. Undeleted messages are sent back to the Blocked Messages page.

Undelete Message

To undelete a message:

1. On the left navigation menu, click Deleted Messages. The Deleted Messages page is displayed.
2. On the Deleted Messages page, under the "Score" column, select the check box(es) beside the message(s) you want to undelete.
3. Click Undelete Message. The selected message(s) are sent to the Blocked Messages page.

Approved Senders

The Approved Senders page lists email addresses that are known to be legitimate sources of email. By default, email from approved senders and hosts is delivered by PureMessage without being scanned for spam. Use "Approved Senders" to add or delete senders from the Approved Senders list.

Add an Approved Sender

1. On the left navigation menu, click Approved Senders. The Approved Senders page is displayed.
2. On the Approved Senders page, in the Add address text box, enter the valid email address of the sender you wish to approve.
   Note: Valid email addresses are of the form user@host.domain (for example, fooey@spammer.com).
3. Click Add Sender. The Approved Senders List page is displayed with the approved sender added.

Delete an Approved Sender

1. On the left navigation menu, click Approved Senders. The Approved Senders page is displayed.
2. On the Approve Senders list, under the "Sender" column, select the check box(es) beside the sender(s) you want to remove from the list.
3. Click Delete Sender. The Approved Senders page is displayed with the sender(s) removed from the list.

Blocked Senders

The Blocked Senders page lists email addresses that are known to distribute spam or viruses. The End User Web Interface can be configured to block messages originating from addresses in this list. Use "Blocked Senders" to add or delete senders from the Blocked Senders list.

Add a Blocked Sender

1. On the left navigation menu, click Blocked Senders. The Blocked Senders page is displayed.
2. On the Block Senders page, in the Add address text box, enter the valid email address of the sender you wish to block.
   Note: Valid email addresses are of the form user@host.domain (for example, fooey@spammer.com).
3. Click Add Sender. The Blocked Senders List page is displayed with the blocked sender(s) added.

Delete a Blocked Sender

1. On the left navigation menu, click Blocked Senders. The Blocked Senders page is displayed.
2. On the Blocked Senders list, under the "Sender" column, select the check box(es) beside the sender you want to remove from the list.
3. Click Delete Sender. The Blocked Sender page is displayed with the sender removed from the list.

Options

Use the Options page to set or modify individual PureMessage email-filtering preferences.

Disable all spam and offensive content blocking for my messages

1. On the left navigation menu, click Options. The Options page is displayed.
2. On the Options page, under Mail-Filtering Preferences, select the Disable all spam and offensive content blocking for my messages check box.
3. Click Save. This option is saved.

Notify me periodically of messages that have been blocked

1. On the left navigation menu, click Options. The Options page is displayed.
2. On the Options page, under Mail Filtering Preferences, select the Notify me periodically of messages that have been blocked check box.
3. Click Save. This option is saved.

Hold Messages

Use the Hold Messages option to keep messages for longer than the set number of days (for example, during a vacation). With the Hold Messages option you specify a hold date using the day, month, and year drop-down lists.

1. On the left navigation menu, click Options. The Options page is displayed.
2. Under Hold Messages, use the drop-down lists to select the date after which the messages will be held for 99 days.
3. Click Save. The option is saved.

Language Preference

Note: This feature is only available if it has been enabled by the system administrator. If the administrator disables this setting, the Language Preference portion of the Options page is not displayed.

Use the Language Preference option to change the language in which the End User Web Interface (and this documentation) is displayed. Choose from English, French or German.

1. Under Language Preference, select a language from the drop-down list.
2. Click Save. The End User Web Interface and the accompanying documentation is displayed in the specified language.

Quarantine Digests

When the PureMessage filter detects that a message has a 50% or greater likelihood of containing spam, the message is stored in the PureMessage Quarantine instead of being delivered. Quarantine digests are email messages generated by PureMessage that list each user's quarantined messages.

Quarantine digests display the quarantine message ID number, the spam probability percentage, the message's "From" address, and the message's "Subject". To release a single message from the Quarantine, click on the ID number. This will generate an email to PureMessage; the message will be automatically released. To release all listed messages from the Quarantine, reply to the message.