Getting Started with SpamVault
SpamVault allows you to block e-mail from spammers. Although SpamVault is very easy to use, it's also very powerful and if not used properly can delete e-mail you may have wanted to receive. Please read these instructions before using SpamVault as we cannot retrieve lost e-mail.
To begin using SpamVault, you need to add an entry in the text box appropriately names, "Add an entry:". An example of an entry would be a spammers e-mail address. There are 4 radio buttons called Block-triggers that follow this box with the letters F,T,R,S next to them. These represent the area of the e-mail header that is used to trigger the blocking of the e-mail For instance, the "F" stands for e-mail"From" someone. In the example here, we want to block any e-mail coming "From" the e-mail address spammer@spamnetwork.com so we would make sure the radio button next to the "F" is checked.
The following are the areas of the e-mail header that can be blocked:
F = From (block e-mail 'From' someone or some network)
T = To (block e-mail sent 'To' someone at my domain)
R = Received (block e-mail with special text in the 'Received' section of an e-mail header)
S = Subject (block e-mail with this word or phrase in the 'Subject of the e-mail)
Adding an Entry:
Here is what your entry should look like
Add an entry. Block-trigger: F T R S |
After entering this information press the "Update Entries"
button at the bottom:
Once entered, your entry will show up on the list and looks as follows:
1) Block-trigger: F T R S || Status: BLOCK ALLOW || DELETE |
Editing an Existing Entry:
Once an entry is entered, you can change it in real time just by editing the existing entry. For instance, if you wanted to test this entry to see if you were still getting e-mail from this particular address, you might change the status from 'Block' to 'Allow'. You can edit as many entries as you wish but be sure to press the 'Update Entries' button after you're finished editing.
1) Block-trigger: F T R S || Status: BLOCK ALLOW || DELETE |
Understanding e-mail Header Information:
Every e-mail sent has a section called the 'header'. This section includes commonly known data such as who the e-mail is being sent from and who it is being sent to along with some other information that will help you manage your spam. The header is not usually viewable in the default settings of your e-mail program. You may need to read the documentation on your e-mail program to find out how to view the header.
An e-mail header can be broken down into some basic parts. Each part it identified
by a title such as "From:".
Rather than getting into too much detail about all the sections, we'll just
focus on the ones SpamVault looks at to
filter out spam. We've highlighted the data that we'll be focussing on in red.
SAMPLE e-mail HEADER:
---------------------
X-POP3-Rcpt: you@youre-mailaddress.com
Received: from welove.spamnetwork.com (spammers_isp.com [209.90.160.156])
by youre-mailserver.com (8.10.2/8.10.2) with SMTP id g05HX0N10982
for <me@youre-mailaddress.com>; Sat, 5 Jan 2002 12:33:04 -0500
Message-Id: <200201051733.g05HX0N10982@spmmers_isp.com>
Content-Type: text/html; charset=US-ASCII
Date: Sat, 5 Jan 2002 09:33:13 -0800
To: you@youre-mailaddress.com
From: Bob Spammer <bob@phonyaddress.com>
X-Mailer: Version 5.0
Subject: You may have already won $10,000!!!
Organization:
The "To:" Section
Info in this section can be shows where the e-mail was delivered to. Often, this
is a weak place to put a block because spammers take advantage of catch-all
e-mail boxes. The send it to Anybody@yourdomain.com and whoever has the catch-all
e-mail box will get it. So you might set up a block on anything sent to Anybody@yourdomain.com.
Tomorrow they'll use NoBody@yourdomain.com and get by the block of "Anybody@yourdomain.com"
that you'd set up. One thing this section is good for is to stop mail from going
to someone who's left the company.
The "From" Section
In short, this is easily forged and can be changed as easily as the "To:"
address. This is good to block out those annoying friends who keep sending you
chain letters. Blip, you'll never have to look at those again.
The "Subject:" Section
Now we're getting some power. Want to stop the e-mails with XXX or SEX or Work
At Home in the subject line. This is the place to do that. Just use the snippet
of the subject that you know will be offensive. If the subject reads, "XXX
Pictures of Warm blooded carbon based life forms, " you may just want to
block "XXX" or you might block out your son's biology assignments.
The "Received:" Section
Info in this section is blocked using the R (Received) trigger in SpamVault.
This is one of the most powerful and most overlooked areas for blocking because
you can block and entire network in one fell swoop. There are some services
that are friendly to spammers, they even encourage it. The permit or profit
from spamming on their server network. Often, you'll get many different looking
spams from once network and not realize it because the return addresses are
phony. Before we decide what to block, remember to block as little as possible.
Casting too wide a net or making a lot of unnecessary entries just makes the
server work harder for no reason. So, looking at the Received: section here
are the things I would consider candidates for blocking in order of preference.
1) spamnetwork.com 2) spammers_isp.com but be careful, if the guy's on America
Online, you've just blocked everyone on AOL.
Spammers and Their Tricks:
We have to confess that SpamVault is not the end of all spam but it will give you better control over your circumstances. Spammers are always devising tricks to work around SpamVault and we're constantly trying to prevent them from doing so. One way they will get around SpamVault is to trick you into blocking the wrong section of the e-mail header. Technically speaking, it's easy to fake all but the "Received" section of an e-mail. You might block everything coming from one e-mail address and all they have to do is fake you out by using another e-mail address. Using this trick it can look like they're sending from a hotmail.com address today and tomorrow you'll get the same spam from yet another address. Here is where the power of the 'Received' section comes in and why it's important to review the header of your e-mail rather than the default to and from sections.
A spammer typically not be able to change the information in the 'Received' section of the header. So, using that as a filter can be the strongest method of blocking e-mail. Please do not just paste the entire 'Received' section into SpamVault. You need to review the header for a specific server name and sometimes an IP number (but these change regularly so it is not recommended). In the example above, the network that the spam is coming from is welove.spamnetwork.com. We would recommend that you only use the last and second from the last section of the network name: spamnetwork.com.
Configuration Section:
You can show or hide the configuration data of SpamVault by checking or clearing the box appropriately called "Show Configuration Data" located below the 'Update Entries' button.
Sample Configuration Data Section
Show Configuration Data
==================== Configuration ====================
WHERE DO YOU WANT TO PUT YOUR SPAM?
Send My Spam Into Never Never Land! OR Save my spam to a repository file
Current spam repository file size: 59074 Bytes Clear this file?LOG BLOCKED SPAM?
Keep a log of how many e-mails have been blocked
Current spam log file size: 5045 Bytes Clear this file?
Blocked spams since the log was last cleared: 10
Total Spams Blocked: 1151
====================================================
Let's review the options in the is section.
Where do you want your spam to go. You can delete your spam (AKA Never Never Land) or send it to a special file by placing a check in the box labeled, "Save my spam to a repository file". This file is called "spamvault" and is located in your /www/sv/ folder. As this file grows it uses disk space, so it is always a good idea to 'Clear this file' regularly. You must press the 'Update Entries' button for these changes to take place.
Log Blocked Spam. SpamVault can keep a log of all the e-mails that it has filtered. This log file is called 'spamvault.log' and is also located in your /www/sv/ folder. As this file grows, it also uses disk space, so it is always a good idea to 'Clear this file' regularly. You must press the 'Update Entries' button for these changes to take place.
SpamVault keeps a tab on how many spams it has blocked in the last line of the configuration section and is guaranteed to provide a personal sense of satisfaction.
Hidden Benefit of SpamVault:
Your account uses bandwidth twice when you receive an e-mail. When the e-mail arrives at the server and when you retrieve it from the server. SpamVault completely eliminates the spam at the server so you will avoid using the extra bandwidth when you check your e-mail. The less e-mail traffic there is, the faster your website is served up when people visit it.
Warnings and Cautions:
When someone uses the term 'powerful program,' this is code for 'you can really mess things up with this program if you're not careful.' SpamVault is a powerful program and therefore you should be very selective in the entries you make. Adding an entry that only contains the letters '.com' in it will block all e-mail coming from any e-mail address that has '.com' in it. If all of a sudden your e-mail doesn't work, check your entries in SpamVault before you contact support.
Illegal Characters. Only use the following characters in your entries as other characters such as a bracket "[" will cause very predictable results (all bad). You can use the following characters: A - Z, a - z, 0 - 9, period (.), quotes (" or '), At symbol (@), dollar sign ($), exclamation point (!), and the question mark (?).
Copyright 2001-2002 by Thomas Leo. All rights reserved.