- MailProbe.com
--
SPAMPROBE  

Table of contents

 

General

SpamProbe 1.02 is a plug-in module designed for MailProbe. It is centered around an elementary AI which continually learns the sources of SPAM and blocks mail from those servers. In addition there are comprehensive mail filters which follow rules set by individual users. Messages which are deleted by the AI in the background can optionally be saved in a special folder so that valid messages can be recovered. Together, we have declared war on SPAM

[top]

Features

All features are optional:

  • Powerful mail filters
  • Automatically deletes spam from POP mailboxes in the background using intelligence (intel) gained from Remote Block List (RBL) servers
  • Maintains copies of spam source intel in a Local Block List (LBL) to avoid remote lookup delays
  • Maintains a database of spam details for use by RBLs
  • Processes and deletes messages designated by the user as spam
  • Maintains source intel on user-designated spam in a Personal Block List (PBL)
  • Copies messages to the user's Spam folder before automatic deletion
  • Verbose mode i.e. shows details of background actions

[top]

Operation

Purpose. SpamProbe has been designed to operate primarily in the background following directives issued by the administrator and users. It also responds interactively to both through the use of menu choices. Its main purpose is to identify sources of spam by using both local means and remote, removing spam from POP mailboxes and maintaining a record of all actions taken.

Actions. By following rules in both the configuration settings and user Options SpamProbe can:

  • Filter messages from user mailboxes based on the length, content and quality of the Subject line
  • Filter messages based on Sender addresses
  • Filter messages based on host IP address of originator or proxy mail servers
  • Deliver filtered messages to users in accordance with their allowable IP addresses
  • Search RBLs for IP addresses extracted from message headers, automatically delete messages from mailboxes and add/update the IP addresses to the Local Block List (LBL)
  • Delete messages designated as spam by the user and update the user's Personal Block List (PBL)
  • Recover messages automatically deleted from the mailbox on user command
  • Operate in verbose mode so the user has a complete record of actions taken in the background
  • Manage the LBL under direction of the administrator
  • Manage PBLs under direction of the users.

Methods. Spam is managed by:

  • The AI automatically in the background while processing a POP mailbox
  • The AI in response to user commands
  • User preferences specified in an Options file
  • User operations on messages and PBL database
  • Control panel (admin) operations on the LBL database and Spam database

Background operations. When the user selects the Inbox menu option the current POP mailbox is opened and message headers are fetched. If the user has selected the Option 'Auto-delete spam before it reaches Inbox' each header is passed to the SpamProbe filter which does the following:

  • Compares subject line, sender address and source IP address to the POP account user's Options settings and if filtered marks the message for deletion.
  • If the IP is listed in the LBL it is marked for deletion. Otherwise if it is listed in a RBL it is marked for deletion and the IP added to the LBL.
  • Each message automatically deleted will be copied to the user's Spam folder if the Option 'Save deleted spam in Spam folder' was selected.
  • If the user selected 'verbose' mode a summary report will be displayed of actions taken for each message.
  • When the maximum number of message headers specified in the user's Options has been processed control is passed back to the user at the Inbox. Messages which were not deleted from the maximum fetched are displayed for user action.
  • After each user action has been completed a CONTINUE page is displayed. This is a non-processing page which permits the user to make a menu choice.
  • If the user continues opening the Inbox this cycle of actions is repeated until the POP mailbox is empty.

[top]

User operations. This is best described by outlining a typical user session:

  • Following a login to MailProbe some important information is displayed:
    • number of RBLs responding or RBLs not responding
    • POP mailbox in use and number of messages in the Inbox or No POP mail account selected.
    • if you receive a warning that your IP address was found in a RBL you should report this to your service provider. Otherwise mail which you send may be rejected by many servers
  • After completion of any required Accounts or Options settings select Inbox and the background AI will be activated.
  • When the Inbox is displayed, if any action was taken by the AI it will be summarized in Previous action at top of the Inbox. If there are no message headers to view, you may select Inbox again to fetch more.
  • If there are message headers displayed they may be dealt with as follows:
    • they may be read then disposed of
    • all or selected messages may be copied to the Save folder. They will NOT be deleted from the POP mailbox
    • all or selected messages which are NOT spam may be Deleted
    • all or selected messages may be treated as spam. Use Del spam to have them processed and deleted by the AI. These will NOT be copied to the Spam folder
  • After a message is read you may Reply, Forward, Save, Del or have it processed as spam with the Del spam button
  • When you are finished with the Inbox it is prudent to proceed to the Spam folder and determine if any valid messages were processed as spam. Messages in this list may be Saved, Deleted or read. NOTE: if you have selected the option to save auto-deleted spam and you have exceeded your disk storage quota then spam messages will neither be deleted nor copied to this folder
  • After a message is read from the Spam folder you may Recover it, Reply, Forward, Save or Delete it. Recovery is carried out as follows:
    • before pressing the Recovery key you may wish to add the IP address of the sender's mail server to your list of accepted addresses in Options:
      • press Show full header to reveal the Received block and find the IP addresses from the first one or two from statements
      • add these IP addresses to your Options so that you may subsequently receive email from those servers
      • the remainder of the recovery is carried out automatically by the AI

    • the subject line, sender address and source IP addresses are edited by the AI to help prevent them from being filtered again
    • the from IP addresses are set to 0.0.0.0 to prevent blocking
    • the message is re-mailed to the current POP account after which Previous action will display the altered subject line so that it may be identified
  • You may also recover a message by forwarding it to a mailbox which will not filter it.

[top]

Personal Block List (PBL). If you have checked the Option 'Add host IP to my block list...' then you should periodically select Blocklist in order to maintain the database and keep it current. Keep in mind that this list is built from messages which you labeled as spam and deleted. The source IP addresses may not be listed in any RBL which could be the reason they were not automatically deleted by the AI. Alternately, the reason could be that the remote lookup operation timed out before the IPs were located:

  • Display is normally switched off because a large list may require some time to load. The number of records and total number of messages they represent is shown at top of page. Operations such as Find, Sort, Verify and Display On will create a listing. You can also specify the range of records to display using the From and To fields e.g. From 1 To 100 etc.
  • Find will search the list for the IP address entered in the adjacent textbox. If found it will be displayed, otherwise a failure message will be displayed
  • Sort may be done by three different methods to facilitate searching for records to delete or verify:
    • ascending order of keys (IP addresses), or
    • ascending order of total messages, or
    • ascending order of dates (oldest at the top)
  • Verify will determine whether the IP addresses you are blocking are now listed in some RBLs and can be deleted. The column labeled Listed is normally blank unless you request a remote lookup verification. Entries which are listed in one or more RBLs can be removed from your PBL to avoid redundancy. This can be a lengthy process for a large database:
    • select the entries you wish to verify (or All) and press the Verify button. Only entries which were found in a RBL will be displayed
    • the value shown in the Listed column is the number of RBLs which have this IP listed. It is recommended that entries not be deleted until they are listed in two or more RBLs
    • select the entries you wish to delete and press the Delete button
  • Backup and Restore will save a complete copy of the database and recover it after a mishap
  • Add new records or Edit existing ones
  • Import and Export complete lists for sharing with others etc.

[top]

Options. This menu selection provides access to your mail handling preferences. Options available to most popular mail readers such as message sorting, time zones and maximum number of headers to display at any one time appear at the head of the list. Those specific to SpamProbe are:

  • Auto-delete spam before it reaches Inbox - this activates the AI background operations.
  • Save deleted spam in Spam folder for inspection - this prevents loss of valid mail deleted by the AI.
  • Verbose mode - show details of anti-spam actions - summary reports will appear in small print above the Inbox while messages are being processed. For your first tests enable this and set number of headers to 3+ to become familiar with the AI.
  • Add host IP to my block list when I Del Spam - avoids remote lookup delays in the future for that IP.
  • Filter message if Subject contains this much or more: (valid messages generally have less than the examples shown - examine samples of spam to gain experience)
    • Length. e.g. 40
    • Non-alphabetics (i.e. punctuation etc.). e.g. 10
    • Uppercase letters e.g. 10
    • Loudness (punctuation + uppercase) e.g. 15
  • Filter message if Subject contains any of these words or phrases. e.g. sex, drugs, sweet deals etc.
  • Filter message if From contains any of these sender addresses (email addresses)
  • Do not block these mail hosts (IP addresses - a partial number will allow all IPs beginning with that value). Here is one method of obtaining IPs to protect:
    • while reading a message select Show full header and examine the Received: header
    • closely following From there should be an IP address to capture. If additional From fields are found they represent relay servers and should also be used

[top]