DSPAM
Introduction
Quick Start
DSPAM How-To Video
DSPAM Web Page and Settings
Training the DSPAM System
Easier SPAM Control with Quarantine Mode
Using the ***SPAM***Subject Line To Identify SPAM
Using the X-DSPAM-Result Header to Identify SPAM
Set SPAM Sensitivity
Expert Technique: Bulk Training with IMAP Folders
More About DSPAM
For More Help
Introduction
Unsolicited bulk e-mail, nicknamed SPAM, is a frequent source of frustration for Rice faculty, staff and students. For most members of the Rice community, e-mail is a critical part of our daily work, so we must deal with SPAM. To assist with the identification and removal of SPAM, Information Technology has implemented the DSPAM (as in "de-spam") filtering tool on our campus mail servers.
DSPAM combats SPAM by performing detailed statistical analysis on incoming e-mail messages, using a variety of advanced analysis algorithms. E-mail that earns a high score is marked as SPAM. DSPAM maintains separate preferences for each user, so you can customize your SPAM settings to your liking and teach your DSPAM filter to recognize new SPAM, or to ignore legitimate e-mail. This process is calling training, and it is critical to the successful operation of DSPAM.
DSPAM also has a server-based Quarantine, which allows you to trap SPAM before it enters your e-mail INBOX. This feature is not turned on by default because it requires regular maintenance, but the Quarantine is one of the best features of DSPAM.
This document describes how to use DSPAM
with coverage of basic and advanced features. Questions about DSPAM may be directed to the Information Technology Help Desk, helpdesk@rice.edu or
713-348-HELP (4357).
Quick Start
If you want to get up and running with DSPAM very quickly, please read the
following sections:
- DSPAM Web Page and Settings
- Easier SPAM Control with Quarantine Mode
- Training the DSPAM System To Recognize New SPAM
These three sections describe the most essential features of DSPAM for the new user.
DSPAM How-To Video
To video a short DSPAM how-to video, visit the Rice IT How-To Video Series page.
DSPAM Web Page and Settings
DSPAM maintains separate settings for each user, so you can modify your personal SPAM identification settings. If you read your e-mail on Owlnet or RUF, use your web browser to go to
You will be prompted to log in with your NetID name and password. The NetID name is the login name that you received when you first came to Rice.
The address listed above works only for Owlnet and RUF e-mail accounts. If your department maintains an internal mail server (such as Fondren Library, CS, ECE, BIOC and others), then please check with your local system admin for the DSPAM web page address. In most cases, the address will simply be your mail server with :4430 appended to the end of the address, such as
https://sparta.rice.edu:4430/
https://cs.rice.edu:4430/
https://ece.rice.edu:4430/
etc.
The settings panel for DSPAM will have a series of tabs across the top; click the Preferences tab to adjust your settings.
If you change any preferences, click Submit Changes at the bottom of the Preferences window.
Training the DSPAM System
Recognize New SPAM
If you receive unsolicited bulk e-mail and DSPAM did not quarantine it or mark it ***SPAM***, there are two ways to train DSPAM to recognize that type of message as SPAM.
1. Log in to the DSPAM page and choose History. From here you can mark mail as innocent or SPAM.
2. forward that e-mail to
spam-NetID@mail.rice.edu
where "NetID" is your Rice NetID name.
DSPAM will analyze the e-mail and tag or quarantine similar messages in the future.
Ignore Legitimate E-mail
If you use the DSPAM Quarantine, you do not need to train DSPAM to ignore legitimate e-mail. DSPAM will train automatically when you deliver your legitimate e-mail from the Quarantine.
If you are using ***SPAM*** Subject tagging and you receive a legitimate e-mail marked as ***SPAM***, you can train DSPAM to ignore similar messages in the future. Forward the incorrectly tagged e-mail to
notspam-NetID@mail.rice.edu
where "NetID" is your Rice NetID name.
DSPAM will analyze the e-mail and ignore similar messages in the future.
Easier SPAM Control with Quarantine Mode
DSPAM allows you to store potential SPAM messages on the DSPAM server instead of your e-mail INBOX. You can then review these stored messages, remove the legitimate mail and send it to your INBOX, then delete the SPAM. This is the most efficient way to handle large amounts of SPAM with DSPAM.
To activate Quarantine mode, go to the DSPAM web site (for Owlnet
and RUF: https://www.ricemail.rice.edu:4430/)
and log in. Click the Preferences
tab. In the Message Handling
section, click the button next to Quarantine
the message.
Then Submit Changes to save the setting.
New SPAM messages will accumulate in the Quarantine. When you are
ready to review and delete SPAM messages, return to the DSPAM web site and click the Quarantine tab.
Initially, messages are sorted by SPAM rating from 40% to 100% likelihood of being SPAM. You can sort
the messages by SPAM rating or received date by clicking the Rating or Date
links at the top.
The number after the word Quarantine
indicates the number of messages in the Quarantine. On the Quarantine
page, you will see a list of all messages identified as potential SPAM.
Scan the list for legitimate e-mail and click the checkbox for each
legitimate message. When finished, click the Deliver Checked button. These
e-mails will be delivered to your Rice e-mail INBOX. An example message
is shown below.
When all of the legitimate mail has been removed from the list, click the Delete All button to delete the remaining SPAM messages.
Return to the DSPAM web
site periodically to review the DSPAM
Quarantine. If your Quarantine box gets almost full (about 2
megabytes), you will get a warning e-mail from DSPAM, like this:
Date: Fri, 11 Feb 2005 21:06:41
To: rickr@it.is.rice.edu
From: Technical Support <support@it.is.rice.edu>
Subject: Your quarantine box is getting full
Dear Valued Customer,
This email is to inform you that your spam quarantine box is growing quite large
...
If you receive such a message, your Quarantine box is nearly full. Visit the DSPAM web site to clear out your Quarantine as soon as possible. If you do not clear out your Quarantine and the Quarantine gets completely full, it will temporarily switch to ***SPAM*** subject tagging until the Quarantine is cleared out.
Using the ***SPAM*** Subject Line To Identify SPAM
In the default configuration, DSPAM will mark incoming e-mail detected as SPAM with a ***SPAM*** subject line, like so:
Subject: ***SPAM*** Get a low rate mortgage, enjoy more tamales!
Subject: ***SPAM*** AMAZ|NG TAMALE MARK*TING PROGRAM
To activate this feature, visit the DSPAM web page and click the Preferences tab, then click Message Handling, Tag the Subject header with ***SPAM***, and click When I train DSPAM, I prefer: To forward my smaps (signature appears in message body):
If you prefer to sort your ***SPAM***-marked e-mail in a separate folder, you will need to add filters
to catch the ***SPAM*** Subject line. To set up a ***SPAM*** filter, use the following instructions for your e-mail software:
- Eudora 5.2, 6.1 and 6.2 (PC, Mac)
- Netscape 7 and Mozilla (PC, Mac, other platforms)
- Outlook 2000/XP (PC)
- Outlook Express (PC, POP protocol only)
- Microsoft Entourage (Mac OS X)
- Apple Mail (Mac OS X)
- pine (UNIX command line)
When your filter is working, remember to review the contents of your SPAM folder periodically and forward incorrectly tagged messages back o the training addresses (see Training the DSPAM system, below).
Using the X-DSPAM-Result Header to Identify SPAM
If you prefer, you may use a special header to identify SPAM messages. This method does not modify the Subject line, so it's easier for people who get occasional misidentified SPAM that they need to forward or reply to. Since this option is only useful when combined with filtering, use the following instructions to set it up for your e-mail software:
- Apple Mail (Mac OS X)
- Eudora (Mac)
- Eudora (PC)
- Microsoft Entourage (Mac)
- Microsoft Outlook 2000 (PC)
- Microsoft Outlook XP or 2003 (PC)
Set SPAM Sensitivity
You can adjust the sensitivity of DSPAM with the buttons in the Training section of the DSPAM Preferences:
Click Submit Changes to
save your new sensitivity settings:
Please keep in mind that when you increase the sensitivity of the
filter, there is a greater chance that DSPAM will identify legitimate e-mail as SPAM. This is called a false positive. You should always
review the messages marked ***SPAM*** or the messages in your DSPAM Quarantine very carefully for false positives.
If you reduce the sensitivity of the filter, you will see more SPAM ignored by DSPAM. These are called false negatives. The default setting in the center position will work for most people, but you may want to experiment with the settings to find the optimum balance of false positives and false negatives for your own e-mail.
Expert Technique: Bulk Training with IMAP Folders
If you receive a lot of unmarked SPAM and you want to retrain DSPAM without forwarding individual messages, you can use this bulk training method.
Create a folder in your IMAP account named DSPAM_spam. That's an underscore character (shift-minus on most keyboards) after the word DSPAM.
Move your untagged or unquarantined SPAM e-mail into the DSPAM_spam folder. Every 24 hours, a script will grab all of the messages in that folder and push them into the training system for DSPAM, then delete the contents of the folder.
You can use this method to train DSPAM using lots of mail, without the inconvenience of forwarding individual messages.
More About DSPAM
DSPAM Web Links and Documentation
For More Information
If you need help with DSPAM, please call xHELP (x4357, or 713-348-4357 from off-campus). You may also submit a request for help at http://helpdesk.rice.edu/ or via e-mail at helpdesk@rice.edu.
02/03/2005
