BSU/NTC Spam Filtering

Ever wonder how you get so few SPAM email messages at your BSU/NTC account?

There are numerous spam identification methods used by a variety of anti-spam products and services. Some are more effective than others, but none of them provide 100% accuracy.

Many approaches involve the implementation of various algorithms to calculate, based on message content, the likelihood a given message is or is not spam. As spammers change their techniques, however, these algorithms become less effective.

In addition, it can be very difficult to find a balance that ensures mail delivery of legitimate messages while preventing false positives (incorrectly rejecting legitimate mail) and false negatives (not rejecting spam messages).

Common techniques include:

  • Blacklisting – blocking any message from any sending system on a list of known spam senders
  • Whitelisting – accepting only mail from senders on an ‘approved’ list
  • Greylisting – a message delaying method used to discourage spammers

BSU/NTC employs the use of a pair of Cisco IronPort Spam Filtration appliances.

The primary method of spam prevention used by IronPort is Reputation Based Filtration. This method of filtration places a greater burden on sending systems rather than receiving systems because the owners of sending systems become responsible for their own reputation.

Reputation can suffer when sending systems are known for sending spam, do not respond to spam complaints, do not prevent outbound spam, or belong to a mass email marketing campaign.

On a normal day IronPort blocks approximately 80% of email based on reputation. Another 10% is typically determined to be spam based on message content, gets labelled as [SPAM] or [SUSPECTED SPAM] and is delivered to user mailboxes. The remaining 10% are determined to be either [MARKETING] or legitimate messages and are delivered to mailboxes.

The subject modifications made to spam messages can be used by end users to create rules in Outlook or other mail client software to control message delivery to specified folders. This typically reduces the number of message in the Inbox while allowing for later review of [SPAM] or [SUSPECTED SPAM] or [MARKETING] messages. Users interested in creating rules for message delivery in Outlook should contact the BSU Helpdesk at x3777 or the NTC Helpdesk at x6651 for assistance.

The following articles provide further information detailing anti-spam techniques:

http://en.wikipedia.org/wiki/Anti-spam_techniques

http://www.cisco.com/c/en/us/products/security/email-security-appliance/rep_filters_index.html