DSPAM (as in De-Spam) is an anti-spam filter that uses Bayesian statistics to analyze email and make classification decisions of whether the message is Spam or not. Innocent messages are delivered to user mailboxes while those determined to be spam are delivered to a special 'quarantine' mailbox for the user to review. For every message received DSPAM gains a little more data about how to classify future messages. This makes the system very accurate over the long-haul.
How DSPAM works:
For each message received by the mail server DSPAM will generate a subset of statistics keyed to the original message and, based on its operational rules, will determine whether to quarantine the message or deliver it to the user's mailbox. Whether the message is delivered or quarantined the next step is the key to DSPAM's learning process. There are essentially four opportunities to train DSPAM for the user's preferences:
Innocent Messages in your Inbox:
When innocent messages arrive in your inbox no retraining is performed (see #2) then DSPAM will automatically 'learn' that a message of this type is not spam. No further user action is necessary. (although you still read the email). ;)
SPAM Messages in your Inbox:
If a user finds a message that was delivered that should have been classified as spam, they simply forward the message to a special email alias and the system will relearn this 'type' of message as spam. This enables the filter to be specific/sensitive to each users email preferences and to continue to evolve in its classification methods. Instructions for this process are below under the How to use DSPAM section.
Innocent Messages in your Quarantine Inbox:
Innocent messages that are incorrectly delivered to your Quarantine box are termed False-Positives. Based on the information available to DSPAM when the message arrived DSPAM classified the message as spam. If these messages are re-classified by the user as Not-Spam, DSPAM will relearn/unlearn for this message. Instructions for the re-classification process are below under the How to use DSPAM section.
SPAM Messages in your Quarantine Inbox:
When spam messages are caught and quarantined they are delivered to a special 'quarantine mailbox'. Users are urged to frequently check their quarantine mailbox to make sure there are no false-positives. If no false-positives are present a user simply has to delete the quarantined messages. Since DSPAM learns when the messages is delivered no further user action is necessary. Instructions for viewing and deleting messages quarantined messages are below under the How to use DSPAM section.
Eventually, using DSPAM should only involve periodically reviewing your quarantine. However, you should be familiar with the following 7 processes.
Reporting Spam
If you receive spam messages in your inbox after you have enabled DSPAM, forward the messages to spam-yourusername@csbs.utah.edu (ie. spam-ab1234@csbs.utah.edu). This allows DSPAM to learn and better filter spam for your account.
If you use webmail, and you have enabled dspam, you can check the box to the left of each message to be reported, then click "Report as Spam"
.
When prompted, enter your CSBS username and password
Once logged in you will be presented with DSPAM's performance statistics for your account
Viewing your quarantine:
From the menu bar in the web interface, click "Quarantine". Note that to the right of the word Quarantine, in the menu bar, you will see a number. This number represents the number of messages DSPAM currently has in it's quarantine for your account.
If you use webmail, your DSPAM Quarantine can also be accessed directly from webmail by clicking "Quarantine" located on the left side menu under "My Account".
You are presented with a list of messages, one per line. Each line displays the date that the message was sent, the address the email is from (or claims to be from), and the subject of the message.
If you recognize any message as non-spam, or false positive, click the checkbox located left of to the message, then click the "Deliver Checked" button. You may select more the one message before clicking "Deliver Checked."
The message will then be delivered to your account's inbox, which can then be accessed via your regular method of checking email.
If you are unsure whether or not a message is really spam, click the subject of the message to view that message's contents.
The message will display in plain text format with full headers.
You may need to use the scrollbar embedded into the webpage in combination with your browser's scrollbar to view the entire message.
If you determine that the message is not spam, click "Deliver Message" or return to the quarantine and follow step 3.
Messages that you are certain to be spam should be deleted.
If your entire quarantine contains only spam, click the "Delete All" button to empty your quarantine.
If you want to delete spam without emptying your entire quarantine, select the checkbox to the left of the spam message, then click "Delete Checked." You may select more than one message before clicking "Delete Checked."
Setting your DSPAM Preferences
From the menu bar in the web interface, click "Preferences"
Set your Preferred training mode. It is recommended that you leave the default "Train on every new message..." selected.
Set your Training Sensitivity.
This option let's you influence DSPAM's decision on whether or not a message is spam.
If you want DSPAM to side more toward preventing false positives, make your selection to the right.
If you want DSPAM to side more toward catching spam, make your selection to the left.
We recommend that you select the center option between the two vertical lines (|).
Enable Noise Reduction
(Recommended)
Noise Reduction becomes active AFTER 2500 innocent messages have been
delivered. This feature helps reduce "Bayesian Noise" from wordlist attacks in spams.
Enable Automatic Whitelisting (Recommended)
Automatic Whitelisting will add the sender of a message to a whitelist (no further spam processing) once you have accepted more than 20 innocent messages from that sender. Once you report a spam from that sender, the whitelist is reset and the count cycle begins again. Since DSPAM uses the entire "From:" line, and not just the sender's email address, automatic whitelisting is a very safe approach to improving accuracy, especially during initial training
Alerts
Alerts are rules that are designed to highlight messages in your quarantine that may be false positives.
From the menu bar in the web interface, click "Alerts"
If you have configured any alerts, you will be presented with a list of your alerts.
Enter text in the text box that you would like DSPAM to check for in the headers of quarantined messages.
For example, entering "csbs.utah.edu" would cause any message to or from an address with "csbs.utah.edu" to be highlighted when viewing the quarantine. If a message had csbs.utah.edu in the subject, it too would be highlighted.
Click "Add Alert"
You may add as many alerts as you would like.
Submitting the same text more than once will not provide additional highlighting
Analysis
Analysis provides Graphical charts of your account's spam and non-spam activity.
From the menu bar in the web interface, click "Analysis"
History
History displays the classification (spam/non-spam) of the last 30 messages received for your account.
From the menu bar in the web interface, click "History"
To make/keep DSPAM accurate at catching your spam, you must
forward spam messages to your spam-<username>@csbs.utah.edu address.
The most efficient way to do this is to add an entry to your
addressbook or setup a macro that will forward the message to your
spam address with the least amount of effort on your behalf. To aid
in this process we've outlined the process for a few of the more
popular email client used:
For Netscape Clients & Mozilla Thunderbird Clients:
In your addressbook, add a new entry with these characteristics:
Note:
The entire '<username>' needs to be replaced with your login
username. For most users this is in the form 'ab1234'
When you discover a spam in your inbox, now you can forward it quickly by highlighting it, type 'Ctrl+L' (read control - l), and typing 'spam' in the To: address field. Then type 'Ctrl+Enter' (read control - enter). This will send the message and return you to your inbox. Where you can now delete the message.
For Webmail.csbs.utah.edu users:
For each message in your Inbox that is spam, check the box to the left of that message, then click 'Report as Spam'.
Note: Messages reported this way will be deleted automatically.
For Pine users:
From the Main Menu, select Addressbook. Then select '@' which will start the Add process. Add a new entry with these characteristics:
When you discover a spam in your inbox, now you can forward it quickly by highlighting it and type 'f'. This will start the message forward composition window. In the To: field type 'spam' and then the 'Tab' key. This will cause Pine to fill in the address using the spam address from your addressbook. Use 'Ctrl-x' to send the message. When you return to your inbox, delete the message.
For Mutt:
(Submitted by Alan Rogers)
Here's what I have in .muttrc:
set editor=vi
macro index S fspam<enter><enter>f^u<enter>yd
source .muttaliases
With this setup, it takes three keystrokes (SZZ) to forward each spam
and delete it. The S invokes the macro, and the ZZ gets you out of vi.
I haven't been able to figure out a way to get mutt to forward the message
without invoking the editor. (The bounce command would do this, but
DSPAM rejects bounced mail.)
To use a different editor, change the "set editor" command.
