Email, Spam Control, FAQ
This page contains answers to common questions about the Spam Control service.
Controlling Spam and Phishing Attempts
The University employs state of the art technologies to help prevent malicious email from entering our domain. However, there are times when the existing filters do not immediately catch 'new' spam messages. To help us identify new spam, send the message to: email@example.com. Email sent to this address is automatically submitted to Proofpoint for review and if needed the spam filter will be updated. NOTE: Only malicious spam will cause a rule update. If an email is a legitimate solicitation with an unsubscribe link, then you should unsubscribe from that source if you no longer want to receive email. These advertisement messages are ‘not’ considered malicious and will not cause a rule update.
Q: What should I expect when I submit email to firstname.lastname@example.org?
A: Expect Proofpoint to evaluate the email and if necessary, update the spam engine with new rules and patterns and automatically push them to the email relays. That said, there isn't feedback about email submitted to report-spam because of the volume. Below are the mail and spam stats per hour for one day to give you a sense of volume.
Proofpoint Spam Control Overview
How do I access Spam Control?
You can request a spam digest at: https://spam-control.illinois.edu/.
- Click "Request a digest",
- Log in with your Campus ID and password
- Click "Send daily digest now!" to receive an email with suspect email from yesterday
- or Click "Send full digest now! to receive the digest for the past 10 days.
[Release]= release it this one time (it still may be caught by Outlook/Exchange as spam, so you may need to add the source email address to your Outlook safelist).
[Release and Safelist] = release it and add it to my local "Spam Control" safelist so it's not caught again. (dito on Outlook as above)
[Not Spam] - releases it and then auto-submits the email to Proofpoint as a false positive for rule evaluation/update. (dito on Outlook as above.)
Manage Your Spam Control Settings
Selecting Your Spam Policy
The following chart illustrates the email delivery differences in the spam policies:
|Personal Spam Policies|
|Cautious||Cautious Plus||Aggressive||No Quarantine||Cautious Plus, No Quarantine|
|Not Spam (spamscore=0-49)||delivered||delivered||delivered||delivered||delivered|
|Possible Spam (spamscore=50-70)||quarantined||quarantined||quarantined||delivered||delivered|
|Likely Spam (spamscore=80-98)||quarantined||quarantined||deleted||deleted||delivered|
|Certain Spam (spamscore=99-100)||quarantined||deleted||deleted||deleted||deleted|
Safe Sender and Blocked Sender Lists
- Safe Senders List - will allow email from this sender will be delivered to your mailbox.
- Blocked Senders List - email from these addresses or domains is sent to the bit bucket and deleted.
Common Questions and Answers
Will Spam Control change my email messages?
Spam Control will not change the content of your email messages, but it will add information to the email headers. Headers contain information about the sender and how the message was routed to your email client. Headers usually aren't visible to you unless you changed your email client's preferences to display them.
What information is added to the headers?
Spam Control adds the following tags to the headers of all messages:
- X-Spam-Score: A score from 0 to 100 based on increasing likelihood message is spam
- X-Spam-Details: Information about which spam policy your account is using
- X-Spam-Origsender: The sender's address, in case the visible address in the From: field was spoofed or faked
- X-Spam-Bar (on messages scoring 1 to 100): The X-Spam-Score represented as 1 to 10 asterisks (*) for Procmail recipes to filter
- X-Spam-Flag (on messages scoring 80 to 100): Set to YES for email clients to filter
What is connection blocking?
Technology Services receives constant updates from Spam Control's software vendor on global emerging spam threats, allowing us to quickly and accurately identify the worst spam servers. Using a practice known as connection blocking, Technology Services restricts these servers' communication with our campus mail server, making it less likely that spam can end up in your mailbox.
I signed up for Spam Control. Why am I still getting spam?
The spam filters work really well once a new pattern is added to the filter, however, with email running at millisecond intervals, a few hundred can make it through the relay before it's recognized as a new spam campaign. It's a constant cat/mouse game. There are multiple spam storms daily that use the old uiuc.edu domain and a lot of zero hour spam (spam that makes through the relay before it's classified as spam). Sadly, your email address may be one of the lucky/unlucky ones.
A Exchange/Outlook filter would be the best choice catch the spam that makes it through the filters and keeps it out of your inbox. You can filter all *.uiuc.edu > trash. If you're concerned about legitimate legacy contacts then a new uiuc.edu folder may work best.
We also recommend you send suspect email to email@example.com so it gets reviewed and scored by our vendor. The vendor updates our spam filters about every 5 -10 minutes.
I have a departmental email account. Can I use Spam Control?
All email entering our domains (e.g. @illinois.edu) inherits the default spam policy, Cautious Plus No Quarantine. Some departmental admins have requested specific departmental email addresses get added to their spam policy account so they inherit a more aggressive spam policy. (e.g. Aggressive) If you are an IT Pro and want to add departmental email addresses to your policy, please send an email to firstname.lastname@example.org with details.
What's the difference between this anti-spam program and the spam filters on my email reader?
Spam Control processes your email first, before your email is even delivered to your mailbox. If you use a policy that quarantines or automatically deletes spam, your email client will never see these messages because it processes your email after Spam Control. Any spam that slips through Spam Control might be caught by your email client's anti-spam filters.
Do I still need to update my virus protection?
Absolutely! Your antivirus software protects you from all kinds of attacks, including those that come through the network but not through email. Better safe than sorry!
My email messages ended up in my friend's quarantine. Why were they marked as spam?
If you send email without your full name listed in the From line or with your name spelled in all lowercase letters, then Spam Control might identify it as spam.
Make sure that you have your full, capitalized first and last name (middle initial is optional) in the full name field of your email client's preferences or account settings. The full name field is labeled differently depending on the email client software. In Microsoft Outlook, the field is labeled "Your Name." Apple Mail labels the field "Full Name." Thunderbird calls it "Your Name" and Eudora uses the term "Real Name."
If you have questions about how to change your name in your email client, please contact the Technology Services Help Desk
What is the "Default" policy?
All accounts start with the spam control policy set to "Cautious Plus, No Quarantine".
Your Spam Control email Digests
I'm vision impaired; why doesn't my screen reader read the Digest properly for me?
We're aware that the daily Digests aren't currently compatible with ADA requirements, and we're working with the vendor to provide a format suitable for screen readers.
Can I get a digest on demand?
Yes. If you're already receiving digests, and you don't want to wait until tomorrow, you can open an older digest and request a FULL digest. If you've opted not to receive digests but still want one, you can go to https://spam-control.illinois.edu to request a digest. Note: This will not change your settings; if you want to start receiving digests regularly, you'll need to go into Manage my Account -> Profile -> Settings and select to receive digests.
I requested a digest; why hasn't it shown up in my inbox?
Check to see if the digest is in your junk folder; it may have been sent there by filters on your email reader. Also, if you are using a departmental email address, you might want to check with your network administrator to find out if there's an anti-spam program running on the department server.
Can I turn off the digests?
Yes. In your email digest, select Manage my Options -> Profile. Under My Settings, uncheck both the first two boxes, which refer to "send digests..."
Can I receive digests at longer intervals instead of daily?
Yes, although you'll need to request them yourself rather than receiving them automatically. First, save and keep one digest from which to request a digest at a later time [or bookmark the web page for requesting a digest]. Then select not to receive digests: on the digest, click on Manage my Options -> Profile. Under My Settings, be sure to uncheck both boxes pertaining to receiving digests.
How do I report messages that were wrongly quarantined or that wrongly made it to my inbox?
Technology Services does not submit examples of misidentified messages to the Spam Control vendor, but we can offer you some suggestions to help you reduce future occurrences of unscreened spam or quarantined legitimate email.
If you still receive spam in your mailbox after signing up for Spam Control, then:
- Check that the spam message was sent to an email address protected by Spam Control. Not all departmental email servers have been configured to use Spam Control. You can determine if the message passed through Spam Control by checking the message's full headers. If the message does not have X-Spam-Score, X-Spam-Details, and X-Spam-Origsender tags, then the message did not get processed by Spam Control. For more information, see the I signed up for Spam Control. Why am I still getting spam? FAQ entry.
- Add the sender of the message to your Blocked Senders List. Spam Control does not screen messages from legitimate businesses that have a voluntary mailing list. If you aren't sure how to unsubscribe from such mailing lists (or if you aren't sure if the company is reputable and will actually remove you from the list), then simply add its email address to your Blocked Senders List. For directions, see the Adding Email Addresses to Safe or Blocked Senders List tutorial.
If you have any questions, please contact the Tech Services Help Desk at (217) 244-7000 or email@example.com. Help Desk consultants can quickly verify whether your account is being protected by Spam Control.
Quarantined Legitimate Email
If you have a legitimate email message misidentified as spam, then:
- Add the sender's address to your Safe Senders List. For directions, see the Adding Email Addresses to Safe or Blocked Senders List tutorial.
- Report this incident to the Technology Services Help Desk at (217) 244-7000 or firstname.lastname@example.org so that the consultants can investigate why your email was inadvertently marked as spam. (Please do not forward your misidentified email to email@example.com as your message will likely be caught again by Spam Control and not delivered to the consultants.)
Your quarantined messages
How long are messages held in quarantine?
Suspect email is held in quarantine for 10 days and is then automatically deleted.
How long are messages held in quarantine?
Suspect email is held in quarantine for 10 days and is then automatically deleted. How do I get real mail out of Quarantine?
From the spam digest email, click 'release' to release that message from quarantine and it will be sent to your inbox. You can also add the sender's address sent to your Safe Senders list by clicking on the Safelist button beside the message line. This will also release the message to your inbox.
Can I see my Quarantine folder with every message that's been quarantined?
Yes, a full digest will show you all email in the 10 day quarantine. After 10 days, quarantined email is deleted.
Do messages in Quarantine count toward my email account quota?
No. Your quota will be unaffected.
Safe Senders list / Blocked Senders list
Can I just put a domain name in the Blocked Senders list?
Yes, although blocking entire domains is not recommended. Use caution so that you don't block legitimate correspondents. For instance, if you added @hotmail.com to your Blocked Senders list, you wouldn't receive mail from anyone with a hotmail.com address.
Note: Because of the way Spam Control handles messages from campus email addresses, adding uiuc.edu and illinois.edu email addresses (or the domain uiuc.edu and illinois.edu) to the Safe or Blocked Senders list has no effect. Technology Services has reported this issue to the vendor.
I blocked someone's uiuc.edu email address but I'm still receiving email from them. Why isn't this working?
Because of the way Spam Control handles messages from campus email addresses, adding uiuc.edu and illinois.edu email addresses (or the domain uiuc.edu and illinois.edu) to the Safe or Blocked Senders list has no effect. Technology Services has reported this issue to the vendor.
In the meantime, many email clients allow you to set up filters that can move or delete email from specific email addresses. Refer to your email client's documentation for help.
How do I add the addresses from spam that reaches my inbox to my Blocked Senders list?
You don't have to open the message; you can highlight, copy, and paste the address from the index of your mail reader into your Blocked Senders list.
I have a friend whose email address was harvested, so I get spam that looks like it's from him, but sometimes the messages really are from him; how can I make the antispam program tell the difference?
Rather than putting his address in your Blocked Senders list--whereby you would not receive any messages from that address--your best bet would be to select the Cautious policy--"certain and likely spam sent to quarantine; no messages deleted"--for your personal spam policy. You can then release to your inbox any messages from his address that appear legitimate.
Spam Control is working behind the scenes to reduce spam for those who have a Google Apps @ Illinois account. With the Cautious Plus, No Quarantine spam control policy in a Google Apps @ Illinois account, for example, the account's worst spam is deleted, as well as any viruses. The remaining email will be sent to the Google account, and any leftover spam will be quarantined by Google and placed in a spam folder. Spam Control therefore weeds out the most offensive spam before it even reaches the Google Apps @ Illinois account.
How can network administrators use Spam Control with their department mail server?
Network administrators who run Procmail as the local delivery agent on departmental mail servers can use recipes to automatically filter their users' email based on Spam Control's X-Spam-Bar header. Please see Using Spam Control with Procmail for more information.