Email, Spam Control, Spam Control FAQ
This page contains answers to common questions about the Spam Control service.
Controlling Spam and Phishing Attempts
The University employs state of the art technologies to help prevent malicious email from entering our domain. However, there are times when the existing filters do not immediately catch 'new' spam messages. To help us identify new spam, send the message to: email@example.com. Email sent to this address is automatically submitted to Proofpoint for review and if needed the spam filter will be updated. NOTE: Only malicious spam will cause a rule update. If an email is a legitimate solicitation with an unsubscribe link, then you should unsubscribe from that source if you no longer want to receive email. These advertisement messages are ‘not’ considered malicious and will not cause a rule update.
Q: What should I expect when I submit email to firstname.lastname@example.org?
A: Expect Proofpoint to evaluate the email and if necessary, update the spam engine with new rules and patterns and automatically push them to the email relays. That said, there isn't feedback about email submitted to report-spam because of the volume. Below are the mail and spam stats per hour for one day to give you a sense of volume.
Proofpoint Spam Control Overview
How do I access Spam Control?
You can request a spam digest at: https://spam-control.illinois.edu/.
- Click "Request a digest",
- Log in with your Campus ID and password
- Click "Send daily digest now!" to receive an email with suspect email from yesterday
- or Click "Send full digest now! to receive the digest for the past 10 days.
[Release]= release it this one time (it still may be caught by Outlook/Exchange as spam, so you may need to add the source email address to your Outlook safelist).
[Release and Safelist] = release it and add it to my local "Spam Control" safelist so it's not caught again. (dito on Outlook as above)
[Not Spam] - releases it and then auto-submits the email to Proofpoint as a false positive for rule evaluation/update. (dito on Outlook as above.)
Manage Your Spam Control Settings
Selecting Your Spam Policy
- certain phish - score greater than 90, reject message
- probable phish - score greater than 50, send to quarantine phish folder and reject message
- certain spam - score greater than 95, discard message
- spam - score greater than 80, add header tags, continue to process the message
- probable spam - score greater than 50, add spam header tags continue to process the message.
- Cautious - likely and possible spam sent to quarantine.
- Aggressive - likely and certain spam deleted, possible spam sent to quarantine.
- No Quarantine - likely and certain spam deleted, no quarantine.
- Cautious Plus - certain spam deleted, remaining mail is delivered
- Cautious Plus No Quarantine - certain spam deleted, remaining mail is delivered, no quarantine.
Will Spam Control change my email messages?
Spam Control will not change the content of your email messages, but it will add information to the email headers. Headers contain information about the sender and how the message was routed to your email client. Headers usually aren't visible to you unless you changed your email client's preferences to display them.
What information is added to the headers?
Spam Control adds the following tags to the headers of all messages:
- X-Spam-Score: A score from 0 to 100 based on increasing likelihood message is spam
- X-Spam-Details: Information about which spam policy your account is using
- X-Spam-Origsender: The sender's address, in case the visible address in the From: field was spoofed or faked
- X-Spam-Bar (on messages scoring 1 to 100): The X-Spam-Score represented as 1 to 10 asterisks (*) for Procmail recipes to filter
- X-Spam-Flag (on messages scoring 80 to 100): Set to YES for email clients to filter
If I'm using Tag and Deliver, will I receive all of my email?
You will receive all email that is delivered to the campus mail server. Email from servers that are actively being blocked by Technology Services (due to a very high probability that they send spam) do not arrive at our campus mail server and therefore cannot be delivered. For more information, see "What is connection blocking?" below.
What is connection blocking?
Technology Services receives constant updates from Spam Control's software vendor on global emerging spam threats, allowing us to quickly and accurately identify the worst spam servers. Using a practice known as connection blocking, Technology Services restricts these servers' communication with our campus mail server, making it less likely that spam can end up in your mailbox.
Common Questions and Answers
Your email Options
I signed up for Spam Control. Why am I still getting spam?
First, make sure that the spam was sent to an email address that is protected by Spam Control. These addresses are email@example.com, firstname.lastname@example.org, and some departmental email addresses (i.e., email@example.com). An easy way to tell if a message was processed by Spam Control is to view the message's full headers. Spam Control adds X-Spam-Score, X-Spam-Details, and X-Spam-Origsender tags to all messages that it processes. If you have a departmental email address and you do not see these tags on the spam's full headers, then your department has not configured their email server to use Spam Control (see the next FAQ entry for more information).
If your spam message has Spam Control tags, then next make sure that you are using a policy that quarantines or deletes spam. If you are in the Tag and Deliver policy, you will have all email, including messages identified as spam, delivered to your mailbox. You can increase the level of spam filtering by choosing the Cautious, Cautious Plus or Aggressive policies. For directions on how to change your policy, see Selecting Your Spam Policy above.
Finally, Spam Control is able to identify most spam. Spammers constantly adjust their spam messages in order to foil anti-spam programs. Sometimes a new type of spam will not be caught by Spam Control immediately. However, Spam Control is updated several times a day to change with the spammers' techniques. Eventually the new spam messages will be identified and you won't see them anymore.
I have a departmental email account. Can I use Spam Control?
Some departmental email servers have been configured to use Spam Control. This means that email sent to your departmental email address (i.e., firstname.lastname@example.org) will be automatically scanned by Spam Control.
Depending on your situation, you might be able to have your departmental email account protected by Spam Control even if your department is not using Spam Control. Please contact the Technology Services Help Desk for assistance. They can be reached at (217) 244-7000, (800) 531-2531 or email@example.com.
What's the difference between this anti-spam program and the spam filters on my email reader?
Think of your computer as being "downstream" in the flow of email delivery. Spam Control processes your email first, before your email is even delivered to your mailbox. If you use a policy that quarantines or automatically deletes spam, your email client will never see these messages because it processes your email after Spam Control. Any spam that slips through Spam Control might be caught by your email client's anti-spam filters. (If you are using Tag and Deliver then all of your messages will be sent to your mailbox whereupon your email client will run its own spam filters.)
Do I still need to update my virus protection?
Absolutely! Your antivirus software protects you from all kinds of attacks, including those that come through the network but not through email. Better safe than sorry!
I'm going on vacation for two weeks. What should I do so I won't lose any real mail in Quarantine?
To avoid having any quarantined mail deleted before you can check your Quarantine, you can set your account to the Tag and Deliver option. All mail--except, of course, messages with viruses attached--will be delivered to your inbox. When you return from vacation, you can change your policy back.
Is it likely that legitimate messages will be misidentified as spam and deleted?
It's possible, although Spam Control has a low rate of misidentification. If you're concerned about this, you can choose Tag and Deliver, whereby no messages are ever deleted--although they all go to your mailbox, including actual spam. You can choose to set up your own filters to move them to another folder or you can use the Cautious policy, in which all messages identified are quarantined for 10 days before they are deleted. This gives you time to review the contents while still reducing spam. You can then release to your inbox any legitimate messages that get quarantined as spam.
My email messages ended up in my friend's quarantine. Why were they marked as spam?
If you send email without your full name listed in the From line or with your name spelled in all lowercase letters, then Spam Control might identify it as spam.
Make sure that you have your full, capitalized first and last name (middle initial is optional) in the full name field of your email client's preferences or account settings. The full name field is labeled differently depending on the email client software. In Microsoft Outlook, the field is labeled "Your Name." Apple Mail labels the field "Full Name." Thunderbird calls it "Your Name" and Eudora uses the term "Real Name."
If you have questions about how to change your name in your email client, please contact the Technology Services Help Desk
What is the "Default" policy?
An additional policy called "Default" is listed with the other Spam Control policies in the Spam Control web interface. Technology Services is currently unable to hide or delete this listing. We have requested that Spam Control's vendor remove the Default policy in the next version release. In the meantime, if you choose the Default policy, you will receive all of your email including spam messages, just as you would with the Tag and Deliver policy.
Your Spam Control email Digests
I'm vision impaired; why doesn't my screen reader read the Digest properly for me?
We're aware that the daily Digests aren't currently compatible with ADA requirements, and we're working with the vendor to provide a format suitable for screen readers.
Can I get a digest on demand?
Yes. If you're already receiving digests, and you don't want to wait until tomorrow, you can open an older digest and request a FULL digest. If you've opted not to receive digests but still want one, you can go to https://spam-control.illinois.edu to request a digest. Note: This will not change your settings; if you want to start receiving digests regularly, you'll need to go into Manage my Account -> Profile -> Settings and select to receive digests.
I requested a digest; why hasn't it shown up in my inbox?
Check to see if the digest is in your junk folder; it may have been sent there by filters on your email reader. Also, if you are using a departmental email address, you might want to check with your network administrator to find out if there's an anti-spam program running on the department server.
Can I turn off the digests?
Yes. In your email digest, select Manage my Options -> Profile. Under My Settings, uncheck both the first two boxes, which refer to "send digests..."
Can I receive digests at longer intervals instead of daily?
Yes, although you'll need to request them yourself rather than receiving them automatically. First, save and keep one digest from which to request a digest at a later time [or bookmark the web page for requesting a digest]. Then select not to receive digests: on the digest, click on Manage my Options -> Profile. Under My Settings, be sure to uncheck both boxes pertaining to receiving digests.
How do I report messages that were wrongly quarantined or that wrongly made it to my inbox?
Technology Services does not submit examples of misidentified messages to the Spam Control vendor, but we can offer you some suggestions to help you reduce future occurrences of unscreened spam or quarantined legitimate email.
If you still receive spam in your mailbox after signing up for Spam Control, then:
- Check that the spam message was sent to an email address protected by Spam Control. Not all departmental email servers have been configured to use Spam Control. You can determine if the message passed through Spam Control by checking the message's full headers. If the message does not have X-Spam-Score, X-Spam-Details, and X-Spam-Origsender tags, then the message did not get processed by Spam Control. For more information, see the I signed up for Spam Control. Why am I still getting spam? FAQ entry.
- Add the sender of the message to your Blocked Senders List. Spam Control does not screen messages from legitimate businesses that have a voluntary mailing list. If you aren't sure how to unsubscribe from such mailing lists (or if you aren't sure if the company is reputable and will actually remove you from the list), then simply add its email address to your Blocked Senders List. For directions, see the Adding Email Addresses to Safe or Blocked Senders List tutorial.
If you have any questions, please contact the Tech Services Help Desk at (217) 244-7000 or firstname.lastname@example.org. Help Desk consultants can quickly verify whether your account is being protected by Spam Control.
Quarantined Legitimate Email
If you have a legitimate email message misidentified as spam, then:
- Add the sender's address to your Safe Senders List. For directions, see the Adding Email Addresses to Safe or Blocked Senders List tutorial.
- Report this incident to the Technology Services Help Desk at (217) 244-7000 or email@example.com so that the consultants can investigate why your email was inadvertently marked as spam. (Please do not forward your misidentified email to firstname.lastname@example.org as your message will likely be caught again by Spam Control and not delivered to the consultants.)
Your quarantined messages
How do I get real mail out of Quarantine?
Click on the Release button beside the message line in the digest; this will release that message to your inbox. You can also have the sender's address sent to your Safe Senders list by clicking on the Safelist button beside the message line. This will also release the message to your inbox.
How long are messages held in quarantine?
Messages are held for 10 days, and are then automatically deleted.
Can I see my Quarantine folder with every message that's been quarantined?
No. You can request to see what's in the folder at any given time, but messages in Quarantine are deleted after 10 days, so you won't be able to see any quarantined messages older than that.
How much spam can I have in Quarantine?
You can have as much as you receive in Quarantine for 10 days. Messages older than 10 days will be deleted automatically.
Do messages in Quarantine count toward my email account quota?
No. Your quota will be unaffected.
What happens to quarantined messages?
Unless you release a message to your inbox, messages will remain in Quarantine for 10 days, after which they will be permanently deleted.
Your Safe Senders list / Blocked Senders list
Can I just put a domain name in the Blocked Senders list?
Yes, although blocking entire domains is not recommended. Use caution so that you don't block legitimate correspondents. For instance, if you added @hotmail.com to your Blocked Senders list, you wouldn't receive mail from anyone with a hotmail.com address.
Note: Because of the way Spam Control handles messages from campus email addresses, adding uiuc.edu and illinois.edu email addresses (or the domain uiuc.edu and illinois.edu) to the Safe or Blocked Senders list has no effect. Technology Services has reported this issue to the vendor.
I blocked someone's uiuc.edu email address but I'm still receiving email from them. Why isn't this working?
Because of the way Spam Control handles messages from campus email addresses, adding uiuc.edu and illinois.edu email addresses (or the domain uiuc.edu and illinois.edu) to the Safe or Blocked Senders list has no effect. Technology Services has reported this issue to the vendor.
In the meantime, many email clients allow you to set up filters that can move or delete email from specific email addresses. Refer to your email client's documentation for help.
How do I add the addresses from spam that reaches my inbox to my Blocked Senders list?
You don't have to open the message; you can highlight, copy, and paste the address from the index of your mail reader into your Blocked Senders list.
I have a friend whose email address was harvested, so I get spam that looks like it's from him, but sometimes the messages really are from him; how can I make the antispam program tell the difference?
Rather than putting his address in your Blocked Senders list--whereby you would not receive any messages from that address--your best bet would be to select the Cautious policy--"certain and likely spam sent to quarantine; no messages deleted"--for your personal spam policy. You can then release to your inbox any messages from his address that appear legitimate.
Spam Control is working behind the scenes to reduce spam for partner computing services email users, such as those who have a Google Apps @ Illinois account. With the Cautious Plus, No Quarantine spam control policy in a Google Apps @ Illinois account, for example, the account's worst spam is deleted, as well as any viruses. The remaining email will be sent to the Google account, and any leftover spam will be quarantined by Google and placed in a spam folder. Spam Control therefore weeds out the most offensive spam before it even reaches the Google Apps @ Illinois account.
How can network administrators use Spam Control with their department mail server?
Network administrators who run Procmail as the local delivery agent on departmental mail servers can use recipes to automatically filter their users' email based on Spam Control's X-Spam-Bar header. Please see Using Spam Control with Procmail for more information.