CCIT Article - New Anti-SPAM Solution
David BuckleyInformation Security & Privacy
As you may have heard in the news and experienced in your email inbox, spam has more than doubled since this time last year. Currently, three out of every four messages being transmitted worldwide are spam (an estimated 62 billion spam messages a day). To answer this increase, Clemson will implement a commercial-based anti-spam solution for all users in April. The following information should help answer questions about our response to this growing problem.
To protect our organization from virus attacks and to protect you from receiving hundreds of spam messages, we will filter all incoming email with the Proofpoint Protection Server. Proofpoint uses an advanced machine learning filtering technique called MLX™ to ensure that no valid mail is improperly filtered. For more information about the Proofpoint Protection Server and MLX, you can visit Proofpoint's web site at http://www.proofpoint.com.
How does email filtering work?
All incoming and outgoing email is filtered by the Proofpoint Protection Server. Messages that contain a virus, or spam, or inappropriate content are "scored." If the messages score high enough, the messages are sent to the Quarantine, where users can "take a look" at them.
What is the Quarantine?
The Quarantine is a location on a server where email messages are stored temporarily because they might contain spam, a virus, or inappropriate content. If the message is infected with a virus, the virus is removed. You can release your messages from the Quarantine if you determine that they are not spam. Messages that are not released from the Quarantine are automatically deleted after a designated period of time.
What is an End User Digest?
If email messages addressed to you were sent to the Quarantine, you will receive an email notification, called an End User Digest (or Digest), in your mail box. The Digest provides you with a list of the messages addressed to you that are stored in the Quarantine. You can look at the message subject headers to determine their content and as a result what actions you want to apply to the messages.
You may also receive an empty Digest, which is simply an email message indicating that you have no messages in the Quarantine. You may want to receive a Digest even if it doesn't contain any messages, so you can continue to manage certain aspects of your email.
End User Digest
How is the Digest implemented and managed?
The content in your Digest and the operations you can perform on your messages may vary greatly. You may see different sections or headings that represent the modules that filter the incoming email messages.Or you may simply see a list of messages with no indication which filtering module sent them to the Quarantine.
Links may be provided to perform certain operations, like releasing a message, reporting a message as spam, or requesting an updated Digest.
Why would I want to release a message from the Quarantine?
Sometimes, the Proofpoint Protection Server designates a message as spam even though it's a legitimate email. If you decide you want to read the message, you can release it. Releasing the message removes it from the Quarantine and delivers it to your mail box.
For example, you may be on a mailing list that sends you notices about new movies available on DVD. You want to receive these notices, but the Proofpoint Protection Server takes a conservative approach and scores these messages as spam and sends them to the Quarantine. When you look at your Digest, you will see that these are messages that you indeed want delivered to your mail box.
What happens to my messages in the Quarantine?
If you do not release a message from the Quarantine, it will automatically be deleted after a designated period of time. So if you look at the messages in your Digest, and determine that all of them are spam, you do not need to do anything. The messages will automatically be deleted from the Quarantine.
What is a Safe Senders and Blocked Senders list?
There are two types of Safe Senders lists: the Global Safe Senders List and your personal Safe Senders List. Both are simply lists of legitimate senders of email. The email administrator controls the Global Safe Senders List, which applies to everyone in the organization. You control your personal Safe Senders List to which you can add the addresses of people, organizations, and mailing lists from which you do want to receive mail.
If a sender's address is included in the Safe Senders List, the Proofpoint Protection Server filters the message for a virus or inappropriate content, but does not filter for spam.
There are two types of Blocked Senders lists: Global Blocked Senders List and your personal Blocked Senders List. These lists contain addresses of people, organizations, and mailing lists from which you do not want to receive "junk email." The email administrator controls the Global Blocked Senders List, which applies to everyone in the organization.
If a sender's address is included in the Blocked Senders List, the Proofpoint Protection Server filters for viruses and inappropriate content, but does not filter for spam before sending it to Blocked folder in the Quarantine.
Safe/Blocked Senders List Summary
What is a false positive?
A false positive is an email incorrectly identified as spam. If an email message is scored as spam and sent to the Quarantine, but it really is a legitimate message from a legitimate sender, you can report it as a false positive.
In the future, messages that have the same characteristics as the message you reported will not be placed in the Quarantine for containing spam.
What is a false negative?
A false negative is an email incorrectly identified as not spam. An email message that is incorrectly delivered to your mail box because it was not identified as spam can be reported as a false negative.
Spammers are very clever and are always finding ways to trick products like the Proofpoint Protection Server into delivering spam to your mailbox. Proofpoint sends frequent updates to our organization in an attempt to stay one step ahead of the spammers.
How can I get more information?
For more information about ProofPoint and screenshots of the message digest, please go to http://www.clemson.edu/spam .
Users may also email help@clemson.eduwith questions on this anti-spam solution.