Training the Bayesian Spam Learning Engine in WorldClient

MDaemon’s built-in spam filter includes a feature known as Bayesian Learning. Bayesian Learning allows MDaemon to “learn” what types of messages are spam and what types are not spam. This allows the spam filter to become more accurate over time.

It is important for users to properly train the Bayes system so that messages are correctly flagged as spam or non-spam. We do not recommend blacklisting the sender of spam messages because this does not help the Bayes engine learn from the message, and thus, has no effect on reducing spam. The easiest way to train the Bayes engine is for users to use the thumbs-up and thumbs-down icons in WorldClient (MDaemon’s webmail client) to feed the Bayes engine samples of spam and non-spam. The more spam and non-spam samples you feed to the Bayes engine, the more accurate the spam filter will become over time, thus, it is very important for users to use the thumbs-down icon on every spam message – whether it arrives in your Inbox or in your Junk Email folder. Likewise, for every false-positive (legitimate, non-spam message that is flagged as spam), you can use the thumbs-up icon to flag the message as non-spam.

This knowledge base article provides a more thorough explanation of Bayesian Learning and how to train the Bayesian Learning engine.

This video explains further.

If you are an end user and you do not see the thumbs-up and thumbs-down icons in WorldClient, the MDaemon administrator can take steps outlined in this video and blog post to make those icons appear.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Are You Receiving Replies to Messages you Never Sent?

Image "Return to Sender"

Have you ever logged into your email to find tons of bounce-back messages (out-of-office replies, NDR messages, invalid recipient messages) in response to messages you never sent? For many users, their first thought is that they need to change their email password. However, changing your email password will not prevent this. Why? Because what you are receiving is known as backscatter, and has nothing to do with your email account being hacked.

Spammers often forge the return-path in their outbound messages to cover up their true identity. If the forged address in these spam messages was your address, then you are likely to receive the bounce-back messages and auto-responders in response to these messages.

So how do you prevent this? MDaemon includes Backscatter Protection. Backscatter Protection works by adding a special key to the return-path of all outbound mail. When MDaemon receives an out-of-office reply or non-delivery message, it looks for that special key. If the key is missing, then we know the bounce-back message is not legitimate and can be discarded.

When Backscatter Protection is disabled, the return-path of a message looks like this:
X-Return-Path: frank.thomas@example.com

When Backscatter Protection is enabled, an extra series of characters beginning with prvs= is added to the return path – like this:
X-Return-Path: prvs=163898ff65=frank.thomas@example.com

It is this extra series of characters that the Backscatter Protection feature looks for in bounce-back messages.

Check out the following video to learn more about Backscatter Protection and how to enable it in MDaemon. If you have questions, please feel free to leave us a comment & let us know!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Ransomware and Banking Trojans are Big Business

Spam is big business. With the proliferation of botnets for hire, it takes very little effort for a spammer to send out thousands of messages at a time. These messages may contain links to websites peddling counterfeit products, or they may be laced with viruses, trojans, and various other forms of malware. The barriers to entry and costs incurred by spammers are very low

There seems to be no end to the global threat of malware spreading via spam and phishing emails and propagated by botnets around the world. Over the past few months, two threats have emerged. One is a banking trojan targeting users in Brazil, and the other is the now-infamous Cryptowall ransomware.

The banking trojans are spread via phishing emails containing CPL files, which are a type of library file that executes code once it is clicked on. Social engineering tactics are used to try to convince the message recipients that the attachment contains valuable information, such as an invoice or banking information.

Click here to learn more about these banking trojans.

The other big player in the malware arena is ransomware. A recent study has shown the proliferation of phishing emails with SVG files attached. These files, when downloaded and executed, open websites with what appears to be the CryptoWall ransomware.

Click here to learn more about CryptoWall ransomware.

The common theme for both of these threats is that the user was not exercising the proper amount of caution before opening email attachments. Both of these threats where spread via phishing emails, which use social engineering tactics to trick end users into opening these messages and clicking on links or downloading attachments.

Spammers know that end users are often the weakest link in fighting spam, so it’s in the best interest of companies of all sizes to educate their users on email safety. While most mail servers and spam gateways, such as MDaemon and SecurityGateway, have numerous tools for blocking spam & malware, no anti-spam solution is 100% fool-proof. Spammers are always seeking out new methods to trick users into opening their messages, so users must learn how to stay safe and recognize potential threats.

For a review of best practices for end users, review my post “Email Safety Tips for End Users.”

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Blocking Messages based on Keywords in SecurityGateway

If you work in real estate, you are not likely to receive email with pharmaceutical-related content, and if you work in the medical field, you’re not likely to receive email about stock tips or account-related notifications from PayPal. With SecurityGateway, you can create content filter rules to filter out messages that contain words that are not relevant to your business. You can filter based on the sender, recipient, IP address, message subject, message body, or any header found within the message. I’ll show you how in the following brief tutorial video.

SecurityGateway is a software-based email gateway/firewall that can be installed in front of any Exchange or other SMTP mail server, allowing you to block malicious content, such as spam, viruses, malware, and phishing attempts, before it reaches your mail server. You can learn more about SecurityGateway here.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

MDaemon Spam Filter Deep-Dive Webinar

In addition to its built-in spam filter, MDaemon includes many other security features that can be used to fight spam. In this webinar, we take you through an in-depth explanation of MDaemon’s spam-fighting features, and discuss recommended settings for best results.

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Spam Fighting Techniques – An Article from AllSpammedUp

An article that discusses various spam filtering techniques was recently posted on AllSpammedUp, and I wanted to share it with you because it contains some valuable information on fighting spam.

There isn’t a single, “one size fits all” way to catch all spam. Spam filters use various techniques, such as backlists and whitelists, Bayesian analysis, trend analysis, heuristic analysis, word lists, and much more. These days, spammers are aware of many of the anti-spam techniques that are used, and they are constantly trying to find ways around these techniques by altering the spelling of keywords, forging headers and addresses, sprinkling words from literature throughout the message, and other techniques.

The article talks about using trend analysis, content filtering, word lists, blacklists, Sender Policy Framework (SPF), and Challenge-Response.

You can read the original article here:
http://www.allspammedup.com/anti-spam/

MDaemon includes many tools for fighting spam, including SPF & SenderID, heuristic analysis, Bayesian Learning, IP Shielding, spam filter blacklists, reverse lookups, and much more.

SPF & SenderID provide a way for a receiving server to determine if an incoming message came from a location that was authorized to send mail from the sender’s domain. You can learn more about SPF here:
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-01560

And here is a short video on how SPF works, and how to enable it in MDaemon:
http://www.altn.com/Tutorials/Video-Post/?vid=mp4:eLearn-MD_SPF.f4v

DomainKeys Identified Mail (DKIM) is an anti-spoofing technique that uses an encrypted public key, published in DNS, and each message is signed with a private key. The private & public keys are compared for a match. This video will demonstrate how DKIM works:
http://www.altn.com/Tutorials/Video-Post/?vid=mp4:eLearn-MD_DKIMIntroVrf.f4v

Tarpitting and greylisting are other spam fighting techniques. Tarpitting will slow the connection down once a specified number of RCPT commands have been given. This is to discourage spammers from sending bulk mail through your server. You can learn how to set up tarpitting in this video:
http://www.altn.com/Tutorials/Video-Post/?vid=mp4:eLearn-MD_TarpitConfig.f4v

Greylisting is a technique that exploits the fact that SMTP servers retry delivery of a message that receives a temporary “Try again later” error. Using this technique, when a message arrives from a non-white listed or otherwise previously unknown sender, its sender, recipient, and sending server’s IP address will be logged and then the message will be refused by Greylisting during the SMTP session with a temporary error code. Then, for a designated period of time (say, 15 minutes) any future delivery attempts will also be temporarily refused. Because spammers do not typically make further delivery attempts when a message is refused, greylisting can significantly help to reduce the amount of spam your users receive. But, even if the spammers should attempt to retry delivery at a later time, it is possible that by that time the spammers will have been identified and other spam-fighting options (such as DNS blacklists) will successfully block them. This video explains how greylisting works & how to set it up in MDaemon:
http://www.altn.com/Tutorials/Video-Post/?vid=mp4:eLearn-MD_Greylisting.f4v

Be sure to feed your Bayesian Learning filters with examples of spam and non-spam messages. Here’s more information on training the Bayesian Learning process:
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-01746

These are just a few of the many spam fighting tools in MDaemon. One single spam-fighting technique may not be good enough to thwart the spammers, but when all anti-spam tools are used together, your spam filter can be surprisingly effective.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •