Integral Anti-Spam Filtering

Integral's advanced anti-spam filtering systems block messages that appear to be spam by using internet blacklists of known spam senders, and by conducting multiple tests on each message and assigning a score to each message. When that score exceeds a certain level, it considers that message as most likely to be spam. Over 80% of the messages we receive on the mail server are spam, and we block those messages, with about a 0.6% block rate of good messages. We block over 4 million spams a year on average.

Messages are identified as spam when they fail multiple tests, often because the sender does not have their email server configured correctly, or if they are on an Internet spam blacklist. 

If the Message is Blocked because it looks like spam

If a message has been blocked because of a poor score, these are kept in a quarantine on our anti-spam filter, and you can log into the anti-spam filter to view the blocked messages, and release them by clicking on the arrow to the left of each message.

You can log into the spam filter here (ignore the security warnings): https://mx3.icmailbox.com

Login by typing in the first part of your email address, and selecting your domain from the pulldown box. The password is the same as your normal email password. A complete manual on how to do things is here: Complete Mailcleaner Manual

If The Sender is on a Blacklist

If they are on a spam blacklist, their messages may be blocked outright and never appear on our server or on most other people’s servers.

When someone is blocked in sending email to you because they are on a blacklist, there are two ways for them to fix the issue. First, they should fix the problem that caused them to be blacklisted in the first place - this involves making sure their email server is configured correctly, that there are no infected computers on their network sending spam, and then request to be removed from the blacklist. This helps in getting the email through to our mail server, and other mail servers. The second method is to request that Integral add the sender to our own private Whitelist of good senders, which makes it more likely that a message will be accepted and passed through to you. This does not guarantee that the message will get through but it greatly increases the chances of it getting through. The sender really needs to fix their problems for their email to be accepted.

 

Why are good messages getting blocked? And why are spams getting through?

There is a constant battle between spammers and internet providers over spam. Everytime someone comes up with one method to block spam messages, someone else comes up with a way around it. Internet providers are handicapped because if they make their security too tight, too many good messages get blocked. Too loose and too many spams get through. Most spammers have no ethics and resort to all sorts of crazy things to get their emails through, from sending them as images only, to sending random text to fool filters into thinking they are regular emails, and more. You have probably seen some messages like this. So internet providers have to walk a fine line in tuning their systems between blocking too much and blocking too little spam. Some good messages get caught sometimes because they look like spam.

Many home users have very poor security for their home computers and passwords, and thus are often the worst and most likely culprits to be turned into spam sending robots. Therefore very often, these systems are blacklisted, and any other users near them are blacklisted. This happens quite a bit for the free email accounts provided by gmail, hotmail, aol, sbc, etc. Realistically, if you are a working professional, you really shouldn’t be using free internet email accounts to conduct your business as it very likely that at some point, and often, your emails will be blocked by professional level spam filters used by many organizations.

 

WHAT ARE MY OPTIONS FOR SPAM FILTERING?

Our new spam filter is very flexible, and allows us to have custom settings for each company. Please review and let us know if you would like to have any of your settings changed:

Option 1: [SPAM] Tag Only

The spam filter tries to identify spam messages. Senders that are blacklisted are blocked. Identified spam messages get a [SPAM] tag to the subject line of messages. Viruses are blocked, but all other email flows through untouched. You can create a rule in outlook to move these automatically to your junk email folder and check this folder at your leisure.

Option 2: Quarantine

The spam filter blocks messages from blacklisted senders, and keeps messages it identifies as spam in quarantine, which you can check by going to http://mx3.icmailbox.com. From there you can check and release messages from the Quarantine.

Option 2a: Quarantine with Nightly Summary (Default Setting)

The same as option 2, but a nightly summary of all emails that were blocked during the day is sent to you by email around midnight and you can release messages from the quarantine by clicking on the green arrow at the left of each message.

Option 3: Be your own Admin

This option allows you to be a spam admin for your office, and allows you to see all emails that have been blocked as spam, and to maintain your own custom whitelists for emails that have been blocked.

Option 4: WHITELISTING

Whitelisting is where we add a senders email address or company domain to our list of good senders. This is a good way to let through messages that are consistently being blocked. To get an email address whitelisted, please contact us. Be aware that If the sender is on a worldwide blacklist they will probably still be blocked. It isn't practical to create extensive whitelists of thousands of email addresses, this should be used for only email addresses you are having consistent problems with, but not the email address of everyone who emails you. We will try to assist you as best as we can in receiving your email.

How does it all work? This is a semi-technical description of the filtering for the curious

The receipt and non-receipt of messages is the result of the spam filter in action. Anti-spam defenses are a multi-layered system that uses several different technologies to detect and block spam. Depending on how any given message appears, it is possible for emails from the same person to appear as spam or not, depending on the message.

Layer 1: Real Time Blacklists

These are internet based blacklists for identifying senders of spam. These blacklists are constantly updated, and change from minute to minute.

Once your email address, internet address, website, or internet provider is on this list, many different mail servers will block your emails. Often, your computer has been infected with a virus, started sending out spam, was caught in a honey trap, identified as a spam sender, and added to the list. You can often be blacklisted, even if you haven’t done anything wrong, simply by using a generic email service such as Yahoo, gmail, sbc, because so many home users get infected all the time.To get off the list, the sender or their internet provider would have to clean the infection and personally request to be removed from the list.

Our spam filter will block emails from folks on a blacklist outright – the system won’t even accept the message. There isn’t much we can do about this other than not use that particular blacklist. These lists are not controlled by Integral. There are different Blacklists: SPAMHaus, SORBS, NJABL, etc. The email will not be in the filter, and the only ways to fix it is to add the user to a custom whitelist (of good senders) or to have the sender clean up their act and get off the blacklist.

Layer 2: CLAMAV

This is an antivirus layer that tries to protect you from email bourne viruses. This will block many dangerous messages.

Layer3: ClamSPAM

Some spam messages have a unique signature that can be detected and blocked automatically.

Layer 4: SpamAssassin Scoring

SpamAssassin applies hundreds of rules against each message that is received and adds up each rule violation to a certain score (4.0 right now). Any message that exceeds that score will be identified as spam. Basic things such as words like “Viagra” (add 2 to score) “free credit counseling” (add 3 to score) misconfigured mail servers (add 1 to score), failure of SPF identification, and hundreds of other rules. If a message scores to high, it gets tagged as spam.

Spammers do things like disguise their message in images, or add random text, pretend to be good mail servers, and may other techniques to get around all of these defenses, which is why you still get some spam, but a significant percentage is being blocked by the defenses.

Unfortunately, this is the relatively simple explanation of what how it works and what the problem is. As you can see, any number of things can cause a message to be identified as spam, and this changes from instant to instant.