Information Technology Services: Spam Filtering
Faculty & Staff Spam Filtering
In response to requests to manage the large amount of unsolicited email (spam) that was being delivered to individual e-mail accounts, Information Technology Services implemented a centralized spam detection system for the faculty/staff email server. All incoming emails are scanned before they reach a user's inbox. One of the benefits of the Barracuda system we chose is that individual users can fine-tune the filter engine to suit their personal preferences.
How It Works
In general terms, the Barracuda service evaluates incoming messages and applies a series of tests to classify each message according to its likelihood of being spam or carrying a virus. The four categories are as follows:
- Messages that appear to clearly be neither spam or virus-bearing. These messages are delivered directly to your inbox.
- Messages that have some of the characteristics of spam but which may be legitimate are marked [BULK] in the subject line, and in Outlook will have the down arrow () indicating low importance so that you can make a decision about how to handle them.
- Messages that have suspicious attachments are marked [QUARANTINE] (quarantined). These suspicious messages are held on the server for your review.
- Messages that are clearly spam or virus-bearing are discarded before you see them.
At the simplest level, you can use your email program just as you have always used it. Barracuda will strip out obvious spam and deliver the remaining messages to your inbox. You will however notice one difference: some of the messages arriving in your inbox will have the label [BULK] at the start of the subject line. This label is there to help you determine what needs to be done with those messages: read them, delete them, store them in a separate folder, etc.
While this is the simplest of approaches and requires minimal time and effort on your part, the downside is that when used at this level you're agreeing to accept Barracuda's judgment as final, which means some unwanted messages may get through while other desirable ones may get blocked, or at least labeled. You can take advantage of Barracuda's customization tools by setting up an individual user account. Setting up and using that account is the subject of the remainder of this page.
Top of page
Setting up a Barracuda User Account
MSU-Northern faculty & staff have access to the Barracuda personal account management system. To make use of this system you must initialize your account. Follow these steps:
- Access the Barracuda site from your browser. You'll see the following login form:
- Request a password. Your username is your regular email address, in the form firstname.lastname@example.org. If you have never used this service before, the system will need to issue you a password. To request a password, enter your full email address in the Username: field (ex: email@example.com) and click Create New Password. The system will confirm the operation and within just a few moments a new password will be sent to you in the body of an email message. You can also use this process to get a reminder if you've forgotten your password.
- Login with the password. Return to the login page and this time log in with your full email address and the password you just received (or click on the link in the email message you received from the server). If everything is working properly the next screen will be a screen displaying the Quarantine Inbox. The other tab is the Preferences tab with the options to build your Whitelist/Blacklist, check your Quarantine Settings, Spam Settings and reset your Password. Whenever you have the Barracuda send you a password in an email the first thing you should do upon logging on to the Barracuda, whether you have a new account or asked for a reminder, is CHANGE YOUR PASSWORD.
When you are finished using the system, don't forget to click the Log Off link in the upper right-hand corner, or close your browser.
Also from the login screen, you can get a plug-in for your Outlook client that will allow you to classify messages as spam or not-spam right from your desktop. Once installed, the plug-in is available both on the Outlook toolbar and on individual email messages when they are opened. The icons are a red envelope with an X () to classify messages as Spam, and a green envelope with a check mark () to classify messages as Not Spam.
To download and install the plug-in:
- Click the Download Outlook Add-In Installer link that appears at the bottom of the login screen,
- Save the file to your computer (make a note of where you save it),
- Close all your applications,
- Use My Computer or the Windows Explorer to browse to the location you saved the file and then double-click to start the installation. Then follow the instructions. The installation is very quick and simple.
When you re-open Outlook, you will see the new icons on your toolbar. Bayesian learning is only effective when the differences between "Spam" and "Not Spam" are known to the system. Therefore it is important to make sure that you mark email messages as "Not Spam" as well as "Spam". This plugin is designed to make that classification process as easy as possible. However, it is up to each user to make sure that the items they classify from the plugin are really considered spam or not spam, as it will affect the scoring of future messages coming onto the system for them. (Note: Classifying internal MSUN email as Spam/Not Spam will have no effect - internal email is not processed by the Barracuda, only email coming from off campus)
Top of page
Setting your preferences
Once your account is working there are some basic preferences to set. You can do this with the options on the Preferences tab. When the Preferences page appears, the default view will show you the Security page, with the other options displayed as a row of links - Whitelist/Blacklist, Quarantine Settings, Spam Settings and Password.
You can use this form at any time to change your password. Fill in the fields and then click the Save Password button to activate your changes. If at any time you happen to forget your new password, use the Create New Password option on the login screen to get a reminder, as described above.
Remember that you should ALWAYS change your password when ever you have received an email that contains the password!
This section of the preferences page gives you the opportunity to turn the quarantine service off and on. When Yes is selected for Enable Quarantine, then all quarantined messages will be stored on this server. You will have to log into the server to review and act on those messages. If you prefer to have your quarantined messages delivered to your inbox, select No. Click Save Changes after you have made your choice. If you decide to use the quarantine service you can also elect to be notified periodically about quarantined messages by email.
On this page you can enable or disable the filter. Yes is the default, and is the recommended option. If you set this to No then you will not be protected by Barracuda spam filtering, but virus filtering will still take place. Click Save Changes to store your settings if you changed them.
This section of the Barracuda interface allows you to instruct the system to allow certain messages to bypass parts of the filtering process. You have two choices. The Whitelist option allows you to designate senders that might have otherwise have received a tag or been blocked to pass through to your inbox without modification. Virus bearing messages will not be delivered even if the sender's address is whitelisted. You can also name senders and domains that will always be blocked (Black listed) even if there's nothing wrong with the message. In the tables provided, enter either a fully qualified email address or a domain name (the domain name is everything after the @ sign in an email address). If you only enter a domain name, all messages from all senders at that particular domain will be affected. In the example below, two items (one sender and one domain) have been added to the Whitelist ("allowed") and two have been added to the blacklist ("blocked"). You must click Add for each new entry to add it to a list.
You can use this feature to make sure that you will receive messages from certain favored senders, to block messages from unwanted mailers, and more generally to reduce the number of items that arrive marked as [BULK], which will in turn cut down the amount of time you have to spend on maintenance. To remove an item from either list, click the trash can image next to that entry.
If you have enabled the Quarantine service, messages that are labeled [QUARANTINE] will be held for you on the Barracuda server for you to peruse at your convenience. In this part of the Preferences section you can tell the system to send you email reports summarizing the contents of your Quarantine box, either Daily or Weekly (Daily is the default). Choosing Never to this question will not affect the quarantine function, but it means that you will have to remember on your own to access the Barracuda interface to see the messages that have been quarantined. Click Save Changes to record your settings.
The first time the Barracuda Spam Firewall quarantines an email intended for you, the system sends you a greeting message with a subject line of User Quarantine Account Information. The greeting message will be similar to the following:
Welcome to the Barracuda Spam Firewall. This message contains the information you will need to access your Spam Quarantine and Preferences.
Your account has been set to the following username and password:
Access your Spam Quarantine directly using the following link: [link sample removed]
Remember: You should change your password the first time you log on.
Managing Quarantined Mail
The Quarantine Inbox is your personal display on the Barracuda server of the quarantined email that has been saved for your review.
The system is currently set to only Quarantine messages that have dangerous attachments. Because these messages are quarantined rather than simply discarded, you have the opportunity to make decisions about how to handle them.
Above the list of messages is a row of buttons that define various actions that can be applied to messages. By using the check boxes on the left hand side of the screen, you can apply any of them to a single message, or to a group of messages at once.
- Deliver -- sends the selected message(s) on to your regular MSUN inbox.
- Whitelist -- automatically adds the sender's information to your whitelist.
- Whitelist/Not Spam -- automatically adds the sender's information to your whitelist and marks it as Not Spam.
- Delete -- discards the selected message(s). You cannot recover messages you have deleted.
The Deliver, Whitelist and Delete functions are also available as links in right hand the Actions column for each entry -- you can use these to apply the action to single messages.
Normally the Barracuda filter applies a series of global tests and each tested message receives a cumulative score that determines how the message will be classified. These tests are reasonable approximations of what most users want, but there is a large gray area in between "spam" and "not spam" and you may find that you don't always agree with Barracuda's decisions. The solution to this problem is to feed Barracuda examples of messages you consider to be spam and messages you consider to be valid. This is the purpose of the other two action buttons on this screen:
- Classify as Spam -- submits the selected message to the filter engine, which in turn uses its features to classify future messages as spam.
- Classify as Not Spam -- submits the selected message to the filter engine, which in turn uses its features to classify future similar messages as valid email.
Top of page
This is a dynamic system that learns your preferences over time. The more examples you present to the system, the more accurate its tests will become. It's important to note that this is not a simple yes/no decision making process. It is instead "fuzzy" and constantly changing, and whether an individual message is ultimately labeled as [BULK] or [QUARANTINE] is a function not of any single test but the cumulative effect of all the tests. What Barracuda is giving you with these tools is a way to influence the criteria used when these tests are applied. As the system learns your needs it will become "smarter" and will require less of your time and attention.
Spammers are constantly altering their methods to get around spam filters. This is why sometimes you aren't receiving much spam at all then suddenly you start getting a lot. There is a time lag between when a new spam format comes out and the Barracuda learns and starts blocking the new patterns.
Top of page
Return to Services