Spam Assassin Overview
If you have ever had an email account (who doesn’t?), you know how annoying spam can be and how it is an unavoidable evil of using email. Even though there is no sign of spamming ever stopping world-wide, things can be done to prevent a majority of spam from making it to your inbox.
In this post, we’ll explain a few things we do on our end to help keep as much spam from reaching your inbox, giving you more time to read actual email.
Spam protection on our servers begins with SpamAssassin. SpamAssassin scans all incoming messages for common spam criteria and then assigns a “score” to that each message. On an account level, SpamAssassin can be configured with how you would like messages of a certain score to be handled. For example, SpamAssassin by default will look for messages with a score lower than “5” meaning that any message with a score below “5” will be marked as a spam message. You also have the ability to configure how these messages marked as spam are handled, be it discarded, marked, or routed to a spam folder that you can look through at a later time and make sure legitimate email is not being blocked.
SpamAssassin also allows you, with a bit of simple coding, to “train” it so that it “learns” what you mark as spam to help improve it’s scoring and blocking capability.
But, even with those features, SpamAssassin is not perfect and spammers are always finding ways to word or format their messages so that they beat the checks and make it to your inbox. Due to this, we’ve added some new features/plugins to our SpamAssassin installs to help make it even better at blocking incoming spam before it makes it to your inbox.
The first of these is “DCC” which stands for Distributed Checksum Clearinghouse. A complicated name, for something very simple! The basic function behind DCC is that most spam mails are sent to many people and the same message appearing many times in those emails, is bulk email. DCC identifies bulk email by taking a checksum (a unique identifier) and sending that to a Clearinghouse (server). The server then responds with the number of times it has received that checksum. An individual email will create a score of 1 each time it is processed and then bulk mail can be identified because the response number is high. We also run our own DCC servers to ensure lookups can be performed as quickly as possible.
The next of these additions is Razor. Razor is also a checksum based spam detection network that creates a distributed and constantly updating catalogue of spam through user contribution. User input is validated through reputation assignments based on consensus. So, essentially, if a large amount of users are marking a specific type of message as spam in their mail clients, this is picked up by Razor and added to the spam database. With this system being based on user input, it makes Razor extremely powerful in tracking spam messages that have mutating content that might not be as easily tracked by other systems looking for bulk mailings containing the exact same content.
The final addition is CRM114 which is a program that uses a statistical approach to score messages as being potential spam. The benefit of CRM114 is that it achieves a higher rate of spam recognition through creating hits based upon phrases up to five words in length whereas other spam scoring methods check the frequency that single words appear in messages. This means CRM114 tries to use logic to filter out spam, instead of just counting how many times a word shows up.
The combination of these 3 additional plugins installed within SpamAssassin, make it an extremely powerful tool in tracking and recognizing which messages being sent to your inbox are spam and preventing them from making it to your inbox. Of course, as these tools are added and SpamAssassin’s spam blocking ability increases, you may find that previous configuration settings (such as lowering the spam score to “3” or lower in your SpamAssassin configuration panel) you might be using are now blocking legitimate emails. If you find that is the case, the best option would be to set SpamAssassin back to the default settings of marking messages with a score of “5” or less as spam. This should then help get those legitimate emails to your inbox instead of having them falsely marked as spam.
Jeff James September 19, 2014 at 10:27 am
How do I enable the spam protection addons to Spam Assassin. I am getting killed with Spam
James Davey September 19, 2014 at 1:34 pm
Hi Jeff,
In your SiteAdmin, you should see a Spam Protection tool. Simply click that, then click Enable Spam Assassin.
Josh October 11, 2014 at 1:38 am
Thanks for the great write up and sharing this information. Spam is really frustrating to deal with.
I don’t see anything called “Site Admin”, listed anywhere, when I login to my Site5 account. I see an “Add-Ons” tab. And within on the “Add-Ons” page, I don’t see anything about “Spam Protection Tool”.
Can you kingly be a little more specific about where this tool is located and please use wording that actually matches up with what users see on the website. To me… saying use “Site Admin” makes no sense as there’s nothing called “Site Admin” that I can see.
Thanks,
Josh
James Davey October 14, 2014 at 7:07 am
Hi Josh,
You’re in BackStage, which is your billing and account area. SiteAdmin is your hosting control panel. From BackStage, you should see a dropdown menu toward the top right corner of your screen, with your hosted domains in it. Select a domain there, and SiteAdmin should open in a new tab.
Josh October 14, 2014 at 9:47 am
I’m a reseller. So I think the linking that took me to this article may be messed up or something. Thanks anyways.
Josh
James Davey October 14, 2014 at 10:08 am
Hi Josh,
In that case, it would be in CPanel, rather than SIteAdmin. All other steps should apply, though.
Josh October 14, 2014 at 10:41 am
Great. Thanks James. But this and other articles I read when doing word searches in the KB area, consistently refer to “Site Admin”, when as a reseller I have no clue what this is. Yet, I spend time chasing my tail trying to find something that doesn’t exist. <<< this leads to a negative user experience. I'm here trying to do self help and rewarded by chasing my tail in circles.
Is there a way to tag/target articles so that if the logged-in Resellers that are searching, aren't tripped up and know, a given article is written for single user shared hosting account. <<< I have no idea what their interface looks like. And I have no way of knowing when a KB article is for me, a reseller, or for the non-reseller single user shared hosting account.
Understand what I'm saying?
Josh
James Davey October 14, 2014 at 10:43 am
Hi Josh,
That is a good point, and I apologise for the confusion. However, if an article references SiteAdmin, know that the same steps will apply once you are logged into CPanel for an account. They are named differently, but all tools in one should be in the other, and named the same things.
Josh October 14, 2014 at 10:53 am
Thanks James. This is great for me to know “personally”, and I appreciate your kind help and guidance, but what about people “like me”, that come along and fall prey to the same issue?
Do they just chase their tail, get frustrated like me and suffer until they go through the same thing and someone tells them… “If you see SiteAdmin referenced in KB articles and you’re a Reseller, then SiteAdmin is the same as Cpanel for you.”
I’m simply looking for a solution for other resellers that will run into the same bit of silliness I ran into. Not sure how this is accomplished on your end James. But as a business owner, the more “negative user experiences” I can stop, the better for me.
Josh
James Davey October 14, 2014 at 11:05 am
Hi Josh,
I do understand, and I’ll see what I can do to get something like that worked out :) It is a great idea, and would certainly make things easier for a lot of people.
Josh October 14, 2014 at 1:58 pm
Thanks James. Apologies for clogging up the blog post with a side rant. The fact that you’re listening and intelligently responding, is one of the main reasons Site5 will have my business for life.
Josh
James Davey October 15, 2014 at 7:10 am
Hi Josh,
Of course! That’s why we’re here :)