Outlook SpamAssassin Overview - Computing And Information Services UNH

Note: This page explains spam filtering on Outlook/Exchange. For information on CIS Unix e-mail, see the UNH Webmail Spam page.

In response to complaints about the level of spam being received by our clients, in December 2006 several measures were taken to reduce spam on both the UNH e-mail gateway servers and the Microsoft Exchange servers. If you are missing e-mail that you expect to see, first check your Junk E-mail folder. If the message is not in that folder, please check out our email home page here for information about other possible causes.

If the message is in the Junk E-Mail folder, it could be a case where Microsoft Exchange Server Intelligent Message Filter (IMF) has moved the message out of the Inbox. IMF was implemented in November, and the response has been overwhelmingly positive as clients are seeing more spam being directed to their Junk E-mail folder. If you do incur a false-positive (a desired e-mail being filtered to the Junk E-Mail folder rather than remaining in the Inbox), this can easily be resolved by taking the following steps:

From within the Junk E-mail folder:
Right-click the wanted message
Scroll to Junk E-mail
Select the appropriate action

June 2008 Update: UNH has seen an increase in phishing emails (fraudulent emails seeking your username, password, DOB, etc.) recently.

Please see this phishing alert for more information.

Spam Filtering for Outlook Clients (Exchange and POP3)
(for Outlook Express, go here)

Spam, also known as junk e-mail or unsolicited commercial e-mail (UCE), is flooding the Internet with many copies of the same message in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, financial solicitations, or quasi-legal services. It may also be offensive in nature. E-mail spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching webpages for e-mail addresses.

UNH e-mail users are considered to be responsible for making their own decisions on mail they do and do not wish to read. CIS does not want to be in the business of reading your incoming messages and deciding whether or not you would find the message uninteresting or offensive. However, CIS does wish to provide you with a tool to help minimize the time and energy you have to spend sorting through unsolicited e-mail.

This document describes how to set up automatic e-mail filtering using tags added to your incoming e-mail by SpamAssassin™. This software package is installed on the CIS Unix mail and e-mail alias handling machines.

Overview
Incoming e-mail to CIS Unix accounts and UNH aliases (i.e. addresses in the form of your.name@unh.edu) passes through the SpamAssassin™ mail scanning program. Any Windows user who has Outlook as an e-mail client can take advantage of this program. If you have an Exchange mailbox, your e-mail will be automatically scanned if it arrives via your e-mail alias. Typically this will only be mail that originates from outside of Exchange. Most Exchange users do have an alias which is set as their preferred e-mail address, but if you do not, you can request a personal alias at http://aliases.unh.edu. (If you're not sure if you have an alias or not, just send an e-mail message to Alias.Admin@unh.edu and request a list of any aliases currently assigned to your Exchange account or check your mailbox using the instructions located here.

SpamAssassin™ uses a number of heuristic tests to score each message it sees: the higher the score, the more likely the mail is spam. Special tags, containing the score and SpamAssassin's guess as to whether the mail is spam or not, are added to each message before it is delivered to your account. This tagging allows you to create a rule (using the Rules Wizard) that will automatically redirect probable Spam messages to a separate Spam folder, rather than being filed in you normal Exchange "Inbox". This should allow you to zip through this Spam folder at a lower priority, with the expectation that the messages therein are almost certainly all junk. Normal mail should go to your Inbox as usual.

Important: While SpamAssassin™ does a very good job guessing whether incoming messages are spam or not, please do not forget that a very good guess is still a guess. SpamAssassin™ will probably classify a relatively small fraction of non-spam messages as spam ("false positives"), which will be delivered to the Spam folder. Conversely, it will probably fail to correctly detect a fraction of spam messages ("false negatives"), which will wind up in your Inbox. CIS will not be responsible for incorrect classification of incoming messages, either false positives or false negatives.

To Set Up Spam Filtering with SpamAssassin™
You can begin SpamAssassin-based mail filtering by following these instructions:

Outlook 2002 (XP)
Outlook 2003
Outlook 2007

Reminder: If you have a UNH Exchange mailbox, an alias is required. This can be determined by checking the e-mail properties associated with your account. To see how to do this, click here.

The Gory Details
SpamAssassin works by tagging mail messages with additional "mail headers"; these headers are typically not shown when reading mail.

For a probable-spam message, the added headers might look something like this:

    X-MailScanner-SpamCheck: spam, SpamAssassin (score=6.7, required 5,
	    DEAR_SOMETHING, FROM_ALL_NUMS, FROM_AND_TO_SAME, FROM_ENDS_IN_NUMS,
	    NO_REAL_NAME, RESENT_TO)
    X-MailScanner-SpamScore: ssssss

For a probable-nonspam message, the addition might look like this:

    X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-0.8, required 5,
	    RESENT_TO)

SpamAssassin has assigned the first message a score of 6.7, the second a score of -0.8. By default, SpamAssassin considers a score over 5 to reflect a probable spam message. For messages with positive scores, the X-MailScanner-SpamScore header is added followed by a number of s characters representing the (integral) score.

The instructions for setting up filtering via the Outlook Rules Wizard (provided above) include the default score of 5, as indicated by the sssss string (i.e. the letter "s" is repeated 5 times):

X-MailScanner-SpamScore: sssss

You can also modify the score string, although it is not recommended, to be longer or shorter. With that warning, here are some ways you can alter the default setup:

1) Make the filtering more or less liberal by decreasing or increasing the number of s characters demanded after the X-MailScanner-SpamScore header. If (for example), you wanted to consider anything with a score of 7 or greater to be spam, the rule would look like:

X-MailScanner-SpamScore: sssssss

Increasing the number of s's will decrease the probability of false positives (and increase the probability of false negatives); conversely, decreasing the number of s's will decrease the probability of false negatives (and increase the probability of false positives).

2) If you already have one or more rules set up, the SpamAssassin rule will be placed at the beginning of the rules. This rule can be moved down if you have other rules that need to run prior to the spam filter. (For example, if you want mail sent from a mailing list to go to a separate folder, regardless if SpamAssassin tags it as spam or not.)