MySpam filtering service Protection against spam, viruses and phishing attacks

(1)

Information Services

MySpam filtering service guide 2012/2013 Page 1 of 7

MySpam email filtering service

Protection against spam, viruses and phishing attacks

1. Introduction

This MySpam guide describes the new service and changes to the University’s current spam handling procedures.

2. Registering for the MySpam service

Once you have received at least one email through the MySpam service you can register to set up and manage a full MySpam website account. You will need to register when you first visit the MySpam website.

3. Creating an account on the MySpam Website

To create an account on the MySpam website, open your web browser and visit: http://myspam.nottingham.ac.uk/user/

The MySpam website should appear as shown in Figure 1.

(2)

Click on the link below the login button that says Click here if you have

not yet been issued with your password. A second page will appear asking

you to enter your University email address. For most staff this will be an address of the form

firstname.surname@nottingham.ac.uk, for students it will be of the form

username@nottingham.ac.uk1_{. Enter your email address and click Next.} You should see instructions informing you that a confirmation email has been sent to your email address (to confirm you are the owner).

If you receive a warning that your email address “does not exist”, first check you have entered it correctly. If so, then either send yourself an email from another internet email address (a personal Hotmail, Gmail or Yahoo account for example), or wait until you have received at least one email from outside the University before trying to create an account on the website again.

The confirmation email will be sent to your regular email client and will come from mailer-daemon@webroot.com. A sample is shown in Figure 2.

Figure 2: Portal sign-up confirmation email

1_{If you have other email addresses at the University which you use in addition to}

(3)

Click on the link indicated to activate your MySpam website account. This will bring up the website in a web browser window and ask you to set a password for your account plus a security question and answer. Once completed you may use your MySpam website account at any time by visiting:

http://myspam.nottingham.ac.uk/user/

and entering your email address and password.

3.1. Features of the MySpam website

Once logged into the MySpam website, you will see a web page similar to the one shown in Figure 3:

Figure 3: Website main screen

Click on the options on the menu bar to access the following functions:

 Settings – change the password associated with your portal account

 Allow/Deny – create or add to personal allow and deny lists

(4)

 Virus – view any messages quarantined because of viruses

 Spam – view and release any messages quarantined as spam

 Pending – view any messages still being processed prior to delivery

 Delivery – view messages that have passed through the Webroot service

Most of the options provided are intuitive to use and so only use of the Allow/Deny and Spam options are described here.

3.1.1. Spam Review and Release

The spam review screen is reached by selecting Spam from the menu bar. An example is shown in Figure 4:

(5)

MySpam website users can review all messages currently quarantined for their email address. Unless released, messages are held in quarantine for 28 days and then deleted. Use the restrict search menu to select the period of time you wish to review. The returned quarantine list is similar to that shown in the spam notification email except for the fact that in the

website, users may view the contents of the quarantined item by clicking on the Subject link (Figure 4).

To release an item from quarantine, select the tick box under the Select column for each item to be released and select one of the buttons:

 Release

 Release, allow sender from now on or

 Release, allow domain from now on

These are similar options to the ones provided in the spam notification email described in section 3.1 and the same rules apply when deciding which option to choose.

If you receive what appears to be legitimate email from a sender or an email domain you have not corresponded with before and are not familiar with, you are advised to select Release.

If legitimate email from a known contact is incorrectly quarantined, you are advised to select Release, allow sender from now on.

Please think very carefully before selecting the option Release, allow

domain from now on. Security compromises can still occur at legitimate

and well run organisations like other Universities, business partners or well known internet brands. If you only deal with a small number of contacts from an email domain, it is better to add your contacts individually rather than allow the whole domain.

Once the appropriate release button has been selected, the selected items will be released from quarantine and forwarded to your regular email client.

3.1.2. Personal Allow/Deny List

Your personal allow/deny list can be accessed by selecting Allow/Deny from the menu bar. A sample page is shown in Figure 5.

(6)

You may add additional items to your allow list by typing them in the box on the top left of the page and clicking the Add to list button to transfer them to the allow list on the right. Email addresses should generally be of the form username@emailaddress.domain. A warning will be issued for incorrectly formatted email addresses: “unable to add xxx to the list – too vague”.

The wildcard character (*) can be included in email addresses (e.g. “*@trustedsite.org”), however, this type of use is the equivalent of

allowing the whole domain and as previous advice has indicated, should be used very carefully.

You may add items to your deny list in a similar way to your allow list by entering the details in the bottom left box and clicking the Add to list button to transfer them across. Again wildcards can be used, but should be considered carefully.

(7)