Dealing with spam mail
User guide
Welcome.
This guide will help you to set up anti-spam measures on your email accounts and domains.
The main principle behind dealing with spam is not to eliminate it, but to manage it. It’s better that a small amount gets through, rather than miss a critical email because it’s mistaken for spam.
That said, Vodafone Hosted Services provides you with anti-spam tools that can minimise the spam on your email accounts, and can make sure that emails from important customers always get through.
This guide assumes that you have an active Vodafone Hosted Services account, with a domain and at least one email account already set up.
spam 2
anti-spam homepage 3
anti-spam tools 5
user-adjustable settings 8
other security issues 9
spam
Sooner or later, anyone who has an email account will start getting messages from people and companies they’ve never met, and probably have no desire to do business with. That’s spam, also known as Junk mail, or UBE (Unsolicited Bulk Email).
You’ll soon be familiar with the usual offers to enlarge bits of your anatomy, or strangers giving you great stock tips. These are all spam emails. Spam takes its name from an old comedy sketch, but these days it’s no laughing matter.
It’s estimated that over 80% of all email worldwide is spam, massively sent out by automated programs to huge databases of email addresses. It costs the spammers very little to send out these messages.
Spammers are constantly refining their techniques, making it harder to spot a spam message just from the heading or the sender’s address.
The cost of spam
The main cost of spam to your business is the time (and irritation) spent by your email users in weeding out fake messages in order to find the important ones (and potentially not missing them). When looking at spam messages, users may also accidentally click to install a program or open a malicious website.
Spam also costs you because it adds to your data storage and mailbox sizes.
Vodafone Hosted Services – dealing with spam email
anti-spam homepage
Spam can be managed at both the administrator (domain) level or the user (account) level.
Administrator anti-spam
Setting domain-level anti-spam controls allows an adminstrator to set default levels of anti-spam throughout all email accounts in a particular domain.
These can then be adjusted based on the overview of all inbound and outbound email using the domain. The administrator is also able to change individual user settings as well.
Go to the administrator anti-spam homepage
in the main Vodafone Hosted Services
•
portal, click on the Anti-spam Settings tab
select the domain you want to protect
•
from the drop-down list, and then click ‘Continue’. If you have more than one domain, you will need to set each domain up separately.
This will take you to a new page where the anti-spam settings are managed.
User anti-spam
Although the administrator can change the anti-spam settings for an individual user, this can also be done by a user themselves through the Vodafone Hosted Services user portal.
Go to the user anti-spam homepage in the main Vodafone Hosted Services
•
portal, click on the Users tab select the user name you want to
•
protect from the Manage users list, and then click ‘Edit’.
at the bottom of the list, click on ‘Anti-
•
Spam settings’.
3
anti-spam overview
In the anti-spam settings homepage, the front tab gives you an overview of all the inbound (received) and outbound (sent) email traffic on your domain or user account.
You can see how many emails were rejected, labelled as spam or categorised as infected by viruses, during the day. You can also retrieve this information for the last 30 days or the last year. These views can be filtered using the drop down menus.
The configuration box shows you what anti-spam settings you have in place at the moment.
Vodafone Hosted Services – dealing with spam email
anti-spam tools
Vodafone Hosted Services has tools that can set spam blockers and filters at different levels for different email accounts and domains. These work in two different ways:
Spam filter
Spam filters use a series of algorithms to work out if an incoming email is likely to be spam or not. They look at who it’s coming from (which may be fake), what the subject line says, and whether the email contains certain words, links to potentially dangerous websites, images or other attachments.
The higher you set the level for a spam filter, the more aggressively it will remove emails it thinks are spam. But, it may also remove a few good emails, by considering these as spam too.
Blacklists and whitelists
A blacklist is a list where, as administrator, you can add email sender’s addresses and email domains to. If your users are consistently getting spam email from a particular sender, then adding the sender’s address will stop any mail from getting to the mailbox.
A whitelist is the opposite: If you add the emails or domains of your clients, suppliers and other important contacts, then any email from them will always get through.
5
anti-spam settings
Default setting
The default setting for anti-spam is in the middle of the slider.
We would suggest that you leave the anti- spam setting at that level for at least two weeks, so that you can get a better idea of how much spam you’re getting.
If you find you’re getting too much spam, then you’ll need to move the slider to the right. Remember that increasing the aggressiveness of your anti-spam settings, will increase the chance of considering a good email as spam (false positives) To change your anti-spam settings, click on the Setup tab in the Anti-spam page.
You can set anti-spam levels for all users (globally), but you can also have other settings for individual users if needed. It’s best to start off with the global setting.
Set All users
the Users menu will show All users in
•
the drop down menu
move the slider to the right to increase
•
the anti-spam filter strength click Update settings.
•
It’s best to only increase the strength by a small margin each time, then wait and see what effect it has.
Adjusting user settings
If an individual user is experiencing a larger amount of spam, then the adminstrator can override the global setting:
click on Users drop down menu and
•
select the email address you want to adjust
move the slider to the right to increase
•
the anti-spam filter strength click Update settings.
•
Vodafone Hosted Services – dealing with spam email
blacklists and whitelists
You can also make sure that mail from specific email addresses is either always let through, or always rejected.
Blacklists
By adding an email or IP1 address to the blacklist, you make sure that all email from that sender is rejected. It’s a good way of getting rid of any mail that comes from a known unwanted source.
Whitelists
Whitelists are very important: to make sure that email from a trusted source or client always gets through, even though the email may look like possible spam to Vodafone’s spam filter, you simply have to add that email address or IP address to the whitelist.
IP/CIDR
Clicking on the IP/CIDR tab allows you to allow or reject emails coming from a range of IP addresses. This means that you can cover emails coming from an entire network, rather than just individual IP addresses.
1 An IP (Internet Protocol) address is the unique network code for a particular email address.
7
user-adjustable settings
As an individual user, you can take control of your own anti-spam settings, using the Vodafone Hosted Services portal.
This allows you to add further filters to your anti-spam, adjust how aggressive the spam filtering is, and set your own whitelist and blacklist.
Go to the user anti-spam settings Log in to the main Vodafone Hosted
•
Services portal with your user login, and click on the Anti-spam tab.
Add new filters
Filters allow you to define what email gets stopped, using many of different attributes – what domain they are sent from, what the subject is, etc.
click on the Search tab, which will show
•
you all the emails that are being caught by your anti-spam
click on the Add filter menu bar, and
•
choose an option from the drop-down menu, then click on Add filter
as you add filters, new emails will be
•
added to the Search list as they are caught by the filters.
Adjust the anti-spam aggressiveness You can change the overall aggressiveness which the anti-spam software applies to your email. See Anti-spam settings for more information on this.
click on the Anti-Spam tab, adjust the
•
Spam threshold slider, then click Update settings.
Add to your whitelist and blacklist You can add email addresses and other identifiers to a whitelist (which will guarantee that email from there will get through to your inbox) or a blacklist (which makes sure that you never see mail from there in your inbox).
For more information, see Blacklists and whitelists.
click on the Lists tab, which will show
•
you your existing whitelist and blacklist settings
add the email or IP addresses you want.
•
Vodafone Hosted Services – dealing with spam email
Other security issues
Spam is usually just an irritation that needs to be managed. However, email accounts are also vulnerable to other serious security issues that you and your users need to be aware of. This set of security issues, such as Viruses, Trojan horses, spyware is called malware.
In the Anti-spam overview page you should be able to identify emails infected with malware, either incoming or outgoing, and deal with them at source.
Viruses
Viruses are programs aimed at collecting or destroying information and services, by infecting file systems in a computer.
Viruses can move across computers, inside files, programs or e-mail messages.
Vodafone Hosted Services also has a powerful virus-blocker built in to the system, not adjustable and configured for maximum protection.
But this cannot be guaranteed to stop every malicious attempt - you should always complement it with your own anti- virus software on your PCs .
Trojan horses
Trojan horses are viruses which are installed on your computers concealing
harmful or malicious behaviour, usually to extract confidential information from the computer or use it to perform certain unwanted actions (such as sending email).
Trojans are disguised in email or web- based invitations to download a software program. This will usually be presented as the only way to view a certain video or play a game.
You should warn your users never to download and install software like this without your authority.
Phishing
Phishing is the common name for the practice of trying to get people to give out their confidential passwords, account details, etc.
Most commonly, an email will arrive that pretends to be from a bank or a government service, asking the users to confirm their credentials, for some acceptable-sounding reason.
You should make sure that all your users are aware that any request for confidential information arriving by email is almost certainly a scam, and should not be acted on without independent verification.