VTel Spam Filter by Roaring Penguin

 

Note: This is not a full user manual for the entire spam filter. This is a simple guide to utilizing the most important parts of the filter.

Notification

Every day Roaring Penguin sends VTel users an Anti-Spam notification. This notification shows what has been quarantined in the last 24 hours, since the last notification. By default the notification only includes a maximum of 40 entries. There are several different formats this notification can be sent in. The format can be changed by going to http://spam.vermontel.net/, signing in with your email address and password, then going to Preferences → Notification, select your desired format from the Notification Type drop-down → then hit the [Submit Changes] button at the bottom.

Notification Types

HTML with Links: This is the most used format because it has links to let you manipulate the quarantined emails. At the bottom of this format is a link to the quarantine, which will require your email address and password to log in.

Pending Pessages

  • Date: The date and time the email was quarantined
  • Subject: This is a view of the email’s subject line.
  • Country: This is the Country where the email originates from
  • Score: This is the spam score the filter has given the email. The score is based on a variety of different things. The filter looks at each email for traditional, widely-used spam techniques, and scores it accordingly. By default the minimum spam score is set to 5, so anything below that is not considered spam.
  • Action: This is what you would like to do with the email:
    • Accept: This selection pushes the email from the quarantine to your inbox. It does not create a rule.
    • Reject: This selection rejects the message, removing it from your quarantine but not allowing it into your inbox. This does not create a rule.
    • Always Allow Sender: This will always allow this sender to your email.
    • Always Block Sender: This will always block the sender. Not allowing them into your email.

Brief Notification: This is plain text with a link to the Quarantine at the top. The links on the Sender line will open a new email addressed to that sender.

Detailed Notification: This is plain text with a link to the Quarantine at the top. The links on the Sender line will open a new email addressed to that sender.

Detailed Notification

Clickable Webform: This format is very useful, but it may not work in every email Client. This format is just like the HTML with links format, but it also includes an ‘Action Column’, which is useful for making many selections at once. You can make every selection you’d like using the ‘Action’ column, and when you are satisfied with all the changes click the ‘Submit’ button at the bottom, which submits all your selections at once.

Clickable Webform

Accessing the Quarantine

To log in to your quarantine go to http://spam.vermontel.net/ and use you email address and password to log in. Be sure to enable cookies on your web-browser if they are not already enabled. When you log in the page it opens on is your quarantine page: b

Quarantine

The quarantine page is very similar to the HTML email notification, except that there are a couple more selections that can be made here that can be found in Status and Action column. The additional selection are as follows:

  • Always Allow Domain: Always allowing a domain is different than allowing a sender. Let’s take the email address ‘This email address is being protected from spambots. You need JavaScript enabled to view it.’ for example. If you always allowed that sender it would allow bobby34 into your inbox every time. If you were to always allow the domain for This email address is being protected from spambots. You need JavaScript enabled to view it. that would allow emailprover.net through every time, so any email address ending in @emailprovider.net would be allowed into your inbox. This is useful for such things like weather alerts from weather.com.
  • Reject and Report Phish/Fraud: This selection can be made if you see an email that you believe to be particularly malicious. If reported Roaring Penguin will take a look at the email and the sender and act accordingly.
  • Block Domain: The opposite of allowing a domain.
  • Side Bar:
    • Pending: These are the emails that are quarantined and awaiting your decision.
    • Note: you do not have to make a selection for every entry.
    • Spam: This is a list of 100% verified spam emails. The scores on these emails usually exceed 2000.
    • Non-Spam: This is a list of emails that were quarantined due to various reasons, but are not typical spam. These usually score under 10, but over 5.
    • All: All the emails.
    • Specific Incident: Using an Incident ID (every email is given one, can be found by clicking on the time it was quarantined) you can bring up a specific incident to see what happened with it.
    • Search: This searches the entire quarantine. Even emails that were quarantined before.
  • Reject/Accept/ and Do Noting to all: At the top of the quarantine page there are 3 icons: a blue one with a question mark in it, a green one with a check mark, and a red one with an x in it. The blue on sets all emails on the page you are viewing (50 emails) to do nothing. The green one sets them all to Accept, and the red one sets them all to Reject. Also there is a ‘Reject All as Spam’ button that will reject all t he emails and train them as spam.
  • Note: Don’t forget to click ‘Submit Changes’ on either the top or bottom of the page to finalize your selections.
  • Links on the Quarantine Page:
    • Date: Clicking the time in the date column will bring you into the Incident Screen on that specific email. From here you can see a number of things including why the filter scored it like it did.
    • Subject: Clicking this will bring you into a preview of the actual email. Any external images will be blocked, but if the email includes text you will be able to see it here.
    • From: Clicking on the Sender’s username will bring you into a screen which allows you to create a rule for that specific sender. Clicking on the sender’s domain will do the same, but the rule is referring to the sender’s domain, not the sender itself. Also the sender’s country of origin is listed here in the form of a flag. If you hover your mouse over the flag it will tell you what country it belongs to.
    • Relay: Clicking on this will give you information about the origin of the specific email.

Configuring your Spam Filter

Home

Very similar to the Quarantine screen, but from here you can add email addresses and domains to your Accept and Reject list by manually typing them in. At the top of the page is the ‘Accept and Always Reject List’. Simply click on the drop-down and select what you’d like to do, either ‘Always Accept’ or ‘Always Reject’, then type the email address or domain in the field to the right of the drop-down and click ‘Add’.

Note: You can view every rule created by going to ‘Rules’ (from the black bar at the top of the screen) and selecting either ‘Senders’ or ‘Domains’ from the left-hand menu, whichever one corresponds to the rule you are looking for.

Rules

This section is everything to do with the rules you have added or want to add. There are many options on the left-hand side of this section, but we are going to cover the ones you are most likely to use.

  • Senders: This is a list of all the rules that have been created for your filter regarding specific senders. You can filter by the Action from the ‘Action’ drop-down. Or by entering the specific email address in the ‘Sender’ field. If you type an address in the field titles ‘Enter a specific Sender’s email address you can create a rule for that address. Just search it then choose the desired Action. You can also click the small ‘Show Changes’ link which will list the changes that have been made in chronological order, so you can see when you’ve made certain changes.
  • Domains: This list is exactly like the sender list but it refers to rules created for domains specifically. Can be manipulated the same way the Sender Section can be.
  • Countries: From here you can create and view rules regarding entire countries. Example: if we wanted to create a rule that made it difficult for emails coming from Qatar to get into our inbox we would set it up like this or something similar: Under Coutry select Qatar. QA (the abbreviation for Qatar) will appear in the small square to the left of the drop-down where you selected the country, then put a numerical value into the Score field. Whatever number you put here (negatives work as well) will be added or subtracted from the email’s score. By default the filter automatically rejects any email scoring over 2000, so lets put 2000 in the Score field. The comment firld can be left empty, it is optional, but it can be useful to remind ourselves whyw e created the rule. For this one I put ‘Country rule for Qatar’.
  • Custom Rules: Possibly the most useful section of the Rules. From here you can create specific customized rules. For example the email account I am using to write this gets many emails with the subject line ‘EMPLOYMENT OFFER’. It’s clearly bogus and we don’t want to see it anymore, but the sender is never the same and neither is the domain making it impossible to just block the sender or domain. So this is what we do: Select ‘Subject’ for the ‘Field’ column. The ‘Field’ Column represents what field of the email the rule is made to look at. In this case it’s the subject line. For relation we can select ‘is’ because the subject line is EMPLOYMENT OFFER and never changes. For ‘Data’ we will type ‘employment offer’ (it’s not case sensitive). Put 2000 into the score, since we know the filter automatically rejects anything scoring above 2000. We leave expiry blank because it’s a permanent rule, and we can leave comment empty if we want. Then click ‘Add Rule’ and the rule will appear. Now any email that comes in where the subject line is ‘employment offer’ will have 2000 added to the score, automatically rejecting it.
    • Relation Field
      • Contain: When the ‘Data’ is contained in the Field. For example: if there is an offensive word in a subject line, but the subject line is not always the same you could make the ‘Field’ the subject line and put the offensive word in data. You would set the ‘Relation’ as contains because the word is contained in the subject line each time.
      • Starts With: The field starts with whatever is in the ‘Data’ field.
      • Ends With: The field ends with whatever is in the ‘Data’ field.
      • Does not Contain: The field does not contain whatever is in the ‘Data’ field.
      • Is: The field is exactly what is in the ‘Data’ field.

Preferences

This section is where most of the filter settings are made. Again I will point out the most-used parts of this section.

  • Preferences: Some miscellaneous settings. Some useful ones are ‘Number of entries per page’ which is how many emails are displayed on each page of the quarantine. The default is 50 and it can be set all the way up to 1000.
    • ‘Help level’ and ‘Hide help by Default’: There is a help menu in the upper-right hand corner that is minimized by default. If you set ‘Hide help by Default’ to no then submit your change, you will see a nice little help menu show up in most sections of the spam filter.
  • Opt in/Out: If you simply do not want spam filtering enabled you can Opt out, or opt back in if you’d like to reverse that rule. Without spam filtering you will receive every email addressed to you, regardless of who sends it.
  • Quarantine Settings: The first part of this section titled ‘Filter Settings’ will be where most selections are made here. Some useful ones:
    • Automatically reject messages scoring more than this amount: By default it is set to 2000, so anything that scores over 2000 is automatically rejected by the spam filter.
    • Auto-reject messages scoring more than this amount without creating an incident: By default set to 10,000. Anything that scores over 10,000 is automatically rejected and no incident is created.
    • Spam Threshold: By default set to 5. Anything scoring above a 5 is marked as spam. The lower the score you use here, the stricter the filter will be.
  • Notification: This section is everything to do with the notification email that gets sent out daily. This includes the frequency that it gets sent, what is contained in it, and wheat address it gets sent to. Here are some useful settings in this section:
    • Do not include messages scoring above this threshold in notifications: By default this is set to 2000, which means that any message that was quarantined and scored over 2000 will not be included in the daily notification, but it will still be quarantined. You can set this number to anything you’d like.
    • Notification Times: From here you can check off what time of the day and what day of the week the notification is sent. Note: you can select multiple times.
    • Send Pending Notification Now: At the bottom of this page is a button that will send the pending notification email.