New Email Filtering Solution

WVNET is pleased to announce that our email filtering solution is being migrated to a new and improved version utilizing additional technology that will further protect our customers against email attacks.  Here are some new features that our customers will see once the migration occurs:

Anti-spoofing

Spoofed email messages appear to come from someone trusted, but in actuality, they are from an unknown third party (replies to these messages look like they are going to someone trusted, but actually go to this third party instead).

When a questionable message is detected, the display name shown to users as the From: address is modified to include a special character that can be used for quick reference by the recipient.  Please note that the red and green boxes around the images below are for illustrative purposes only.  The only indicator that you will see will be in the text of the From: line.

Normal e-mail should show just the person’s display name or the name with a STAR next to it.  The star indicates that the message was received through an encrypted connection.

Examples:

Good email, received through unencrypted connection:

Good email, received through encrypted connection:

Bad/questionable e-mail will be modified in one of two ways.  If the message sender doesn’t match the host that sent the message, then the person’s display name is modified with an EXCLAMATION mark (not a STAR).  This is a common case where a user claims to be from one email system but is sending from another. Spoofed messages (where the address the message appears to be from is not true), will have the From: line modified heavily.

Examples

Bad email was sent from a host that didn’t match the sender’s e-mail address:

Bad email, spoofed message:

NOTE: None of these changes will affect the recipient’s ability to reply to the message.  It is purely for display purposes.

 

Click Whitelisting

Another new feature is ‘click whitelisting’. Click whitelisting is a false-positive avoidance system.  It will provide a link in a bounced messages response received by a sender when their mail is rejected by WVNET’s anti-spam solution. The sender can then whitelist themselves by clicking the link and solving a Google ReCAPTCHA, after which they can resend their message and it will be accepted.

This is an example of the body of a bounced message:

Date/Time   : Mon, 11 Jul 2016 14:25:49 GMT

ID          : 4064DB9E-FF87-4D84-ABEA-91C93132C7DB.1

Host/IP     : [undefined]

Auth User:  :

Sender      : <>

Recipient(s): postmaster@mgwrk01-mgw.wvnet.edu

Detail      : Error: Some recipients failed: <postmaster@mgwrk01-mgw.wvnet.edu>

postmaster@mgwrk01-mgw.wvnet.edu: 550 Poor GBUdb reputation for [129.71.2.214]; for whitelisting click: http://whitelist URL

 Adding ‘[SPAM]’ To the Subject Line

WVNET’s email filtering solution works on an industry standard spam scoring of 0 to 10.  A number of factors within the application determines these scores.  By default, WVNET’s email filtering solution considers a message to be Spam if it scores >= 5.  If a message matches this value, it will tag the subject with [SPAM] and sets a message header value of X-Spam-Flag: to YES. This header value can then be used by the email service, such as exchange, to place the message in the appropriate location (such as a Junk mail folder) as determined by the recipient’s email administrator.  Unless the message scores higher than the reject score, it will still be delivered. The reason for this is that messages between 5 and our reject threshold are considered ‘low scoring’ and have a high probability of being valid email.

Forward Suspected Spam for Inspection

WVNET email filter customers may manually submit suspected Spam for inspection by forwarding the message to spamsample@fsl.com. This is an account that is monitored by the manufacturers of the email filtering product used by WVNET.  It’s crucial that the message is forwarded with full headers.

Here are instructions for two common email clients (Outlook 2013 and Thunderbird) to forward a message with full headers

How do I forward an email with full headers in Outlook 2013?

  1. Start a new message.
  2. Select Attach Item from the toolbar.
  3. Select Outlook Item.
  4. Browse to the message you are inquiring about, and select it to attach it.

Or

  1. Start a new message.
  2. Move and resize the window so you can see your messages list.
  3. Select the email that you want to forward.
  4. Drag it and drop it into the body of your new message.

How do I forward an email with full headers in Thunderbird?

Thunderbird users have it easy: Just right-click on the spam message in their message pane and then select “Forward -> As Attachment.

How do I forward an email with full headers for other clients?

For issues with other clients, please contact your IT staff for assistance.