Although Shield blocks and deletes over 90% of your spam (the unambiguously spammy messages), it continues to tag and deliver merely probable spam and suspected viruses (after cleaning, of course) because no automatic scanner can be perfect — a minute percentage of legitimate mail will be incorrectly identified as spam, and you wouldn’t want that deleted. You can set up automatic filters in your email software to automatically place the tagged messages (with [SPAM] and [VIRUS] in the subject line) into a Junk folder.
If you are seeing spam slip through untagged, you likely need do nothing but wait a week or two for the filtering software and databases to catch up to the spammers. Likewise with viruses: the rare variety that slips through will almost certainly be reported and added to the scanner within a matter of hours. However, if you see even a single false positive (legitimate mail tagged as spam or virus), we want to know about it right away. Please see the reporting instructions below for more detail, or speak to your domain’s email administrator.
Frequently Asked Questions: Too much spam is coming through -- what can you do?
We can’t control how much spam is sent to you, but we’re committed to helping block and filter as much of it as possible to make sure that very little actually reaches you. For every 1000 incoming spams, we estimate that 900 are blocked, 76 deleted, and 23 tagged, leaving 1 message which might end up in your inbox. When it starts to seem like your spam volume has gone up, there are several things we can do. In a particularly bad storm of spam, we may need to inspect specific messages or help block mail from specific email systems. But the best way to deal with a gradual increase is for you to help train Shield to recognize your spam.
- First, ensure that your mail server is locked down against receiving mail directly from any servers other than Shield, as spammers and viruses will manage to find that and send to you directly, circumventing the protective shield. Please see the relevant section of the Shield Admin Guide.
- Next, if you’re seeing a lot of messages with the [SPAM] tag in your inbox, you simply need to set up automatic filters on the user side to dump these messages into a junk mailbox. See the filtering instructions below.
- If you’re seeing something on the order of 10-20 spam messages per day without the [SPAM] tag, that may just be a temporary wave of spammers being more successful than usual, which can last days or weeks. We and our users are constantly training Shield on the new spam and eventually it will catch up, but if you also want to help train the system with the spams you’re seeing, please see the reporting instructions below.
- If any single address is receiving scores or hundreds of untagged spam messages per day, there may be something seriously misconfigured, so please contact us and we will help you figure it out.
These are two different cases.
- Missed (untagged) spam or virus Our filtering system is more accurate than most, but it does occasionally make mistakes: around 1% of spam may slip through untagged. We accept this level of false negatives in order to avoid the risk of false positives. But if you receive something unwanted that wasn’t tagged, you can report it as spam, to make Shield work better for everyone. Forward it as an attachment to the following address:
- Missed spam: Forward as attachment to: report-spam (at) electricembers (dot) net
- Missed virus: Forward as attachment to: help (at) electricembers (dot) net
- Legitimate mail wrongly tagged as spam or virus In the less common case of false positives, we always want to know about it so we can tune our filtering to eliminate these instances going forward; we aim to have ZEROlegitimate messages marked as spam or virus. If a message is tagged as a virus, it will have an Shield attachment that describes the reason and gives instructions for notifying us and retrieving the original message from quarantine. If a message is falsely tagged as spam: forward it as an attachment to: report-ham (at) electricembers (dot) net.
To forward as an attachment in most popular email clients, see these instructions. However, for MS Outlook, instead of their back-door technique we recommend this procedure:
Forward as an attachment in Outlook
- Select Tools | Options… from the menu.
- Under the Preferences tab, click E-mail Options….
- Make sure “Attach original message” is selected under “When forwarding a message.”
- Click OK, then OK again, and forward the message as usual.
Note: If the problem is that you’re seeing messages with [SPAM] and [VIRUS] tags in your Inbox, you simply need to set up automatic filtering.
Here are instructions for a few common email programs:
Go to Preferences –> Rules, and add something like this:
Click Tools –> Message Filters, then click New… and create a rule that looks something like this:
Administrators of Exchange servers that use our Shield service can set up automatic filtering into per-user spam folders by installing the free plugin from Mailshell.
Outlook 2000 and similar:
- Go to File –> New –> Folder, and create a new folder called “junk” or “spam”
- Go to Tools –> Rules Wizard, and create a New rule
- Choose “Check messages when they arrive”
- Choose “with specific words in the subject” (click the check box, then in the lower window click the “specific words” link)
- Enter “[SPAM]” (no quotes)
- Choose “move it to the specified folder” (click the check box, then in the lower window click the “specified folder” link, and choose your spam folder)
- Click Finish
If you’re using an email program not listed here or have other questions, contact us.
The short version: The sender’s mail server is not behaving according to Internet standards, in particular the rule that says it should try again later if it receives a temporary deferral from our server. (Yes, there are more of these misconfigured servers than you would expect, even at big email providers who should know better.) The sender’s email provider should fix the problem, but we can also work around it by whitelisting if necessary.
The long version: Greylisting is our most effective anti-spam measure, and it works by giving a temporary failure (a 4.x response) the first time a sending server tries a message from a new sender to a new recipient. All legitimate mail servers should handle this temporary failure by deferring the message and trying again later, often within 5-30 minutes, at which point we accept the message and whitelist the triad of sending server, sender, and recipient, so mail will flow unimpeded on future attempts. (Mail servers are also fully whitelisted after a certain number of successful sends from any recipient to any sender on our end.) Spammers are blocked because their homebrewed spam-sending software mostly gives up after one attempt, for both technical and economic reasons, while legitimate mail gets through because the Internet standards (RFCs) require mail servers to handle these deferrals properly. This amazingly simple technique eliminates about 90% of spam at your doorstep, without even having to scan it for spam-like characteristics, while having very little effect on real mail. See greylisting.org for more detail.
However, even though the RFCs are the only reason the Internet works and we need to be able to rely on servers obeying them, occasionally we find that someone’s mail server does not comply with the standard. If that happens and you get a rejection message, you can let your sender know that they should contact their email service provider about their server’s non-compliance, but you can also let us know and we’ll investigate and take whatever action is necessary, including manual whitelisting, to allow their mail through.