Electric Embers: Handcrafted hosting, powering the fires of change

Shield Users

Although Shield blocks and deletes over 90% of your spam (the unambiguously spammy messages), it continues to tag and deliver merely probable spam and suspected viruses (after cleaning, of course) because no automatic scanner can be perfect — a minute percentage of legitimate mail will be incorrectly identified as spam, and you wouldn’t want that deleted. You can set up automatic filters in your email software to automatically place the tagged messages (with [SPAM] and [VIRUS] in the subject line) into a Junk folder.

If you are seeing spam slip through untagged, you likely need do nothing but wait a week or two for the filtering software and databases to catch up to the spammers. Likewise with viruses: the rare variety that slips through will almost certainly be reported and added to the scanner within a matter of hours. However, if you see even a single false positive (legitimate mail tagged as spam or virus), we want to know about it right away. Please see the reporting instructions below for more detail, or speak to your domain’s email administrator.

Frequently Asked Questions:

Too much spam is coming through -- what can you do?

We can’t control how much spam is sent to you, but we’re committed to helping block and filter as much of it as possible to make sure that very little actually reaches you. For every 1000 incoming spams, we estimate that 900 are blocked, 76 deleted, and 23 tagged, leaving 1 message which might end up in your inbox. When it starts to seem like your spam volume has gone up, there are several things we can do. In a particularly bad storm of spam, we may need to inspect specific messages or help block mail from specific email systems. But the best way to deal with a gradual increase is for you to help train Shield to recognize your spam.

  1. First, ensure that your mail server is locked down against receiving mail directly from any servers other than Shield, as spammers and viruses will manage to find that and send to you directly, circumventing the protective shield. Please see the relevant section of the Shield Admin Guide.
  2. Next, if you’re seeing a lot of messages with the [SPAM] tag in your inbox, you simply need to set up automatic filters on the user side to dump these messages into a junk mailbox. See the filtering instructions below.
  3. If you’re seeing something on the order of 10-20 spam messages per day without the [SPAM] tag, that may just be a temporary wave of spammers being more successful than usual, which can last days or weeks. We and our users are constantly training Shield on the new spam and eventually it will catch up, but if you also want to help train the system with the spams you’re seeing, please see the reporting instructions below.
  4. If any single address is receiving scores or hundreds of untagged spam messages per day, there may be something seriously misconfigured, so please contact us and we will help you figure it out.
How do I report missed spams/viruses or real mail tagged incorrectly as spam/virus?

These are two different cases.

  1. Missed (untagged) spam or virus Our filtering system is more accurate than most, but it does occasionally make mistakes: around 1% of spam may slip through untagged. We accept this level of false negatives in order to avoid the risk of false positives. But if you receive something unwanted that wasn’t tagged, you can report it as spam, to make Shield work better for everyone. Forward it as an attachment to the following address:
    • Missed spam: Forward as attachment to: report-spam (at) electricembers (dot) net
    • Missed virus: Forward as attachment to: help (at) electricembers (dot) net
  2. Legitimate mail wrongly tagged as spam or virus In the less common case of false positives, we always want to know about it so we can tune our filtering to eliminate these instances going forward; we aim to have ZEROlegitimate messages marked as spam or virus. If a message is tagged as a virus, it will have an Shield attachment that describes the reason and gives instructions for notifying us and retrieving the original message from quarantine. If a message is falsely tagged as spam: forward it as an attachment to: report-ham (at) electricembers (dot) net.

To forward as an attachment in most popular email clients, see these instructions. However, for MS Outlook, instead of their back-door technique we recommend this procedure:

Forward as an attachment in Outlook

  1. Select Tools | Options… from the menu.
  2. Under the Preferences tab, click E-mail Options….
  3. Make sure “Attach original message” is selected under “When forwarding a message.”
  4. Click OK, then OK again, and forward the message as usual.

Note: If the problem is that you’re seeing messages with [SPAM] and [VIRUS] tags in your Inbox, you simply need to set up automatic filtering.

How do I filter spam into a separate folder?

Open your preferred email application and in the menus at the top, locate Rules (or Filter Rules or Message Filters depending on which app you use). Add a new rule for messages with the [SPAM] tag in the Subject line and add an action to move those messages into your Spam folder. Click on OK (or Save) to save your new filter rule.

Why was mail sent to me returned to the sender with a notice saying they were greylisted?

The short version: The sender’s mail server is not behaving according to Internet standards, in particular the rule that says it should try again later if it receives a temporary deferral from our server. (Yes, there are more of these misconfigured servers than you would expect, even at big email providers who should know better.) The sender’s email provider should fix the problem, but we can also work around it by whitelisting if necessary.

The long version: Greylisting is our most effective anti-spam measure, and it works by giving a temporary failure (a 4.x response) the first time a sending server tries a message from a new sender to a new recipient. All legitimate mail servers should handle this temporary failure by deferring the message and trying again later, often within 5-30 minutes, at which point we accept the message and whitelist the triad of sending server, sender, and recipient, so mail will flow unimpeded on future attempts. (Mail servers are also fully whitelisted after a certain number of successful sends from any recipient to any sender on our end.)

Spammers are blocked by greylisting because their homebrewed spam-sending software mostly gives up after one attempt, for both technical and economic reasons, while legitimate mail gets through because the Internet standards (RFCs) require mail servers to handle these deferrals properly. This amazingly simple technique eliminates about 90% of spam at your doorstep, without even having to scan it for spam-like characteristics, while having very little effect on real mail. See greylisting.org for more detail.

However, even though the RFCs are the only reason the Internet works and we need to be able to rely on servers obeying them, occasionally we find that someone’s mail server does not comply with the standard. If that happens and you get a rejection message, you can let your sender know that they should contact their email service provider about their server’s non-compliance, but you can also let us know and we’ll investigate and take whatever action is necessary, including manual whitelisting, to allow their mail through.