Control Panel/Webmail Log in

Search

SpamVault spam blocker

SpamVault allows you to block e-mail from spammers. SpamVault can block unwanted email, spam, viruses, executable attachments, duplicate messages, Base64 email, web-bugs and images. You can save your spam to a repository or simply vaporize it. You can also log all your email, viewing your log in a nice easy HTML interface. PureIdeasPlus.com will always have the latest, most up to date version of SpamVault on our servers.

Although SpamVault is very easy to use, it's also very powerful and if not used properly can delete e-mail you may have wanted to receive. Please read these instructions before using SpamVault as we cannot retrieve lost e-mail.

  Begin by Adding an Entry:

You need to add an entry in the text box appropriately named, "Add an entry:". An example of an entry would be a spammer's e-mail address. SpamVault is not case sensitive, so you can use "ALL CAPS" or "Not All Caps" and it makes no difference. There are radio buttons called filters to the right of this box with the letters F,T,H,S & B next to them. These represent the area of the e-mail that is used to trigger the blocking of the e-mail. For instance, the "F" stands for e-mail "From" someone. In the example here, we want to block any e-mail coming "From" the e-mail address spammer@spam.com, so we would make sure the radio button next to the "F" is checked.

The following are the areas of the e-mail that can be blocked:

F = From (block e-mail 'From' someone or some network)
T = To (block e-mail sent 'To' someone at my domain)
H = Header (block e-mail with special text in the header section of an e-mail)
S = Subject (block e-mail with this word or phrase in the 'Subject' of the e-mail)
B = Body (block e-mail with this word or phrase in the 'Body' of the e-mail

Caution: We thought this would be a good time to warn you. As a beginner, we recommend that you only use the following characters in your entries as other characters can cause very predictable results (all bad). You can use the following characters: A - Z, a - z, 0 - 9, period (.), dash (-), Underscore (_), and the At symbol (@).

Here is what your entry should look like:

After entering the information you wish to block press the "Add Entry" or "Update Entries" buttons:

Entries are sorted by the filter names so that all your "From" entries will be together, etc. Once entered, your entry will show up on the list and looks as follows:

It is very important that you allow the entire page to load before pressing the "Add Entry" button at the top of the page when adding or editing an entry. If you fail to do this, the entries that have not loaded yet will not be submitted to the system and therefore will be eliminated.

  Editing an Existing Entry:

Once an entry is entered, you can change it by editing the existing entry. For instance, if you wanted to test this entry to see if you were still getting e-mail from this particular address, you might wish temporarally turn off this filter by unchecking box next to the word Block. We do recommend that you try to keep the quantities of your entries as small as possible. However, it's not unusual for someone to have 100 entries before long. You can edit as many entries as you wish but be sure to press the 'Update Entries' button after you're finished editing.

  Configuration Section:

You can show or hide the configuration data of SpamVault by checking or clearing the box appropriately called "Show Configuration Data" located below the 'New Entry' section at the top and then click the Update Entries button.

Sample Configuration Data Section

Let's review the configuration section.

Total Spams Filtered: 33739 This is the number of spams that have been filtered on your account. Note that some spams aren't blocked with SpamVault as you'll see in the Advanced Filtering Tools section below.

Send Spam to Never Never Land! You can delete your spam (AKA send it to Never Never Land) or send it to a special repository file by placing a check in the box labeled, "Or check this box and manage your spam via webmail". As this file grows it uses disk space, so it is always a good idea to clear this file regularly by placing a check in the box next to "Check box to clear the #### byte repository file and conserve your disk space." It is also best to avoid saving email to the repository unless you're testing new filters to make sure you don't accidentally lose any email. You must press the 'Update Entries' button for these changes to take place. The most effective way to view your spam repository is to click on the link that reads "webmail". See below on your spam email box which may help you recover any spam that should not have gotten blocked. If you want to see the raw repository file, you can click on the link by the same name.

Email Log Info. SpamVault can keep a log of all the e-mails that have gone through your account. As the log file grows, it also uses disk space, so it is always a good idea to 'Clear this file' regularly or uncheck "Keep an e-mail log" which turns off the logging feature. You must press the 'Update Entries' button for these changes to take place. To view the log simply click on the "e-mail log" link. There is more information on viewing the log files further down in these instructions.

When logging is on, SpamVault logs all email and is then able to keep tabs on how many spams it has blocked. This feature is guaranteed to provide a personal sense of satisfaction.

Note: there is a limit to the size (set by your host) that SpamVault will be allowed to use for the repository and log files. If you reach this limit, the next time you open SpamVault you will see a warning notifying you of this that directs you to clear your log and repository files. Until the logs are cleared, SpamVault will then stop blocking spam and logging.

White List. A White List is a list of email addresses that you never want blocked. There may come a time when you're blocking the term, "Click Here" to avoid spam that want you to click to buy something. However, you may also subscribe to a mailing list that uses the same term to get you to see the full text of their newsletter by clicking on the same term. All you would have to do to is add their email to your White List to make sure that their email is never blocked. Turn the White List feature on by putting a check next to the text that reads, "Check box to turn on White List". Then click on the words White List to add entries to your White List in the window that will pop up.

  Advanced Filtering Tools.

Block Base64 Encoded Email: Spammers use special encoding called Base64 to bypass text based email filters. Virtually all Base64 encoded email is spam. This option stops all Base64 email from getting into your email box. Note: Email attachments such as Word files are encoded with the email as Base64 but SpamVault will allow these to pass through. While most do not, some email programs such as AOL create Base64 emails when you attach files. As a result, you may want to be careful when using this tool and turn it off if you have a lot of people sending you attachments.

Break Web-Bugs and Web Based Images: When a spammer sends HTML based email, they can include images that are pulled in from the internet when you open the email. Using special code these images can alert the spammer that you have opened the email and they have hit a live target. Unfortunately, these images can also be legitimate images such as logos in a letter from a business. SpamVault does NOT block these type of emails. It simply attempts to break the code referring to the image, leaving everything else intact. This option also does NOT block images sent as attachments.

Prevent Multiple Exact Duplicate Emails. It's amazing how many times a spammer will send you emails just to get his point across. Often these are exact duplicates. For instance, they might try sending to info@, support@, sales@, and help@ your account in hopes of hitting a live email box. This kind of trash can be blocked with this filter. The first one, if not blocked by your regular entries, will be the only one that you will need to deal with.

Block Executable Attachments: Many viruses are delivered via executable email attachments. When checked, SpamVault will block email with executable attachments. This does not guarantee that you will not catch a virus or that SpamVault will catch every possible executable attachment. However, this is just another safeguard in your toolbox to prevent damage to your computer. This is not a replacement for virus protection software which we recommend you have installed on your own computer.

Because different people have the need to block or allow different types of files, you can use the text boxes to designate which types of files you wish to block. Enter the file extension. Separate entries with a pipe symbol.
Example: . Note, do not put a pipe symbol at the beginning or the end. Just use it to separate the entries. For example:

Bypass Address. The Bypass Address is similar to a White List except that it is a special single address that when people send email to it, it will not get filtered. You can change this address regularly and give it out only to people who need it. For instance, you might choose sales@yourdomain.com as your Bypass Address that should never get filtered just in case a prospective customer writes in. You can make the Bypass Address 'sales@yourdomain.com' . The Bypass Address doesn't even have to be a valid email box on your account. It's just an identifier to SpamVault that you want all email sent to this address directed to an email box name on your account.

Width of Text Boxes. Depending on the screen resolution you use and the length of your entries, you may wish to change the width of the text boxes used in the list of blocked entries. Changing this number merely changes the width of these boxes. You must press the 'Update Entries' button for these changes to take place.

  Spam Email Box

When you installed SpamVault on your account there was a new email box added to your account called spam (assuming that there wasn't one by that name there already). This new box is not like other email boxes in that you should not use it as an address for people to send email to. Instead, the special box enables you to use the webmail on your account to review and manage the spam that has found its way into your spam repository. For instance, let's say you notice in the email log that SpamVault has blocked a piece of email that you wish to recover. Click on the WebMail link in the line "Or check this box to save and manage your spam via webmail" to open your webmail interface. The user name to type in is "spam." Note: Before you can gain access to this email box, you must set the password using your Control Panel - Mail Manager tool.

  Viewing the Email Log.

This is actually a very rewarding experience even if you're not a propeller head because it will quickly show you the spam that is being blocked and help you figure out which email filters are working for you. The SpamVault Log is also helpful in diagnosing why (heaven forbid) an email you wanted was blocked. Here is a sample of what the log looks like. All of the entries that start with "===SpamVault: Part_of_Email contains [spam trigger text]" tell you that this email was successfully filtered based on your preferences. The text in [brackets] tells you the actual word or words that triggered a block of the email. One item to keep in mind when reviewing your logs. As soon as SpamVault discovers that the email is spam, it filters it out, logs it and moves on. Therefore, it may find that the that some text in the subject triggered the block when it's clear that the subject line also has elements in it that are being blocked. However, it will not only the first item that triggered the block, not all the items.

When SpamVault filters an email it will also log the true designated recipient of the email. Many spammers send email to one address and then BCC the email to your address in a little slight of hand. The true recipient's address isn't shown in the header of the email. SpamVault will reveal this information in red in spite of the spammer's efforts to hide it. This will be very helpful in finding out if there is a pattern of email boxes that the spammers are trying to send to. You will also see a little > next to the "Subject" line in the table below. This is a handy tool if you should see a subject that you're interested in and want to view. Clicking on the > will will take you to webmail where you can log in and view all the email that SpamVault has captured.

Note that by default, SpamVault does not show all email that has been received as the screen shot above shows. If you click on the link at the stop of the log that reads, "View ALL email in the log", you'll then be able to see all email -- filtered and non filtered. The shown that do not have "===SpamVault..." in them were emails that weren't filtered that have successfully found their place in an email box on you account.

  Hidden Benefit of SpamVault:

Until now, your account used bandwidth twice when you received spam. Once the e-mail arrives at the server and again when you retrieve it from the server. SpamVault completely eliminates the spam at the server level so you will avoid using the extra bandwidth when you check your e-mail. The less e-mail traffic there is, the faster your web site is served up when people visit it.

  Maximum Entries:

While there is no maximum amount of entries that you can put into SpamVault, the more you enter the more work your server has to perform while filtering each email. It is recommended that you purge as many entries as often as possible by either deleting them or allowing them to remain temporarily see if they are still required. This makes sure your email is working as efficiently as possible.

  Understanding E-mail Header Information:

Every e-mail sent has a section called the 'header'. This section includes commonly known data such as who the e-mail is being sent from and who it is being sent to along with some other information that will help you manage your spam. The header is not usually viewable in the default settings of your e-mail program. You may need to read the documentation on your e-mail program to find out how to view the header.

An e-mail header can be broken down into some basic parts. Each part it identified by a title such as "From:". Rather than getting into too much detail about all the sections, we'll just focus on the ones SpamVault looks at to filter out spam. We've highlighted the data that we'll be focussing on in red.

SAMPLE e-mail HEADER:
---------------------
X-POP3-Rcpt: you@your-mailaddress.com
Received: from welove.spamnet.com (spammers_isp.com [209.90.160.156])
by youre-mailserver.com (8.10.2/8.10.2) with SMTP id g05HX0N10982
for <me@youre-mailaddress.com>; Sat, 5 Jan 2002 12:33:04 -0500
Message-Id: <200201051733.g05HX0N10982@spammers_isp.com>
Content-Type: text/html; charset=US-ASCII
Date: Sat, 5 Jan 2002 09:33:13 -0800
To: you@your-mailaddress.com
From: Bob Spammer <bob@phonyaddress.com>
X-Mailer: Version 5.0
Subject: You may have already won $10,000!!!
Organization:

The "To:" Section. Info in this section shows where the e-mail was delivered to. Often, this is a weak place to put a block because spammers take advantage of catch-all e-mail boxes. They send it to Anybody@yourdomain.com and whoever has the catch-all e-mail box will get it. So you might set up a block on anything sent to Anybody@yourdomain.com. Tomorrow they'll use Nobody@yourdomain.com and get by the block of "Anybody@yourdomain.com" that you'd set up. One thing this section is good for is to stop mail from going to someone who's left the company.

The "From:" Section. In short, this is easily forged and can be changed as easily as the "To:" address. This is userful to block out those annoying friends who keep sending you chain letters. Blip, you'll never have to look at those again.

The "Subject:" Section. Now we're getting some power. Want to stop the e-mails with XXX or SEX or Work At Home in the subject line? This is the place to do that. Be careful about blocking short words such as "sex." What if the subject were, "Life is great in Essex Park"? It might be better to put a space before and after the entry so that in doesn't include anything other than the single word sex.

The "Header:" Section. Info in this section is blocked using the H (Head) trigger in SpamVault. This is one of the most powerful areas for blocking because you can block an entire network in one fell swoop. (Please note that "Powerful" does not mean easy. It means, if you use it incorrectly, you can easily block all of your email.)

There are some services that are friendly to spammers; they even encourage spamming. They permit or profit from spamming on their server network. Often, you'll get many different looking spams from one network and not realize it, because the return addresses are phony. Before we decide what to block, remember to block as little as possible by using a well targeted entry. Casting too wide a net or making a lot of unnecessary entries just makes the server work harder for no reason and will block email you will have wanted to receive. So, looking at the Received: section, here are some potential candidates for blocking in order of preference. 1) spamnetwork.com 2) spammers_isp.com (but be careful, if the guy's on America Online, you've just blocked everyone on AOL). Also, there are often more than one Received: entry, use the last one ONLY.

Spammers and Their Tricks:

We have to confess that SpamVault is not the end of all spam, but it will give you better control over your circumstances. In our test and experience we've been able to reduce spam by well over 95%. Still, spammers are always devising tricks to work around all spam-blocking software and we're constantly trying to prevent them from doing so. One way they may get around SpamVault is to trick you into blocking the wrong section of the e-mail header. Technically speaking, it's easy to fake almost all but the Header section of an e-mail. And without a trained eye, it's hard to sort out truth from fiction. You might block everything coming from one e-mail address and all they have to do is fake you out by using another e-mail address. Using this trick it can look like they're sending from a hotmail.com address today and a different address tomorrow. Here is where the power of the 'Received' section of the header comes in and why it's important to review the header of your e-mail rather than the default to and "From:" sections.

A spammer typically is not be able to change the information in the 'Received' section of the header. So, using that as a filter can be the strongest method of blocking e-mail. Please do not just paste the entire 'Received' section into SpamVault. You need to review the header for a specific server name and sometimes an IP number (but these change regularly so it is not recommended). In the example above, the network that the spam is coming from is welove.spamnet.com. We would recommend that you only use the last and second to the last section of the network name: spamnet.com.

Spammers are using HTML-based email more and more lately. Unfortunately for them, while it's often easy to fake parts of the headers, when it comes to the body of the email, they almost always provide some method of contacting them and thus, give you something to block. It's especially hard to hide the references to their domains and IP addresses in the links of the source code. The trick is to view the source code of the email (usually by right clicking on the email itself) and then search for the text "<href=...". There is usually more than one of these. Following this is a reference to the server that the page links to. Grab just the domain name and block that. SpamVault will read that in the source code of the email as it passes through and block those emails in the future.

Many companies get duped by professional spamming companies into thinking that there's some money to be made in massive emailings. Maybe for the spammer there is. The one common theme in this type of email is that the advertisers links will probably always change in the body of the email but the "unsubscribe" link is probably directed right at the spam provider since they're the ones doing the spamming. When given a choice, I'd take the unsubscribe link domain name over the one in the body of the letter.

There are further, more advanced features in SpamVault. These features are documented in the SpamVault help file accessible withing the tool.