SMARTERTOOLS » SMARTERMAIL » CONTENT FILTERING

ID #1096

Spam Prevention Content Filter Set

Verify your SPF record is set to -all to protect against "spoofed" emails.

NOTE: You will want to confirm if the domain has any email users that are sending from PDA style devices, as this may cause negative effects for those users. More information about this is outlined below. A content filter must be created to accommodate this. (Outlined below)

Refer to the example image below when modifying your SPF Settings.



Add any Trusted Sender domains and email addresses that you would like to bypass the content filters.

Confirm parent domain is NOT in the Trusted Sender list. This can cause an increase in spoofed emails due to the bypassing of the content filters.


  


Set Spam Filtering to Override spam settings for this domain



Adjust Spam Filtering Actions as outlined in the screenshot below:



 

Confirm Current Weights are similar to what is listed in the screenshot below:




 


The screenshot below is an overview of the Content Filters configured for this domain. NOTE: there may be certain variations to the content filter for specific domains.

 

 

 

The remaining screenshots detail the Content Filters outlined above.

 

Trusted Senders Content Filter Setup:



SMTP Allow Content Filter Setup:

This Content filter should contain IP addresses and Host Names of common cell phone carriers and ISP SMTP servers.

received: from web*.crystaltech.com (unverified [216.119.*.*])
Received: from gwa*.webcontrolcenter.com (unverified [localhost])
*-*-*-*.mobile.mymmode.com *mobile.mymmode.com
mail-*-*.google.com
*myvzw.com
*waterloo.rim.net
*bisx.prod.on.blackberry
*bis.na.blackberry.com
216.9.240.*
216.9.241.*
216.9.242.*
216.9.243.*
216.9.244.*
216.9.245.*
216.9.246.*
216.9.247.*
216.9.248.*
216.9.249.*
216.9.250.*
216.9.251.*
216.9.252.*
216.9.253.*
216.9.254.*
216.9.255.*
atlmtaow01.cingular.com
cingular.com
174.192.*.*
174.193.*.*
174.194.*.*
174.195.*.*
174.196.*.*
174.197.*.*
174.198.*.*
174.199.*.*
174.200.*.*
174.201.*.*
174.202.*.*
174.203.*.*
174.204.*.*
174.205.*.*
174.206.*.*
174.207.*.*
174.208.*.*
174.209.*.*
174.210.*.*
174.211.*.*
174.212.*.*
174.213.*.*
174.214.*.*
174.215.*.*
174.216.*.*
174.217.*.*
174.218.*.*
174.219.*.*
174.220.*.*
174.221.*.*
174.222.*.*
174.223.*.*
174.224.*.*
174.225.*.*
174.226.*.*
174.227.*.*
174.228.*.*
174.229.*.*
174.230.*.*
174.231.*.*
174.232.*.*
174.233.*.*
174.234.*.*
174.235.*.*
174.236.*.*
174.237.*.*
174.238.*.*
174.239.*.*
174.240.*.*
174.241.*.*
174.242.*.*
174.243.*.*
174.244.*.*
174.245.*.*
174.246.*.*
174.247.*.*
174.248.*.*
174.249.*.*
174.250.*.*
174.251.*.*
174.252.*.*
174.253.*.*
174.254.*.*
174.255.*.*
209.85.122.*
209.85.123.*
209.85.124.*
209.85.125.*
209.85.126.*
209.85.127.*
209.85.128.*
209.85.129.*
209.85.130.*
209.85.131.*
209.85.132.*
209.85.133.*
209.85.134.*
209.85.135.*
209.85.136.*
209.85.137.*
209.85.138.*
209.85.139.*
209.85.140.*
209.85.141.*
209.85.142.*
209.85.143.*
209.85.144.*
209.85.145.*
209.85.146.*
209.85.147.*
209.85.148.*
209.85.149.*
209.85.150.*
209.85.151.*
209.85.152.*
209.85.153.*
209.85.154.*
209.85.155.*
209.85.156.*
209.85.157.*
209.85.158.*
209.85.159.*
209.85.160.*
209.85.161.*
209.85.162.*
209.85.163.*
209.85.164.*
209.85.165.*
209.85.166.*
209.85.167.*
209.85.168.*
209.85.169.*
209.85.170.*
209.85.171.*
209.85.172.*
209.85.173.*
209.85.174.*
209.85.175.*
209.85.176.*
209.85.177.*
209.85.178.*
209.85.179.*
209.85.180.*
209.85.181.*
209.85.182.*
209.85.183.*
209.85.184.*
209.85.185.*
209.85.186.*
209.85.187.*
209.85.188.*
209.85.189.*
209.85.190.*
209.85.191.*
209.85.192.*
209.85.193.*
209.85.194.*
209.85.195.*
209.85.196.*
209.85.197.*
209.85.198.*
209.85.199.*
209.85.201.*
209.85.202.*
209.85.203.*
209.85.204.*
209.85.205.*
209.85.206.*
209.85.207.*
209.85.208.*
209.85.209.*
209.85.210.*
209.85.211.*
209.85.212.*
209.85.213.*
209.85.214.*
209.85.215.*
209.85.216.*
209.85.217.*
209.85.218.*
209.85.219.*
209.85.220.*
209.85.221.*
209.85.222.*
209.85.223.*
209.85.224.*
209.85.225.*
209.85.225.*
209.85.226.*
209.85.227.*
209.85.228.*
209.85.229.*
209.85.230.*
209.85.231.*
209.85.232.*
209.85.233.*
209.85.234.*
209.85.235.*
209.85.236.*
209.85.237.*
209.85.238.*
209.85.239.*
209.85.240.*
209.85.241.*
209.85.242.*
209.85.243.*
209.85.244.*
209.85.245.*
209.85.246.*
209.85.247.*
209.85.248.*
209.85.249.*
209.85.250.*
209.85.251.*
209.85.252.*
209.85.253.*
209.85.254.*
209.85.255.*

 

 



Verify SPF Content Filter Setup:

This Content filter will confirm the sending server is using a valid SPF record established for the domain name. NOTE: Confirm SPF record is setup correctly.

 

 

 



Block Keyword Content Filter Setup:

Subject Body Text From Address Email Header
V|AGRA
Levit3ra_Ci3lis
[Replica~Watches~Store]
*Replica~*
*~V1agra~*
*SexMED*
*Re4plica*
*Wat4ches*
*bestsoftware*
*encephalitis*
*C I 1 A 1 1 S*
*V 1 1 A G R A*
*C I 1 A 1 1 S*
*L E V I 1 T R A*
*V 1 1 A G R A*
*S0FT Tab´s*
*S0FT Tabs*
*V 1 1 A G R A*
*C I 1 A 1 1 S*
*V 1 1 A G R A*
*C I 1 A 1 1 S*
*C I 1 A 1 1*
*Fantastic watches*
*% Sale*
* oem*
* cialis *
* ipo *
*viagra*
*viagraa*
*Vicodin*
*Codeine*
*Hydrocodone*
*Phentermi*
*Valiun*
*Ambiem*
*Xanas*
*medshop*
*med shop*
pills
*penis*
*fuck*
*cunt*
*shit*
* babe *
* babes
*anal *
*sex*
*sexual*
*penis*
*penny stock*
*target prrice*
*current prrice*
*tarrget*
*tarrget prrice*
*current prrice*
*prrice*
*currrent*
*gaiins*
*sexual content*
*viagra*
*sexually explicit*
*shemale*
*pfizer*
*vomit*
*VIAGRAÂ*
*Rolex*
*Rep1icaWatches*
*FakeWatches*
*ReplicaR0lexWatches*
*SoftTabs*
*Ciali*
*Levit*
*SildenafilCitrate*
*R0lex*
V|AGRA
Levit3ra_Ci3lis
[Replica~Watches~Store]
*Replica~*
*~V1agra~*
*SexMED*
*Re4plica*
*Wat4ches*
*bestsoftware*
*encephalitis*
*C I 1 A 1 1 S*
*V 1 1 A G R A*
*C I 1 A 1 1 S*
*L E V I 1 T R A*
*V 1 1 A G R A*
*S0FT Tab´s*
*S0FT Tabs*
*V 1 1 A G R A*
*C I 1 A 1 1 S*
*V 1 1 A G R A*
*C I 1 A 1 1 S*
*C I 1 A 1 1*
*Fantastic watches*
*% Sale*
* oem*
* cialis *
* ipo *
*viagra*
*viagraa*
*Vicodin*
*Codeine*
*Hydrocodone*
*Phentermi*
*Valiun*
*Ambiem*
*Xanas*
*medshop*
*med shop*
pills
*penis*
*fuck*
*cunt*
*shit*
* babe *
* babes
*anal *
*sex*
*sexual*
*penis*
*penny stock*
*target prrice*
*current prrice*
*tarrget*
*tarrget prrice*
*current prrice*
*prrice*
*currrent*
*gaiins*
*sexual content*
*viagra*
*sexually explicit*
*shemale*
*pfizer*
*vomit*
*VIAGRAÂ*
*Rolex*
*Rep1icaWatches*
*FakeWatches*
*ReplicaR0lexWatches*
*SoftTabs*
*Ciali*
*Levit*
*SildenafilCitrate*
*R0lex*
V|AGRA
Levit3ra_Ci3lis
[Replica~Watches~Store]
*Replica~*
*~V1agra~*
*SexMED*
*Re4plica*
*Wat4ches*
*bestsoftware*
*encephalitis*
*C I 1 A 1 1 S*
*V 1 1 A G R A*
*C I 1 A 1 1 S*
*L E V I 1 T R A*
*V 1 1 A G R A*
*S0FT Tab´s*
*S0FT Tabs*
*V 1 1 A G R A*
*C I 1 A 1 1 S*
*V 1 1 A G R A*
*C I 1 A 1 1 S*
*C I 1 A 1 1*
*Fantastic watches*
*% Sale*
* oem*
* cialis *
* ipo *
*viagra*
*viagraa*
*Vicodin*
*Codeine*
*Hydrocodone*
*Phentermi*
*Valiun*
*Ambiem*
*Xanas*
*medshop*
*med shop*
pills
*penis*
*fuck*
*cunt*
*shit*
* babe *
* babes
*anal *
*sex*
*sexual*
*penis*
*penny stock*
*target prrice*
*current prrice*
*tarrget*
*tarrget prrice*
*current prrice*
*prrice*
*currrent*
*gaiins*
*sexual content*
*viagra*
*sexually explicit*
*shemale*
*pfizer*
*vomit*
*VIAGRAÂ*
*Rolex*
*Rep1icaWatches*
*FakeWatches*
*ReplicaR0lexWatches*
*SoftTabs*
*Ciali*
*Levit*
*SildenafilCitrate*
*R0lex*
V|AGRA
Levit3ra_Ci3lis
[Replica~Watches~Store]
*Replica~*
*~V1agra~*
*SexMED*
*Re4plica*
*Wat4ches*
*bestsoftware*
*encephalitis*
*C I 1 A 1 1 S*
*V 1 1 A G R A*
*C I 1 A 1 1 S*
*L E V I 1 T R A*
*V 1 1 A G R A*
*S0FT Tab´s*
*S0FT Tabs*
*V 1 1 A G R A*
*C I 1 A 1 1 S*
*V 1 1 A G R A*
*C I 1 A 1 1 S*
*C I 1 A 1 1*
*Fantastic watches*
*% Sale*
* oem*
* cialis *
* ipo *
*viagra*
*viagraa*
*Vicodin*
*Codeine*
*Hydrocodone*
*Phentermi*
*Valiun*
*Ambiem*
*Xanas*
*medshop*
*med shop*
pills
*penis*
*fuck*
*cunt*
*shit*
* babe *
* babes
*anal *
*sex*
*sexual*
*penis*
*penny stock*
*target prrice*
*current prrice*
*tarrget*
*tarrget prrice*
*current prrice*
*prrice*
*currrent*
*gaiins*
*sexual content*
*viagra*
*sexually explicit*
*shemale*
*pfizer*
*vomit*
*VIAGRAÂ*
*Rolex*
*Rep1icaWatches*
*FakeWatches*
*ReplicaR0lexWatches*
*SoftTabs*
*Ciali*
*Levit*
*SildenafilCitrate*
*R0lex*

 

 

 

 

 


 

Block Domains Content Filter Setup:

NOTE:  If you expect to get email from foriegn domains, please confirm the domain extension before adding it to the filter outlined below:

*.ar
*.*.ar
*.br
*.*.br
*.by
*.*.by
*.ca
*.*.ca
*.cn
*.*.cn
*.de
*.*.de
*.gr
*.*.gr
*.dk
*.*.dk
*.fr
*.*.fr
*.hk
*.*.hk
*.id
*.*.id
*.in
*.*.in
*.it
*.*.it
*.kr
*.*.kr
*.lb
*.*.lb
*.pl
*.*.pl
*.pt
*.*.pt
*.ru
*.*.ru
*.sk
*.*.sk
*.tld
*.*.tld
*.tw
*.*.tw
*.ua
*.*.ua
*.uk
*.*.uk
*.vn
*.*.vn


 

 

 

 


Spam Probability High Content Filter Setup:

 



Spam Probability Medium Content Filter Setup:



Spam Probability Low Content Filter Setup:



 




Additional Information:

 

1. Trusted senders list only applies to spam filters, not content filters. Content filters are still run on emails from trusted senders. (As they should be, for example if I move all words containing the word "ebay" into an ebay folder. They should still go there if someone on my trusted senders list emails me about ebay)

1a. Domain trusted senders list is not used if the user chooses to override the domain spam filtering options. (If the domain admin chooses to trust user@evilspammer.com, the user should have the ability to opt out of this)

2. Spam is not content filtered. (Same example above, if I get spam about ebay, it should end up in Junk E-Mail, not the ebay folder)

2a. Content filters are meant for just that. Filtering legitimate content. They get used as a bandaid for spam however, which has slightly changed their purpose from our original intent.

3. Content filtering "cialis" will end up also matching "specialist". As someone mentioned, you can use "* cialias *" and this will require cialis to contain spaces around it.

4. Domain content filters are run before personal content filters.

5. As soon as one content filter is evaluated as true, processing stops.

6. The AND/OR operators applies to seperate rules, not multiple lines in a single rule. (Correct: Filter must match from address AND subject text. Incorrect: Filter must contain x AND y in the subject) 

 


Tags: -

Related entries:

Last update: 2010-09-17 19:45
Author: Admin
Revision: 1.5

TechNetSource on Facebook
| More