Notes_for_Recipients

Notes for Recipients                                  DRAFT 9-Jan-09

The notes below are written for recipients subscribing to our model email service, box67.com, and using our default options. They will need to be edited for other services that might have a different setup and options.

Setting up Forwarding

When you subscribe to box67.com, you get a public address <your name>@box67.com, which you can share with the world, and a private address, which is a mailbox at your MDA (Mail Delivery Agent).   You can use any service you like for your MDA, as long as you can turn OFF all spam filtering on messages we forward to your mailbox. This can be done by adding box67.com to your whitelist at your MDA, or by simply setting up a separate account with all spam filtering turned OFF.

Don't ever give out your private address, or you may find spam going straight to your mailbox, bypassing our service entirely. Also, don't click any "This is SPAM" button your MDA may provide. This action may generate a spam report against our service, and immediate suspension of your account until you convince us there won't be another such blunder. Spam that was whitelisted by our service should be forwarded to <spamreports@box67.com>.

Tags and Headers

When forwarded messages arrive at your mailbox, you will see various [tags] on the subject line:

Frank Oliver        10:36 AM 3/17/2006 +0000   [] Work needed on model email service
Steve Gatman        09:52 AM 2/21/2006 -0500   [*] Re: Dictionary attacks overwhelming log files
Bradley J. Cameray 04:48 PM 2/13/2006 -0700   [**] Pet Finders Fraud
Alexander           09:55 AM 2/23/2006 +0100   [spam] Any med for your girl to be happy!

The tags make it easy to sort and filter using your email program. I usually send the [spam] to a separate folder, without even looking at it, but keep the [*] ham, and [**] unsure messages in my quarantine. Empty brackets [ ] mean the message did not go through the spam filter. These are authenticated senders that have a reputation better than my threshold, currently B-rated (less than one in ten spams) and senders on my personal whitelist. See this chart for current statistics on the top senders.

Tags are also used on the Display Name. The [!] tag is added whenever the domain name in the From: address differs from the sender's ID. You may see something like this line in your inbox message list:

[!] American Red Cross 12:55 PM 3/13/2006 -0600   [*] Katrina Relief Fund

Although there is no domain name in this display, there is one in the From: header line, and it differs from the sender's ID.

From: [!] American Red Cross <Redcross-email@usa.redcross.org>

The tag on the Display Name does not necessarily mean it is a forgery, just that you should check the rest of the headers to see the actual sender of the message. The X-Authent header will show you the sender's IP Address, the sender's ID, the authentication method used, the result of that authentication, and the ratings on this ID (C = unknown).

X-Authent: 192.168.34.75 trustme.net HELO PASS ratings=(3,9,C)

Messages that were not whitelisted, and went through our spam filter, will have an additional X-SpamScore header. This header will show you the spam score our filter assigned to the message, and a graphical scale you can use for sorting the mail. Messages with a spam score of 50 or greater will have the pattern *-*-*-| you can put into a sorting rule.

X-SpamScore: *-*-*-|-*-*-* 98.0

There are a number of options you can set, including spam filtering thresholds and tagging options. If you just want the simplest setup, you can go straight to our signup page. Our default settings should be adequate for your needs. If you want a better understanding, and some control over how we process your mail, read Border Patrol MTA.

Frequently Asked Questions

Q1: What is the spam score, and how is it related to the probability that a message is spam?
A1: Messages that go through our spam filter will get a "spam score", which is a number between 0 and 100. The higher the number, the more likely it is spam. A score of 0 is zero probability (according to the filter). A score of 100 is 100% probability, and a score of 50 is 50% probability. So why don't we just call it probability and be done? The problem is that if you look at "raw scores" coming out of a spam filter, you see a very uneven distribution, with most of the messages being near either end of the scale. Most users don't care about raw scores, or even probabilities. They just want to see a certain fraction, say the "best 10%" of the spam in their "unsure" category. So we have "stretched" the scale to make it easier to use and independent of whatever filter we are using. If you want to tag the best 10% of the spam as "unsure", set your ham/spam thresholds to 50/55. Note: This scale stretching is based on the spam score distributions for all users. Your individual distribution may be different, so this is only a rough guide. Use the wide default margins to start, and adjust them as you get more confidence in the filter.

Q2: Why do you clutter our subject lines with spam-score tags? Your authentication headers have all the info we need.
A2: Some email programs, like Outlook Express, are not able to interpret our header lines. Users of more sophisticated programs are more likely to adjust the options to their liking, so we made subject tagging an "opt-out" option. Go to the options-setting page (under Login) ***, and you will see how to turn this OFF. Hey, at least we don't obliterate the whole subject line with tags like ***[Possible UCE]*** I actually prefer to leave the tags ON, and keep the [*] and [**] messages in my inbox, sending only the [spam] to my spam bucket.

Q3: I'm mad as hell about spam, and all this sorting and tagging isn't much better than what I had before. Why can't you just block all the spamming domains right now? We all know they could stop outgoing spam if they wanted to.
A3: There have been many attempts, all failed, to whitelist all the good guys, and blacklist the bad. The key difference in our approach is that we are turning up the pressure slowly, and avoiding any hurdles, like making senders pay a big fee, or expecting them to adopt a particular method. We provide the tools. You and a million other recipients apply the pressure. We follow your policy on which senders will bypass the filter, and what fraction of the remaining mail will be rejected. Set your thresholds high, and senders will hear from their own customers. Soon they will discover that stopping spammers forging their name wasn't so hard after all. Be patient. We haven't yet reached the "tipping point" when all legitimate senders will feel the need to authenticate their outgoing mail.

Q4: This authentication stuff is working great, but still some of my mail is going through the spam filter. How long will it be before the spam is gone?
A4: It is unrealistic to think that spam will go away completely. I prefer to think of having a "clear channel" and "everything else". A better way to phrase the question is - How long before we can ignore the "everything else? That depends on your needs, of course, but I'm guessing that within a year almost everyone wanting to send me an email will know that they have to use a reputable sender. For me, that is B-rated, or better. I need to receive emails from strangers, and I can tolerate 10% spam in my inbox. Small domains seem to be having no problem offering authentication, and joining the "clear channel". Some of the larger domains are dragging their feet, for various reasons, including a belief that what we are doing is somehow contrary to their "business model". This is a situation much like the early days of email, when the large ISPs would not exchange emails with each other. Eventually, the community of little guys was bigger than any one big guy, and the big guys had to give up on their ambitions to monopolize the email market.