UMKC Information Services →  Exchange E-Mail Antispam FAQ

	Exchange Antispam Methods

Blocking statistics included below are current as of March 2007.  At the reporting time, we had 446171 messages attempted in one day, and of that 314014 were blocked spam messages. 

Please click on the hotlinks for more information on the test method.

The tests used are:

Greylisting:  This type of test looks for specific mail server behavior, as per the Internet RFC for email servers.  Specifically, an incoming email server must re-try a message if it gets a 400-series error message.  Properly configured email servers will retry their email message, and will deliver messages correctly.  Most spambots will give up on the address, and will not be able to complete delivery of the junk-email.  This method accounts for 27% of our spam blocking capability.

'HELO' filtering:  This type of test looks at the 'HELO' command that an incoming server uses when connecting to UMKC email servers.  This 'HELO' command must follow a specific format as per the Internet RFC for email servers.  Many spambots have been known to use invalid 'HELO' commands, and as such, we can filter based on the command format.  This method accounts for 34% of our spam blocking capability.

DNS Blacklisting:  This type of test looks for messages that come from IP addresses on the Internet which have been know to relay spam.  This method accounts for 22% of our spam blocking capability.

Key-phrase filtering:  This type of test looks for known phrases found in often-reported spam messages.  We build the list of key-phrases using the information collected from the UMKC Spam Reports .  This includes phrases often found in phishing email messages, and frequently reported pornographic spam messages.  This method accounts for 1.3% of our spam blocking capability.

Spamvertised URL filtering:  This type of test looks for web addresses in email messages that have been known to be included in spam email messages.  We use an Internet source for this list of spam-advertised web sites.  An example would be a web site known for spam-advertising a Viagra web site, would end up on this list, and as a result messages coming in with the same web address would be blocked.  This method typically accounts for less than 1% of our spam blocking capability.

SPF enforcement:  This type of test enforces SPF policies that the remote network has published.  Organizations can publish policies that indicate what email servers are legal for their organization.  This method helps prevent forged messages, as it ensures that only the sending organizations real email servers are sending messages, and not a scammer sending from an un-authorized site on the Internet.  Virus infected email messages often spread through methods that can be blocked if SPF is used. This method accounts for 2.2% of our spam blocking capability.

Bayesian filtering:  Baysian filtering is a method of calculating the content of a message, and based on a series of calculations, a spam likelihood is determined.  The calculation result can be anywhere from 0 to 9 with 9 being most likely to be spam.  Level 9 messages are automatically blocked, and typically this only block image-spam.  Level 6 through 8 is part of the optional filtering that the individual can enable as described below.  This method typically accounts for less than 1% of our spam blocking capability.

	Exchange Antispam Additional Methods Available

UMKC also offers additional Bayesian based spam filtering.  For users willing to check a 'Junk E-Mail' folder periodically for false detections, you may click here to get further instructions on this additional protection method.

	Exchange Antispam Opt-Out

Individuals wishing to Opt-Out of the Antispam filtering system, may do so by sending an email to postmaster@umkc.edu and also to callcenter@umkc.edu . You need to contact both groups, to ensure your request is logged. Once you have opted out, you will not be able to opt back in for at least 2 weeks.