jwSpamSpy 11.0910 Release notes (2011-09-10) |
Unlike some other filter software, it takes its decision to reject or not reject mails based on multiple factors. No single problem will lead to mail being discarded, avoiding "false positives" quite common in other filtering strategies.
jwSpamSpy does not require a high end computer to work well. The following is required:
jwSpamSpy reads ISP mailboxes much the same way an email program does. It optionally deletes mails recognized as spam or viruses, after saving a copy in a local folder on your hard disk. All mails not identified as spam can then be moved to a mailbox provided by jwSpamSpy on the local harddisk. Your mail client can pick up spam-free mail from this mailbox by accessing a local server address instead of the mail server of the ISP or of your company.
Mails match some patterns found in spam but enough for jwSpamSpy to be sure it's spam will be delivered, but only as an attachment to a special notification message which you can manually inspect and retrieve if it looks OK to you. If a valid email is flagged as suspicious, please "Tools | Email addresses | Whitelist" to whitelist the sender address.
Filtered mail for every mail account is saved on your hard disk where it can be retrieved any time. See "What happens to mail filtered as spam?" in the FAQ.
jwSpamspy offers three different ways of taking care of spam, manual, automatic and remote mode. Your mail client can either alternate with jwSpamSpy in accessing the mailbox (Remote Mode), or it can access the mailbox with jwSpamSpy acting as a go-between (Automatic or Manual Mode). You choose between Remote Mode and the other modes at install time but you can switch between Manual and Automatic mode any time by right-clicking on the system tray icon to bring up the jwSpamSpy tray menu.
You can configure jwSpamSpy for multiple mailboxes. Each mailbox has a name such as jane.doe@myisp.com. Here are sample values for one such mailbox:
System requirements
In general, if you were able to configure email on your computer, you should be able to install jwSpamSpy :-)
The oldest computer jwSpamSpy was tested on here was a 166 MHz Pentium with 32 MB of RAM and a 2 GB hard disk running Windows NT 4.0. It worked just fine.
AOL, Juno, Hotmail and IMAP are not supported at this time
How does jwSpamSpy work?
Before mail reaches you computer it is stored in a mailbox on a central server at your ISP or your company, from where your mail client (an email application such as Outlook Express, Netscape Communicator, Eudora, etc) picks it up. jwSpamSpy inserts itself between the ISP server and your mail client, acting as a mail client to the ISP mail server, and as a mail server to your mail client.
Setting up mailboxes
To allow jwSpamSpy to filter spam, it needs to be able to access your mailboxes. For that it needs information such as the name of the POP3-server, the user name assigned to you by your ISP, and the password for the mailbox. If you use Microsoft Outlook Express then jwSpamSpy can automatically import those settings from your email client. For other mail clients you need to enter those details manually.
Value |
Example | Description |
Server |
mail.myisp.com pop.myisp.com | Use the same POP3-server as set in your email application when first installing jwSpamSpy. If you use Automatic or Manual mode, change the POP3-server of your email application to 127.0.0.1, while setting jwSpamSpy to the real value. If you import Outlook Express settings, jwSpamSpy can make this change for you. |
User | jane.doe | Use the same user name as set in your email application when first installing jwSpamSpy. If you use Automatic or Manual mode with more than one mailbox, change the user name of your email application to the name of the mailbox (e.g. jane.doe@myisp.com). This prevents confusion if you have multiple accounts with the same user name at different providers (e.g. jane.doe@myisp.com and jane.doe@anotherprovider.com). |
Port | 110 | You can leave this blank or 0 unless your ISP mailbox requires a value other than the default of 110. Some mailservers requires a secure connection (SSL) using port 995. Contact us for further instructions if this is the case with your server. |
Disabled | 0 | Setting this entry to a non-zero value will cause jwSpamSpy to not check this mailbox unless specifically told to do so in Manual Mode or Remote Mode. |
Honeypot | 0 | See here for more information about this setting. Normally you would leave this blank or 0. |
Password | 25-S3cr3t-36 | This is the password required to open your mailbox. In Automatic or Manual mode, if you leave this blank then jwSpamSpy will pick up the password from your email application next time you check for email. For security reasons the password is not stored in a file readable over a network. Instead it is scrambled and stored in the Windows Registry, an internal database used by the operating system. |
Automatic mode vs. Manual mode vs. Remote mode
Remote Mode | Manual Mode | Automatic Mode |
|
|
|
|
Remote mode only: Once you have used the "Delete Spam" function in jwSpamSpy to remove spams from your mailbox, you can tell your mail client to pick up mail. After your mail client has finished picking up mail, you can check for spam again.
For remote mode, make sure that jwSpamSpy and your Email program do not access the mailbox at the same time. For example, if you leave Outlook Express up while running jwSpamSpy to filter, make sure in Tools / Option / General in Outlook Express the following setting is not checked: "Check for new messages every [30] minutes". Also, we recommend that you uncheck the "Send and receive messages at startup" option in the same menu. Use Tools / Send and Receive in Outlook Express instead to explicity tell OE to look for mail. You do not have to worry about these options in automatic or manual mode.
Note that in Remote Mode jwSpamSpy can not prevent new spams from entering the mailbox between starting the spam check and starting the mail client. There is a small possibility that you will still see one or two spams slip into your inbox even when you've cleaned everything before. This is not a problem in Automatic or Manual Mode.
Manual and Automatic modes: You can change between manual and automatic mode by clicking on the jwSpamSpy icon in the system tray notification area with your right mouse button and selecting "Enable automatic filtering" or "Filter manually".
Opening the main dialog of jwSpamSpy does not change between manual or automatic mode, but automatic mode mail pickup and filtering is suspended while the dialog is up. Automatic mode only applies when the dialog is not up. When you close the dialog, normal filtering resumes.
If you unload the system tray application by clicking "Exit" in the tray menu, jwSpamSpy will become effectively disabled. We do not recommend you do this, unless instructed by our technical support. Any mails picked up by jwSpamSpy in automatic or manual mode but not received by the email application will be temporarily unavailable while the tray application is not running. In that case you may see some error messages when trying to check for mail from your mail client. When you reboot the system or log off and log on again, the system tray application reverts back to whatever mode was last active and the mails will be accessible again.
Key | Explanation |
[janedoe@myisp.com - 2003-12-12 15:37:19]: | Name of the mailbox and the time/date when it was checked (this information is also saved in a file called bl\connect.txt). |
001: | Position within the mailbox - this spam was the first of at least six messages in the mailbox |
[100 Reason1Reason2] | Spam rating and reasons for awarding spam points (see below) |
"A. Name" <sender@domain.com> | Sender name and address specified in email header (may be fake) |
Buy V1AGRA! | Subject line specified in email header (may be offensive) |
#### | Mail did not receive enough points to make it certain spam (we think it's spam but we may be wrong) |
### | Mail definitely is spam, but there were no more than three reasons that contributed |
## | Mail definitely is spam, but there were no more than four reasons that contributed |
# | Mail definitely is spam, but there were no more than five reasons that contributed |
+++ | Mail probably or definitely is spam, but we could not decide on that just by looking at the header. We had to look at the body of the message too. |
Ccbl:cn, Ccbl:br, Ccbl:ar, Ccbl:mx, Ccbl:lac | Mail was sent via a server located in China, Brazil, Argentina, Mexiko or other Latin America / Caribbean countries |
Ccbl:419, Ccbl:ng, Ccbl:ci, Ccbl:za | Mail was sent via a network provider frequently used by "419" fraudsters ("Nigerian scam") or located in Nigeria, Cote d'Ivoire or South Africa |
Sdbl | The domain name of the sender belongs to a spammer |
Sabl | The sender email address belongs to a spammer |
Bulk | The mail was sent using a bulk-mail program used by spammers |
Dbl | The body of the mail contained a domain name used by a spammer |
Nigeria | Content and source suggest this is a "419" scam email |
Virus, Virus:swen, Virus:warn | The message appears to be a virus (either generically or identified as a specific type) or a meaningless virus warning sent to the wrong address |
If the rating is "100" and it is not followed by any ###s then there were at least six reasons that made it look like spam.
jwSpamSpy offers several filter levels. A setting of "100%" (the default) should result in only those mails getting deleted that jwSpamSpy is certain of being spam. In our experience, it will allow a small fraction (maybe 2%) of spams to slip through the cracks and land in your inbox, with practically no false positives (i.e. non spam being mistaken for spams). Most of the spams that pass at this setting will be tagged, i.e. forwarded as an attachment to a warning message.
On the other hand, a setting of "50%" will reduce the fairly low false negative rate (spams being let through) even further, but occasionally catches non-spam. For novices, we therefore recommend the safer "100%" setting. If you use the 50% setting, you should once click "Preview" before using "Delete Spam", or whitelist important senders to ensure there are no false positives (for example, a non-spam mail achieving a very suspicious but uncertain score of 51%).
To create a scheduled job for preview or delete, select the following command in Windows 2000 or XP: Start / Accessories / System Tools / Scheduled Tasks. Choose Add Scheduled Task. Click Next. Select jwSpamSpy.exe. Click Next. Assign a descriptive name for the task, such as jwSpamSpy - morning cleanup and choose Daily or When my computer starts as the schedule. For a daily cleanup, specify a suitable time, such as 07:30 or whatever leaves enough time to clean before you first use your computer. Supply your user name and login password as necessary. Click Finish and you're done. Leave your computer on or start it on a timer switch and the following morning most spams will be gone before you start work. Do not use the scheduler with jwSpamSpy in automatic mode, as the system tray application will schedule when to delete spam instead.
With scheduled spam deleting or in automatic mode, you can go away for the weekend or on holidays without ever having to worry about spam or bulky viruses overflowing your mailbox.
Subscribing to this mailing list is a two-step process:
Even if you don't subscribe to this list, jwSpamSpy will be able to identify most spam domains by itself. In fact, that's how most additions on this list get produced, by jwSpamSpy filtering our own mailboxes. However, identifying new spam domains can slow down the filtering process a little and jwSpamSpy by itself does not catch 100% of all spam domains. That's why using DBL-Update is a benefit.
Use "Add mailbox" to enter the details (server, user name, password, etc.), setting it's "honeypot bias" value to 100. Any mail sent to that mailbox will be subjected to the utmost scrutiny and will be deleted unless sent by a whitelisted sender. Any spam sent to this mailbox that advertizes spam domains will have a very good chance of these domains being added to the blacklist database on your hard disk. That in turn will help catch similar messages sent to regular mailboxes. When jwSpamSpy checks all mailboxes, it checks honeytrap mailboxes (Bias=100) first, followed by any other mailboxes with a non-zero bias. Mailboxes without any bias (Bias=0) will be checked last. Therefore, you should assign a bias of 0 to normal mailboxes, a small bias to less frequently used mailboxes (we suggest 1 or another single digit number) and a bias of 100 to mailboxes where nothing but spam is expected.
You can attract spam into the spamtrap by posting to a newsgroup such as alt.test with that address or, if you don't mind the little extra traffic every day, by subscribing to a spam mailing list. Send email (from the honeytrap account, not your regular mail account!) to majordomo@pcfan24.de with an arbitray Subject (it's ignored) and the following text in the message body:
A future version of the product will be more configurable, but for the time being, we're putting your safety first!
Filter threshold levels
Command line mode (in Remote or Manual Mode)
You can automatically invoke jwSpamSpy from a scheduler and use a command line switch to tell it what to do. That way you can have it clean up your mailboxes before you start using your computer. The available command lines are:
jwSpamSpy.exe preview
All three options will start the application and access the mailboxes using the current settings (specified / all mailboxes, 50/67/100% threshold).
jwSpamSpy.exe delete
jwSpamSpy.exe pickup
DBL-Update subscription
Domain name blacklists are recognized to be the most efficient way of filtering spam. Since early January 2004 we have been publishing additions to our blacklists via DBL-Update, a mailing list created specifically for this purpose. If a mailbox protected by jwSpamSpy is subscribed to this service then any published updates to our global blacklist will automatically be picked up by your copy of jwSpamSpy. If later you receive a spam advertising one of those domains, you will be fully protected.
That's it. Once a day you'll get a list of new spammer domains and you never even have to look at them. You can set up your email program to move those messages to a special folder or even to delete them after it's downloaded them. The act of downloading them is all that jwSpamSpy needs.
Honey traps and the "honeypot bias" setting
If you have a mailbox available that is not used for any sensible email, you can use it to enhance the spam recognition rate. Here is how:
subscribe spam-pcfan24-de
You will be sent a confirmation mail to verify the subscription. Send it back and your spamtrap is ready to get spammed, training the filter.
Virus filtering
jwSpamSpy will protect you from common harmful computer viruses such as Netsky, Sober, Swen, Dumaru and Klez in their various variants. Its filtering is more generic than custom virus filter software. As a result, jwSpamSpy will catch most new variants of viruses without requiring a software update, but under certain circumstances it may also reject some mails that are benign, if they carry an attachment that appears to be a medium sized DOS or Windows program or ZIP-file. Very large attachments (more than 300 KB) such as self-extracting executable archives will be let through. Smaller executable files need to be packed into a .ZIP file using an archiver such as WinZIP or WinRAR or they may be intercepted, depending on the mail application used to send them. Other files such as text files and pictures, etc. are always safe.
Automatic updates
When the a registered copy of jwSpamSpy goes online to check for email, it will periodically also check our website to see if new versions of jwSpamSpy are available. If an updated version is found, it will be downloaded to a folder on the hard disk. Next time you restart your computer, jwSpamSpy will find the updated version and will offer you to upgrade. You do not have to upgrade every time a new version becomes available, but we do recommend it. New versions will provide protection against newer types of spams or viruses not detected by old versions, or will avoid filtering some legitimate mail that might have been flagged as spam by older versions.
How to uninstall jwSpamSpy
If for any reason you want to remove our product from your computer, you can use the uninstaller for the product in the Windows Control panel, as with most other Windows programs:
Any data files left at C:\Program Files\JoeWein\SpamSpy or any other folder into which you installed the product can be safely deleted. Note that if you manually changed mail settings for Outlook Express or any other email program you may be using, you'll have to change them back to the defaults for your Internet service provider.
Contact us:
Joe Wein <support@jwspamspy.com>
http://www.jwSpamSpy.com/