Protection against dangerous or unsolicited e-mail with DFN-Mailsupport

The task of e-mail servers is to deliver messages reliably to the addressed recipients. However, since many e-mails are sent with dangerous, dubious or other unwanted content, the detection, and rejection of such unwelcome messages is almost the main task of these servers nowadays. We aim to ensure that all legitimate e-mails are delivered and, if possible, all unwanted e-mails are rejected.

Until November 2021, the URZ implemented this protection for the TU Chemnitz via self-operated mail relay servers: Every email that was send from the internet to recipients at the university was checked for harmful or unwanted content (spam). In addition to the usual procedures (DNS block lists, greylisting, anti-virus software, SpamAssassin), we also used a product for classifying e-mails. Unfortunately, we did not succeed in concluding an acceptable order processing contract with the manufacturer of this product, in which the processing of personal data in e-mails is obligatorily regulated. Therefore, we searched for another solution and chose DFN-Mailsupport as our new spam protection service provider. You can find more information about this change on our DFN-Mailsupport website.

The effectiveness of a protection against spam can only be determined in real operation. Since this service is used by many German universities and performs advanced checks for spam characteristics, we were convinced that we would still achieve good protection. In fact, many unwanted e-mails are rejected by the protection procedures. In the diagram, you can see that about two thirds of the e-mails addressed to us are rejected – only the number shown in green passes through:

Graph of accepted and rejected emails from May to June 2022
Graph of accepted and rejected emails from May to June 2022

In practice, however, it occurs that we still receive spam mails. The experiences are very different. While many recipients continue to be hardly bothered by spam, others moan because they receive many unpleasant messages, especially over the weekend. Unfortunately, these also include so-called phishing e-mails, which ask you to enter personal data such as log-in codes, passwords or PINs on other people’s websites. Please read our website “Phishing: Attempted data theft by e-mail” for further information on this problem.

At the end of May/beginning of June, DFN-Mailsupport mistakenly rejected some legitimate e-mails as spam. This was very annoying because it prevented the usual communication. We were able to solve this problem with our colleagues at DFN-Mailsupport. Nevertheless, the question remains as to how we can improve the situation.

DFN-Mailsupport uses, among other things, statistical detections for spam detection. These can be trained: Which contents are unwanted, which are wanted. If you send us unwanted and also good e-mails (we absolutely have to train wanted e-mails as well), we will use them to train the filters at DFN-Mailsupport. To do this, send the complete e-mail to postmaster@tu-chemnitz.de. Read the article “Completely forwarding an email” to find out how to do this. We hope this will lead to filters which recognise and reject e-mails with similar content in the future. In persistent cases, we can also reject sender addresses or unique identifiers.

Of course, there are also e-mails for which an automatic machine cannot decide for sure whether they are spam or not – in the diagram above, this is the small yellow number “passed spammy”. The checks and evaluations at DFN-Mailsupport are transmitted in the (usually not displayed) header:

X-Spam-Score: 3.475
X-Spam-Level: ***

The header X-Spam-Status: contains further details for those interested. You can view these lines with the mail programme function “Show source code”. As a recipient, you can use these entries to create a filter and move e-mails with more than “6 spam points” to a folder for suspected spam. Read how to create such a filter for webmail.

Leave a Reply