Using the UNT IronPort SPAM Appliance - spam.unt.edu

On November 13, 2007, UNT implemented an IronPort network appliance to reduce the number of unsolicited email, or SPAM, entering the campus mail system. This document explains how to:

• Login to the system
• Check for quarantined messages
• Release legitimate messages
• Manage your Safelist
• Manage your Blocklist
• Log Out of the system
• Report a SPAM or fraudulent (phishing attack) message

Messages are deleted from quarantine after 15 days and are unrecoverable. Checking your quarantine should become part of your regular routine to lower the risk of losing important messages.

Login to the System

1. Browse to http://spam.unt.edu/ from your favorite web browser. Enter your EUID in the Username field and your associated password in the Password field then click Login. Forgot your EUID or password?
   
   
   

Managing Your Quarantined Messages

As in the old SPAM system, highly suspect mail is automatically eliminated. Messages quarantined as possible SPAM reside in quarantine until you release them, delete them or they reach 15 days old and are purged by the system. Once you delete a message from quarantine, or it is expired after 15 days, that message is unrecoverable. You should login to http://spam.unt.edu/ periodically so legitimate messages are not purged from your quarantine.

1. Follow the steps outlined in Login to the System.
2. Messages tagged as SPAM start out in your quarantine. By default, the interface displays 25 messages at a time which you can change. From this interface you can select individual messages, or "block select" all displayed messages (click the check-box next to the From header), to act on. The limited characters in the Subject field is by design; this keeps spammers from getting their message through in the subject. You can hover your mouse over a subject to see the full subject line.
   
   
   
3. There are two options for releasing messages from your quarantine. You can release a message and only that message will be forwarded to your mailbox. You can also Release and Add to Safelist which releases that message to your mailbox and adds that email address to your Safelist. You can also Delete the selected messages.
   
   
   
4. Be sure to Log Out of the system when you are finished.

Manage Your Safelist and Blocklist

If you know specific addresses that caused you problems in the past by either being wrongly tagged or not properly tagged, these would be good candidates for your Safelist and Blocklist respectively. Your Safelist and Blocklist items are applied in addition to the system rules. If you have an address in your Safelist it will be honored above the priority of the global system settings and likewise for your Blocklist.

1. Follow the steps outlined in Login to the System.
2. The Options menu in the upper-right of the screen allows you to choose your Safelist or Blocklist to manage.
   
   
   
3. Choose Safelist or Blocklist from the menu to show its contents; by default both lists start out empty as all filtering is done system-wide. Changes to your personal Safelist and Blocklist are applied in addition to the global settings. The image below shows the zobh.com domain added to a Blocklist. You can use the examples provided in the interface to block or allow entire domains or just select addresses. You can remove an entry by clicking the trashcan icon to the right of the entry.
   
   
   
4. Be sure to Log Out of the system when you are finished.

Log Out of the System

1. Be sure to Log Out of the system from the Options menu in the upper-right of the screen when you are finished.
   
   
   

Report a SPAM or Fraudulent Message

Occasionally, SPAM and fraudulent email get past the IronPort appliance. You should follow the steps below to improve filtering/protection for yourself and everyone in the world who uses the same spam catching solution (IronPort).

1. If you previously subscribed to a mailing list or otherwise authorized the contact, then you must first try unsubscribing via the sender's web site or other mechanism (mailist list unsubscribe).
2. If you receive an advertisement for a company you've never done business with, this is valid SPAM and should likely be reported.
3. If the email is spam and/or fraudulent:
   1. Forward the message as an attachment:
      
      • Outlook key stroke method: With the email selected or viewed, press: Ctrl+Alt+F
      • Outlook drag-and-drop method: Start a new email to one of the addresses below and drag-and-drop the suspect email to the new message.
   2. Specify appropriate recipients:
      • If you are not a victim (no current or likely damages), address the email to: spam@access.ironport.com
      • If you are a victim (e.g., you emailed your login ID and/or password or entered it into a non-UNT Web site or lost money in a scam), then address the mail to: spam@access.ironport.com, security@unt.edu, postmaster@mail.cas.unt.edu. Please include information regarding how and when you responded to the email message.

Resources

• Forgot your EUID or password?
• The Help -> Online Help menu has more detail on some of the topics covered in this document.
• Read the INhouse article New anti-spam software to reduce number of "bulk" messages
• Email the CAS Postmaster a question

College of Arts and Sciences
Information Technology Services


Mailing Address:
UNT CAS Information Technology Services
1155 Union Circle #305189
Denton, Texas 76203-5017

Shipping Address:
UNT CAS Information Technology Services
225 Avenue B, General Academic Bldg. Suite 313
Denton, Texas 76203-5017

E-mail: cascss@unt.edu