Information Technology Services - Computing, Networking and Storage
print this page   email this page

Frequently Asked Questions: BrightMail AntiSpam

Q: What is the Brightmail Antispam solution, and what does it mean to me?

A: In response to the increasing problems related to spam at USC, ITS has implemented a solution known as Brightmail AntiSpam from Symantec. Brightmail functions by scanning all incoming email and tags any messages determined to be spam in a way that makes it easy for users to filter these messages.

Q: What exactly is spam?

A: Different organizations classify spam in different ways. At USC, we consider spam to be unsolicited email messages, often from illegitimate email addresses, advertising products or services. Bulk email messages sent through university departments as announcements or informational messages are not considered spam.

Q: What if I already have an antispam solution or I want to deal with spam in my own way?

A: ITS understands that users prefer to handle spam in different ways. For this reason, the Brightmail system is set up to merely tag the messages it identifies as spam. Users are then free to handle the messages however they wish, including filtering them for immediate deletion.

Q: How exactly are potential spam messages tagged?

A: Any messages found to be spam are tagged in two ways. The first way adds the text << SPAM? >> to the beginning of the email Subject line. This allows for easy filtering of messages by the message subject and serves as a good visual marker when browsing email.

The second method adds a line to the message header that reads x-uscspam:spam?. This tag is not immediately visible to the general user and functions to allow server-side filtering by departmental hosts that want to deal with the spam before it reaches their users.

Q: What do I do with messages tagged as spam?

A: ITS has set up the Brightmail Antispam solution to allow the user to choose how to deal with spam. Because we have set up the system to identify potential spam with a tag in the Subject line of the message, you can filter these messages in any way you want. You can choose to set up a filter to move the tagged messages to a folder of your choosing for review or to delete the messages automatically.

You also have the option to have the messages deleted once they are 14 days old if you create a folder in your USC Web Mail account called JunkMail, spelled and capitalized just like that, and filter the messages to that folder. The system will automatically delete any messages over 14 days old from within a folder called JunkMail, if a folder with that exact name is found.

More information about USC Web Mail can be found at the USC Web Mail documentation page. More information about how to set up spam filters can be found at the Brightmail Filters page.

Q: Do I have to worry about legitimate email messages' being tagged as spam?

A: Due to the regularly changing content of spam messages, any antispam solution may misidentify a legitimate email as spam. However, Brightmail claims a very low number of false-positive results. Both Brightmail and ITS are working to ensure that false-positive results happen as rarely as possible.

If you are concerned about the possibility that real mail will be tagged as spam, ITS recommends that you filter email tagged as spam into a folder rather than immediately deleting.

If you do find that a real message has been tagged as spam, please visit our Reporting False Spam page for information on how to report the message so that both ITS and Brightmail can examine the message.

Q: What happens if I am still getting spam, can anything be done?

A: Because the content of spam constantly changes, it is possible for spam to pass through a filter system undetected. There is no filter system that can guarantee 100% successful spam identification.

Both USC and Brightmail are striving to establish a very high success rate for spam identification. If you receive a spam message that was not tagged as spam by the Brightmail system, you can report the message, and we will work with Brightmail to find out why it was not tagged. To report a missed spam message, please read the documentation located on our Missed Spam page. Due to the nature of the system, you only have 24 hours from the time you receive the spam to report it to ITS.

Q: Does ITS filter outgoing mail for spam as it does incoming?

A: Yes, ITS filters outbound messages and tags suspect messages spam, just as it does for inbound messages. ITS also blocks machines at the network-connection level that are observed to be sending messages in large volumes.