E-mail SPAM Filter Guide - Helpful Definitions

CanIt:

Is extra software built on top of MIMEDefang which provides sophisticated SPAM-management functions.

CanIt-PRO:

Is an enhanced version of CanIt which allows flexible delegation of SPAM-control responsibilities rather than requiring a single SPAM-control officer.

Milter:

A Sendmail interface which allows external programs to listen in on the SMTP dialog, and potentially modify Sendmail's actions and SMTP responses.

MIMEDefang:

A free (GPL'd) E-mail scanning program which integrates with Sendmail's Milter API. It forms the basis for CanIt.

Permanent Failure Code:

Also called reject, this is a code sent to a relay Host telling it that E-mail transmission has failed and will not succeed. (For example, this code is sent if someone tries to send E-mail to a nonexistent user.) The relay Host typically E-mails a failure notification to the original sender and discards the message.

Quarantine:

In CanIt-PRO, a quarantined message is copied to a special directory on the file system, usually accessible only to a person with root access on the CanIt-PRO machine. Quarantining messages may be useful for forensic purposes.

Relay Host:

When a mail server wishes to transmit E-mail to your server using SMTP, it establishes a connection with your mail server. The machine attempting to transmit mail to your server is called a relay Host.

RPTN:

Is the Roaring Penguin Training Network. This is a system whereby multiple CanIt-PRO installations can share Bayes training data.

Sender:

This is the E-mail address of the person sending a message as given in the SMTP dialog. It may not necessarily be the same as the E-mail address in the message's From: header. This is sometimes called the envelope sender address.

Sender's Domain:

This is the Domain part (everything after the @ sign) in the sender's E-mail address.

SMTP:

"Simple Mail Transfer Protocol", as described in Internet RFC 2821. This is the protocol used to transmit E-mail over the Internet.

SMTP Dialog:

During the course of E-mail transmission, the two ends of an SMTP connection transmit commands and results back and forth. This conversation is called the SMTP dialog.

SPF:

Stands for "Sender Policy Framework". It is a mechanism that allows a Domain's administrator to list which Hosts are allowed to originate E-mail claiming to come from that Domain. For more details, please see http://spf.pobox.com.

Stream:

Is a "virtual CanIt" machine offered by CanIt-PRO. If an incoming E-mail arrives for more than one recipient, and the recipients each wish to have his or her own private SPAM trap, CanIt-PRO E-mails the original message so each recipient has his or her own copy, and can dispatch it as he or she sees fit. For every user, a "home stream" is defined. This home stream is normally the same as the user's login name, but can be changed by the administrator. Other streams can be created manually to handle mailing lists or group departmental mail into a single stream.

Temporary Failure Code:

Also called tempfail, this is a code sent to a relay Host telling it that E-mail transmission has failed temporarily, and it should retry in a little while. Typically, the relay Host retains the E-mail message in a spool directory and retries transmission periodically. The Host eventually gives up after a certain period (typically, a few days) has elapsed without successful transmission.