Email Faqs

For Everyone

For Users Sending Email to a Good4Nothin.com User

For Users with a Good4Nothin.com email address

Additional Information

Email Anti-Virus FAQs

 

 

Overview

All entering emails that pass through smtp1.good4nothin.com or its backup are evaluated by filtering software that includes Unsolicited Bulk Email (UBE) countermeasures. UBE is also known as SPAM. Exiting emails are not scanned for spam.

  • Entering emails are primarily emails from non-Good4Nothin.com users to a Good4Nothin.com user.

  • Exiting emails are emails from Good4Nothin.com users addressed to users in other domains.

How it works

As each email message is relayed through smtp1.good4nothin.com it passes though  filtering software. This software runs specific tests. The first of which is several IP address checks. Currently we use the Spamhaus SBL & XBL black lists. These list check for known spammer IP's, open smtp relays, and site that are known to sens exploits via email.
For more information about this list please visit the SPAMHAUS website at http://www.spamhaus.org

Secondly the email's body text is checked against the WS.SURBL.ORG uri blacklist. This list examines the email for known spamertised URLS. 
For more information about this list please visit the SURBL website at http://www.surbl.org

Finally the email is examined by SpamAssassin. Each of the tests it preforms contributes to an overall SPAM score. The higher the score, the more of the individual tests decided that the message was probably SPAM. The SPAM score, and a summary of the individual tests is placed in the headers of the message before it is sent to its destination.

Click here For More information on the Use of SpamAssassin

 

Scoring Thresholds 

We use a five-tiered threshold approach when dealing with emails. The first two tiers are pass/fail tests that are used to immediately stop Known Spammers and Spamvertised content. The final three tiers are scored tests.

Tier One
If the email was sent by an email system that is listed on Spamhaus, it will be REJECTED. 

Tier Two
If the email contains spamvertised content it will be REJECTED.

Tier Three
Emails scoring less than a the "Possible Spam" threshold will be delivered to your Good4Nothin.com  Inbox without any alteration. 

Tier Four
Emails scoring higher than the "Possible Spam" threshold but less than the "High Score" threshold will have *Possible Spam* amended to the Subject line. 

Tier Five
Finally High scores give a high degree of confidence, and we again want to reject those messages on arrival. 

We set a Spamassassin "High Score" that detects a significant amount of spam and an insignificant amount of legitimate mail. Mail scoring above this threshold will be rejected, which means we refuse to take delivery. This results in a bounce message to the sender stating that the message was REFUSED and not delivered.

Test

Action Taken

Summary For Threshold

Check if IP is listed in Spamhaus

 If listed the message is REJECTED

  

Check for spamvertised URLS

If Spamvertised URL exists message is REJECTED

  

If the email passed the previous two tests then it will be examined and scored. 

Score 

Action Taken

Summary For Threshold

4.0 or less 

Messages that score below 4.0 will not be altered

False positives: 0.09%
False negatives: 4.32%

4.1 to 9.99 

Will be logged and  *Possible Spam* will be added to the subject line

NOT AVAILABLE

10.00 and up

Will be REJECTED by our Servers 

False positives:  0.00%
False negatives: 40.45%

Definitions:
False positive means the test said the message was spam, when in reality it wasn't.
A false negative means that the test said a message was not spam, when in reality it was.

Rejected or Refused email

Having Problems emailing us. This may be due to our very strict anti-virus and spam filtering software.
Your valid email might be marked as spam by our filters. If you are sending a non-spam email to our users Feel Free to contact us at
  bogus_emailham-help@site.good4nothin.combogus.br

BE SURE to copy and paste the phrase, shown below,  into the body of the email you are sending. This will allow your email to score lower, thus allowing it to be accepted and delivered to our support Inbox. 

The phrase must be entered EXACTLY as it is shown.

I am not a spammer  :Today's Password is: 546 hfr

Here is a List of invalid email addresses. Any email sent to one of these addresses WILL be REJECTED.
REMOVE "bogus_email" and "bogus.br" these were added to prevent email bit harvesters.

  • bogus_emailInfo@good4nothindotcombogus.br

  • bogus_emailContact@good4nothin.combogus.br

  • bogus_emailHelp@good4nothin.combogus.br

  • bogus_emailAdmin@good4nothin.combogus.br

  • bogus_emailWebmaster@good4nothin.combogus.br

  • bogus_emailHostmaster@good4nothin.combogus.br

  • bogus_emailSales@good4nothin.combogus.br

  • bogus_emailCDSales@good4nothin.combogus.br

  • bogus_emailCD_Sales@good4nothin.combogus.br

  • bogus_emailFrost_203@good4nothin.combogus.br

Here is a List of  Valid email contact addresses.

  • bogus_emailWebmaster@site.good4nothin.combogus.br

  •   bogus_emailham-help@site.good4nothin.combogus.br

  •   bogus_emailham@site.good4nothin.combogus.br

  •   bogus_emailspam@site.good4nothin.combogus.br

 

What should I do?

The end-user is responsible for discarding, or specially sorting messages with a high score. 

If a message marked by the system as SPAM in error, the user should forward the entire message (including the report) to bogus_emailham@site.good4nothin.combogus.br

If a message that the user thinks is SPAM is not marked as such, they should forward the message (including the Headers) to bogus_emailspam@site.good4nothin.combogus.br

Since some of the tests are self-learning, letting the system administrators know about incorrectly classified messages is important.

Why was a message tagged as SPAM?

If you look at the message's full headers you will see a header named X-NAI-Spam-Status. In the tests= section of that header you will see a list of comma separated test names that matched for that email. You can then look up a one line description of those tests at the SpamAssassin Tests page. 


About ten years ago, junk mail was so rare that each case was reported to the administrator of the originating source. They would respond and offending users were asked to stop. As the scale of the problem increased, it became too time consuming to send reports, and likewise we got fewer and fewer responses from the reports we sent. The only effective action was to reject further mail from sources matching the junk mail that was being reported.

To date we have used two approaches to filtering. One is to reject mail from hosts that repeatedly send junk mail. This category can be confirmed from our own system logs and from reports on the Internet. The other approach is to reject mail with detectable forgery in the headers or to match other header characteristics to identify repeat spam, based on user complaints we get. At one time, most junk mail had badly faked header information, but this is no longer true. While both of these methods continue to be useful, a large amount of spam is not caught by either of them.

SpamAssassin provides some relief to the spam problem. This in not a perfect solution but promises to be at least as effective as the manual process. The main function of the program is to score the "spam-ness" of a given mail message. Different actions can then be taken based on this score.

SpamAssassin(tm) is a mail filter to identify spam. Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email. The spam-identification tactics used include:

  • header analysis: spammers use a number of tricks to mask their identities, fool you into thinking they've sent a valid mail [message], or fool you into thinking you must have subscribed at some stage. SpamAssassin tries to spot these.

  • Text analysis: again, spam mails often have a characteristic style (to put it politely), and some characteristic disclaimers and CYA text. SpamAssassin can spot these, too.

Spamassassin runs hundreds of  tests on a message. Each test is weighted with a point value based on analysis of a very large database of email, indicating how often that feature occurs in spam and non-spam. In most cases a feature by itself is not a certain indication of spam. For example, it gives points for features like red text, a link with the words "click here", two exclamation points in the subject, the words "mortgage rates" together, headers claiming to be from yahoo.com on a message not really sent from yahoo, headers claiming to be sent with Outlook but missing a header Outlook always inserts, a link with the words "to be removed", and a Date header in the future. Any of these things might occur in legitimate mail. We would not reject mail based on any one of them. All of them together however suggest spam. Given those features and others, a message may score high enough to be rejected.

We installed Spamassassin on the main mail hosts. It scored messages and logged the score, sender, and subject line of the messages. The data was sorted in score order highest to lowest. The bodies of the messages were not collected, for privacy reasons. However the all too familiar subject lines about mortgages, phone rates, diets, get rich quick schemes, prescription drugs, and pornography all made it very obvious what the messages were. 

For general information about SpamAssassin in visit  http://spamassassin.apache.org/


Results on test corpora at various alternative thresholds:

SUMMARY for threshold -4.0:
Correctly non-spam: 37 0.34%
Correctly spam: 11305 100.00%
False positives: 10867 99.66%
False negatives: 0 0.00%
TCR(l=50): 0.020806 SpamRecall: 100.000% SpamPrec: 50.988%

SUMMARY for threshold -3.0:
Correctly non-spam: 38 0.35%
Correctly spam: 11305 100.00%
False positives: 10866 99.65%
False negatives: 0 0.00%
TCR(l=50): 0.020808 SpamRecall: 100.000% SpamPrec: 50.990%

SUMMARY for threshold -2.0:
Correctly non-spam: 38 0.35%
Correctly spam: 11305 100.00%
False positives: 10866 99.65%
False negatives: 0 0.00%
TCR(l=50): 0.020808 SpamRecall: 100.000% SpamPrec: 50.990%

SUMMARY for threshold -1.0:
Correctly non-spam: 38 0.35%
Correctly spam: 11305 100.00%
False positives: 10866 99.65%
False negatives: 0 0.00%
TCR(l=50): 0.020808 SpamRecall: 100.000% SpamPrec: 50.990%

SUMMARY for threshold 1.0:
Correctly non-spam: 10634 97.52%
Correctly spam: 11054 97.78%
False positives: 270 2.48%
False negatives: 251 2.22%
TCR(l=50): 0.822122 SpamRecall: 97.780% SpamPrec: 97.616%

SUMMARY for threshold 2.0:
Correctly non-spam: 10770 98.77%
Correctly spam: 10978 97.11%
False positives: 134 1.23%
False negatives: 327 2.89%
TCR(l=50): 1.608795 SpamRecall: 97.107% SpamPrec: 98.794%

SUMMARY for threshold 3.0:
Correctly non-spam: 10854 99.54%
Correctly spam: 10913 96.53%
False positives: 50 0.46%
False negatives: 392 3.47%
TCR(l=50): 3.909059 SpamRecall: 96.533% SpamPrec: 99.544%

SUMMARY for threshold 4.0:
Correctly non-spam: 10894 99.91%
Correctly spam: 10817 95.68%
False positives: 10 0.09%
False negatives: 488 4.32%
TCR(l=50): 11.442308 SpamRecall: 95.683% SpamPrec: 99.908%

SUMMARY for threshold 4.5:
Correctly non-spam: 10894 99.91%
Correctly spam: 10704 94.68%
False positives: 10 0.09%
False negatives: 601 5.32%
TCR(l=50): 10.267938 SpamRecall: 94.684% SpamPrec: 99.907%

SUMMARY for threshold 5.0:
Correctly non-spam: 10902 99.98%
Correctly spam: 10649 94.20%
False positives: 2 0.02%
False negatives: 656 5.80%
TCR(l=50): 14.953704 SpamRecall: 94.197% SpamPrec: 99.981%

SUMMARY for threshold 5.5:
Correctly non-spam: 10902 99.98%
Correctly spam: 9579 84.73%
False positives: 2 0.02%
False negatives: 1726 15.27%
TCR(l=50): 6.191128 SpamRecall: 84.732% SpamPrec: 99.979%

SUMMARY for threshold 6.0:
Correctly non-spam: 10903 99.99%
Correctly spam: 9531 84.31%
False positives: 1 0.01%
False negatives: 1774 15.69%
TCR(l=50): 6.197917 SpamRecall: 84.308% SpamPrec: 99.990%

SUMMARY for threshold 6.5:
Correctly non-spam: 10903 99.99%
Correctly spam: 9215 81.51%
False positives: 1 0.01%
False negatives: 2090 18.49%
TCR(l=50): 5.282710 SpamRecall: 81.513% SpamPrec: 99.989%

SUMMARY for threshold 7.0:
Correctly non-spam: 10904 100.00%
Correctly spam: 9072 80.25%
False positives: 0 0.00%
False negatives: 2233 19.75%
TCR(l=50): 5.062696 SpamRecall: 80.248% SpamPrec: 100.000%
SUMMARY for threshold 8.0:
Correctly non-spam: 10904 100.00%
Correctly spam: 8497 75.16%
False positives: 0 0.00%
False negatives: 2808 24.84%
TCR(l=50): 4.025997 SpamRecall: 75.161% SpamPrec: 100.000%

SUMMARY for threshold 9.0:
Correctly non-spam: 10904 100.00%
Correctly spam: 7669 67.84%
False positives: 0 0.00%
False negatives: 3636 32.16%
TCR(l=50): 3.109186 SpamRecall: 67.837% SpamPrec: 100.000%

SUMMARY for threshold 10.0:
Correctly non-spam: 10904 100.00%
Correctly spam: 6732 59.55%
False positives: 0 0.00%
False negatives: 4573 40.45%
TCR(l=50): 2.472119 SpamRecall: 59.549% SpamPrec: 100.000%

SUMMARY for threshold 12.0:
Correctly non-spam: 10904 100.00%
Correctly spam: 5777 51.10%
False positives: 0 0.00%
False negatives: 5528 48.90%
TCR(l=50): 2.045043 SpamRecall: 51.101% SpamPrec: 100.000%

SUMMARY for threshold 15.0:
Correctly non-spam: 10904 100.00%
Correctly spam: 3708 32.80%
False positives: 0 0.00%
False negatives: 7597 67.20%
TCR(l=50): 1.488087 SpamRecall: 32.800% SpamPrec: 100.000%

SUMMARY for threshold 17.0:
Correctly non-spam: 10904 100.00%
Correctly spam: 2883 25.50%
False positives: 0 0.00%
False negatives: 8422 74.50%
TCR(l=50): 1.342318 SpamRecall: 25.502% SpamPrec: 100.000%

Here at Good4Nothin' we want to do everything we can to make your Internet experience as safe and as enjoyable as possible. To that end, one thing we do is scan all mail that passes through our servers for hidden viruses. We've done our best to answer any questions you may have below. If you don't find your answer here, though, please contact our Technical Support and we'll be happy to assist you.

:QUESTIONS:

  1. I got a message that sent me here. What does it mean?

  2. What is a computer virus?

  3. Do viruses only come from email attachments?

  4. What do you do when you find a virus?

  5. Why don't you clean the message and deliver it?

  6. Shouldn't you warn the sender about the virus?

  7. Why don't you let me do my own filtering?

  8. How often do you update your virus tests?

  9. Email Spam Scoring FAQs

:ANSWERS:

  1.   I got a message that sent me here. What does it mean?
    Either you received or sent an email that was "infected" with a computer virus. Good4Nothin's virus scanner blocked it and sent you a notice about what happened. If you recognize the sender or recipient, we recommend that you contact the person to inform them of the virus. It's possible that he or she is unaware of the problem. The notice you received includes a section with some header information from the blocked message which may be useful in tracking down the source of the virus:

    Date: When the virus was detected.
    Sender: The original sender of the infected email. Note that some viruses forge the "From" header when they send mail, so this is our best guess at who it really came from.
    Subject: The subject of the infected email.
    Virus name: The name of the virus signature that was caught by our scanner.

  2. What is a computer virus?
    Similar to getting sick in the real world, here in our virtual world you can come down with a bug. A computer can become infected with hidden code that attaches itself to other programs and then duplicates itself whenever those programs are run. We call this a computer virus, and they are spread in many ways. Over the last decade, they have become most widespread by making use of email programs to send themselves to everyone in a computer's address book.

  3. Do viruses only come from email attachments?
    Most viruses are transmitted via attachments to email messages. These attachments are usually executable files which can wreak havoc of all kinds if double clicked or otherwise run on your computer. However, this is not always the case and nowadays some viruses can replicate themselves by automatically creating and sending new email messages that contain binary code directly in the body of the message, not as an attachment. Your computer can become infected by such viruses just by reading the email. Other viruses are distributed through macros used by such programs as Microsoft Word or Outlook.

  4. What do you do when you find a virus?
    In short, we quarantine the email, log it and notify the recipient that he missed a message because it was infected.

  5. Why don't you clean the message and deliver it?
    Sanitizing a virus-infected message and delivering what's left forces us to act on too many unsafe assumptions. There's no guarantee that the original message has any valuable content. Actually, it seems more likely that the entire message would have been forged by the virus so there wouldn't be anything worth sending once the virus is removed. The process of removing the virus could also ruin the integrity of the original message, and we don't want to risk damaging your email.

    We've decided that the safest, most reliable, least intrusive course of action is simply to stop the virus from spreading across the Internet as soon as we see it and to alert you about it. We suggest that if you get a notice about receiving an infected message, you should contact the sender and tell them what happened. Help them track down the source of the virus and ask them to resend the message once their system has been cleaned.

  6. Shouldn't you warn the sender about the virus?
    Because viruses can duplicate and spread so quickly, and often fake their sending email addresses, we can't alert every infected email sender that they've passed a virus our way. To do so could easily overwhelm the sender with mail about virus alerts, which would only escalate the problem for them, as well as fill our own outgoing queues with undeliverable mail to all those forged sender addresses. So we just quarantine virus-infected messages when we see them and notify the recipients that they missed a message from someone because it was infected. That way the recipients are protected from the virus but they know that someone may have been trying to communicate with them.

  7. Why don't you let me do my own filtering?
    Antivirus checks are just as important for our own computers as they are for yours. When widespread viruses flood the Internet, we need to stop them as soon as possible, before they can fill your mailboxes to overflowing with infected messages. To make sure your legitimate email is always delivered as quickly and as safely as possible, we must do our part to make sure the bogus stuff doesn't get spread across the 'Net.

    We do recommend that you purchase and install an antivirus program for your own computer, though, then use it regularly to scan your entire computer for infections. Our scanners only search email that goes through good4nothin.com, but viruses can be spread through other mailboxes that you may use or by means other than email. Even then, there are always new forms of viruses and it's safer to have more than one kind of program keeping guard for you.

  8. How often do you update your virus tests?
    Virus scanners use a "signature database" with a list of patterns that uniquely identify viruses. Our scanners update their databases every night to keep up with the latest knowledge on possible infections.