See the General Spam FAQ section for more helpful tips and suggestions
How to Include All Headers in a Spam Report
What Is a Full Header and Why Is It Useful?
Email headers enable you to track where on the Internet an email originated. Because it is easy to forge an email address, it is important to use full headers to determine the "true" point of origin of an email.
What Does a Full Header Look Like?
Delivery-date: Fri, 23 May 1997 20:55:53 +0100
Received: from puccini.ucc.hull.ac.uk [22.214.171.124] by adelphi.ucc.hull.ac.uk
with esmtp (Exim 1.60 #1)
id 0wV0RN-0006W3-00; Fri, 23 May 1997 20:55:53 +0100
Received: from mail.net1plus.com (actually host MAIL.CMSCOMMUNICATION.COM)
by puccini.ucc.hull.ac.uk with ESMTP; Fri, 23 May 1997 20:55:47 +0100
Received: from [126.96.36.199] ([188.8.131.52]) by mail.net1plus.com
(Post.Office MTA v3.0 release
0122 ID# 0-34465U2500L250S0) with SMTP id ADL167; Fri, 23 May 1997
Received: from email@example.com by firstname.lastname@example.org (8.8.5/8.6.5)
with SMTP id RAA09362 for <email@example.com>; Fri, 23 May 1997 08:53:48
Date: Fri, 23 May 97 08:53:48 EST
Subject: NEW! 600K Hot List... No AOL
Comments: Authenticated sender is <firstname.lastname@example.org>
---------------End Example Header---------------
What a Full Header Does NOT Look Like
------------Example Incomplete Header------------
Date: Fri, 23 May 97 08:53:48 EST
Subject: NEW! 600K Hot List... No AOL
----------End Example Incomplete Header----------
How to Display Full Headers in Various Email Programs
Eudora (Light / Pro3.x / Pro 4.x for PC and MAC)
- Select the message in question
- Double click on the message to open it.
- Find the message button bar. This is not the main toolbar, but the button bar immediately above the message text pane of the message viewer
- Click on the button BLAH BLAH BLAH (Yes, it really says this) on this toolbar.
Microsoft Outlook (97/98, 2000/2002(XP) for PC)
- Open message in Full-View (double click on the message in the "Message Listing" pane.)
- Left-click on the "View" menu and select "Options".
Microsoft Outlook Express (for PC)
- Select the message in question.
- Click on the "File" menu and select "Properties".
- Click on the "Details" tab on the top of the window.
Microsoft Outlook Express(for MAC)
- Click on "Edit" on the main toolbar.
- Select "Preferences".
- Click on the "Display" option on the left-hand pane of the "Preferences" menu.
Click on the checkbox next to "Show message headers in message windows".
Netscape (4.x for PC and MAC):
- Select the message in question.
- Double-click on the mail message to open it.
- Click on the "View" option on the main toolbar, then select "Header," and then "Full."
Netscape (3.x for PC and MAC):
- Select the message in question.
- Click on the "Options" option in the main toolbar, then select "Show Headers," and then the "All."
Pegasus Mail (2.x for MAC):
- Click on "File" on the main toolbar.
- Select "Preferences," and the suboption "General Preferences."
- Click on the checkbox "Show all headers when reading messages."
- Enable the full header command. (NOTE: This step only needs to be done once. The change is permanent.)
- Type 's' for Setup
- Type 'c' for Config.
- Scroll down the list of features until you find enable-full-header-cmd, and type 'x' until you see an 'X' in the checkbox.>
- Type 'e' to Exit.
- Answer with yes (by hitting 'y') when it asks you to replace settings.
- Select the message in question.
- Press the [Enter] key to view it.
- Press 'h' to display the full header.
- Select the message in question.
- Double click on the mail message to open it.
- Click on the "View" option on the main toolbar, then select "Headers" and then "All".
If your email program is not listed above, there are more available at:
Spam - Frequently Asked Questions
Q - Why do we receive spam?
A - Profit. Spammers around the globe can, for virtually no money, spam millions of potential customers. Even when 99% of spam is deleted, the prospect of 1% of spam messages leading to a sale has caused this flood of unwanted mail.
Q - Where does spam come from?
A - Typically, spam is generated from Internet marketing companies. There are many ways to distribute spam. The most common are listed below:
- Email list servers;
- Exploited email servers;
- Virus infected computers;
Q - Does Magma provide a spam-free guarantee?
A - No. Magma works with its partners to provide a clean mailbox and offers two separate spam filters with different technologies to combat spam. BrightMail is the primary anti-spam filter and SpamAssasin is the secondary filter. More information on these two filters can be found at: http:\\www.brightmail.com or http://spamassassin.apache.org/ . This does not, however, provide any guarantee against spam in a mailbox.
Q - How do spammers get my email address?
A - There are a number of ways that spammers can get access to your email address. The most common are listed below: Posts to Usenet forums with your email address; From mailing lists;
- From Web pages;
- From marketing and sweepstakes;
- From a web browser;
- From IRC and chat rooms;
- From domain contact information;
- By guessing(there are programs that do this for the professional spammers);
- From white/yellow pages;
- From a previous owner;
- Hacking into websites.
Q - Can my email address make me easier to target?
A - Yes. Some spammers use computer programs to guess at email addresses. So use unusual email addresses containing numbers and letters. Eg. 245Jo32@magma.ca
You may also wish to consider creating a separate 'disposable' email address with a service that provides free email. Use this address when asked to provide an email address to sign up for services, subscribing to newsletters or posting on forums. Some people go as far as having an email address for each purpose, keeping their main one for personal contacts only.
Q - Why do I receive email that is not addressed to me?
A - Spammers use programs which use he BCC(Blind Carbon Copy) field and eliminate the TO field. When you receive an email that does not show your address, it was not by mistake. Extra addresses can be added to the BCC: field when sending an email and the addresses in the BCC: field will not show to anyone receiving the email(including the intended recipient, you).
When sending a valid email to multiple recipients, it is considered good form/manners to use the BCC field so that none of the recipients will see each others' addresses. Put your own address in the To field so that none of the addresses are visible.
Q - What spam filters does Magma provide?
A - Magma provides two different spam filters. Brightmail Anti-Spam and SpamAssassin. Both of these filters come from different development backgrounds, with Brightmail being a commercially developed product owned by Symantec (makers of Norton Anti-virus) and SpamAssassin being an example of Free open source software.
These spam filters use different strategies to catch mail. At its current version, SpamAssassin performs 938 different tests to catch mail. Brightmail, on the other hand, runs a dedicated server similar to a hardware firewall but its role is to analyze email for potential spam.
The combination of these two spam filters provides unparalleled spam protection for all Magma email boxes.
Q - How can I increase my spam protection?
A - By default, Magma only has Brightmail Anti-Spam enabled. Typically, this is more than enough for the majority of our clients. If you need extra protection, you can enable the secondary spam filter through the myaccount portal.
To enable the Secondary Spam Filter (SpamAssassin): Visit https://myaccount.magma.ca
- Log in using your email box userid and password;
- Click on the userids tab;
- Click on your mailbox userid directly(you will see your Magma userid listed on this page);
- Click on Anti-Spam Settings;
- You will see two checkboxes, the primary and secondary spam filters;
- Click on the checkbox beside the secondary spam filter;
- Set your filters accordingly;
- Click "Apply Changes..." at the bottom of the page;
Read and accept the license agreement to complete the setup of the secondary spam filter.
Q - Why is the secondary spam filter not installed by default?
A - Spam Assassin is an industry leading spam filter solution, however, there is a more likely chance for email to be marked as a false positive when going through it. This means that you may occasionally have to check your spam email box by visiting http://spamblock.magma.ca and check for non-spam email.
Magma also provides an easy way to search through these messages by sending you a "suspected junk mail" message every seven days.
Q - Are there ways to select the messages that the Secondary Spam Filter blocks?
A -Definitely. You can block messages by:
- From Addresses;
- To Addresses;
- Attachment Extensions;
- Website addresses(URL's);
- Message Body;
Q - Can I stop the Secondary Spam Filter from blocking messages that I WANT to receive?
A - Certainly. There is a field in the secondary spam filter that allows you to add 'safe' addresses so that email normally blocked will be allowed through to your mailbox. This is called the 'Allow List for From Addresses'.
Q - What do I do when I receive spam?
A - Here, you will find some helpful tips for dealing with spam:
- Don't complain to the website from which the spam message came from. Typically, spammers are either looking for affirmation that your email address is valid or exploiting a vulnerability in an innocent website.
- Don't complain to the return address. Almost 99% of the time, the return address is falsified. There are no checks or balances in the email infrastructure to guarantee the return address is authentic. This is also why it is very rarely useful to block by address when you receive spam.
- Don't spam the spammer. Magma has strong policies against the distribution of spam, whatever the motivation behind it.
- More detailed information can be found in the Recommendations section.
Q - How do I report spam?
A - If you have decided that you wish to report spam, it must be reported to the ISP from which the original message was sent. ISPs take action against their own customers but can do nothing to curtail spam from someone who is not their customer. First, you will need the full header from the email. If you require information on obtaining the header from your email program, see the How to Include All Headers in a Spam Report section. While it may seem confusing at first, the email header has a wealth of useful information. The most interesting piece is the original envelope sender. See an example of a header below:
The information needed is the "Received:" information in  brackets(bolded above). In the above example, it is [184.108.40.206]. Sometimes there can be multiple received header tags. The bottom one is always the very first tag added.
With the information of the actual original sender's computer, we can do a search on the IP address through NIC which is the organization responsible for giving out public network addresses to every region in the world.
Do a search for the IP address at:
The results will tell you who owns the IP address assigned to the spammer who sent you a message. For example, if you you look up the sample IP address 220.127.116.11, you will see it is owned by Magma Communications.
Generally, Internet Service Providers have an email address set up to receive information needed to investigate these complaints. Typically, it is email@example.com (ie. Magma's is firstname.lastname@example.org). In support of a friendly spam-free Internet community, most Internet Service Providers have policies against spam messages. Send an email with the full headers that were extracted to the abuse department of the ISP in question and then the provider can look up who was using the IP address at the time the email went out. They can then take appropriate action.
If you require detailed instructions on how to obtain headers, please see the section: How to Include All Headers in a Spam Report.
Viewing Blocked Spam
Magma clients receive regular emails detailing the suspected spam emails that have been sidelined by our spam filters. These emails are designed to let you look over what has been sidelined before they are deleted from our servers.
You can also view the sidelined spam at any time by logging into the SpamBlock Server or by navigating through the MyAccount portal.
1) Go to the website https://spamblock.magma.ca and log in using your Magma user id and password. For example, if your email address is email@example.com you would log in with "name" as the user id along with it's password.
2) Go to the website https://myaccount.magma.ca and log in using your Magma user id and password. Once at the main MyAccount page click on the "Userids" tab, then the user id you wish to see the spam for and finally click on the "SpamBlock" link.
3) There are some clients who would like a more "hands on" approach to the spam that has been sidelined.
If you would like to download all the spam that Magma's Anti-Spam solutions has sidelined at the same time you download your legitimate email, but would still like to keep them separate on your home PC we have a solution for you.
To achieve this you will have to either create a secondary mail profile for spam on your current email client (Outlook Express, Netscape, Mozilla, Thunderbird, etc.) or configure and use a second email client solely for spam downloads. For example if you use Netscape for all your personal mail, you may want to configure Mozilla to download all your spam for you to review at your leisure.
Note: When you configure the second profile or client please use all the same settings (including your userid and password) as your current Magma profile with one important exception.
The Incoming Mail Server (or POP server) will now be called:
For detailed instructions on configuring your email client, please visit http://support.magma.ca/appsupport/index.cfm under Application Tutorials select the appropriate email program.
If you have any questions regarding this service please contact our technical support team.
Magma Anti-Spam Filter Maintenance
Magma has integrated a number of user configurable options into the secondary Anti-Spam filter. You may need to adjust these options several times to find the settings that best fit your needs. You should test each setting for at least 24 hours before changing it again. You can find instructions on accessing this filter in the FAQ section under: How can I increase my spam protection?
The user configurable options available at the MyAccount Portal interface are:
These options rely on the use of regular expressions(see Additional Resources)
- Spam Cutoff Level;
- Deny List for From Addresses;
- Allow List for From Addresses;
- Deny List for To Addresses;
- Deny List for Subjects*;
- Deny List for Attachment Extensions;
- Deny List for URLs;
- Deny List for Message Body*;
- Language List.
How to set up the user configurable options
The "Spam Cutoff Value" is the value used the the filter to determine whether or not a particular message should be blocked or not. The filter uses approximately 200 tests to determine if a message is spam. A match on any one test will increase the rating by a fixed amount. If enough tests match and push the sum of the ratings above the cutoff value, the message will be blocked.
To make this filter more aggressive(to block more spam), lower the numerical value in this setting.
For most people, a cutoff value of 8 is appropriate, however, you may wish to consider lowering the value if you are still receiving a large amount of spam.
Warning! If you are subscribed to any mailing lists, lowering the spam cutoff level value may result in email from these lists being blocked. This is because messages from many mailing lists have characteristics similar to actual spam messages. If this should occur, there are two options available. You can increase the numerical value of the spam cutoff, thus increasing your general risk of receiving spam, or better yet, simply add the mailing list address to the Allow List(detailed later in this document).
You can permanently block a particular email address or an entire domain name from sending you email by entering it into your personal deny list called the "Deny List For From Addresses".
- Deny List For From Addresses
Example: firstname.lastname@example.org <--- if you block this address, any email from this person will always be blocked.
Example: *@spammer.com <--- if you block this address, any email from any address in the entire domain named "spammer.com" will always be blocked.
Note: The format is an asterisk (star) followed by the "@" symbol and then the domain name.
If the second spam filter is blocking valid messages from a particular person or company, you can add the email address or company domain name to your personal "allow list". Any messages sent to you with a FROM address matching the particular address or domain in your allow list will not be blocked by the second filter.
- Allow List For From Addresses
Warning! The Brightmail filter does not use your allow list. This means that even if you add an address to your allow list in the second (SpamAssassin) filter, messages from that address might still be blocked by the Brightmail filter. However, as Brightmail rarely has false positives, it is unlikely that Brightmail would ever block valid email as spam.
Note: The allow list for FROM addresses will override other deny lists below. For example, if someone on your allow list sends you an attachment with an extension in your deny list for attachment extensions, you will still receive the message.
You can block email from arriving your mailbox if it contains a particular address somewhere in the headers. (i.e. To:, Cc:, Resent-To:, Resent-Cc:, Apparently-To:, etc.)
- Deny List for To Addresses
Example: email@example.com <--- if you block this address, any email sent to the firstname.lastname@example.org address will be flagged as spam.
Note: Magma makes three different domain names available to you for your use. They are: magma.ca, magmacom.com and magma.net. If you only use one of these for blocking of your email address, you would still receive any email addresses to you at your email address if it was sent to you in the other two domains. If you wish to block a Magma address here, you should block all three domains.
Example: *magmacom.com <--- if you block this address, any email sent to you via any of your magmacom.com addresses will be blocked.
You can specify a list of regular expressions to match against the subject headers of all incoming messages. If the subject header matches any of the regular expressions in the list, then the email will be sidelined as SPAM.
Example: test <--- if you specify this regular expression, then any email with the string "test" anywhere in the subject will be blocked.
Note: This rule would also block any email with subjects containing the words "testing" or even "hottest" or "attest". Be VERY careful with your choice of regular expressions
Example: \btest\b <--- if you specify this regular expression, then any email containing the word "test" in the subject, surrounded by word breaks(non-alphanumeric characters), will be blocked.
Note: This rule would block emails with subjects such as "this is a test", but not emails containing words such as "hottest" or "attest".
Example: ^test$ <--- if you specify this regular expression, then any email with the subject of exactly the string "test" will be blocked.
Example: ^test\b <--- if you specify this regular expression, then any email with a subject starting with the word "test" will be blocked.
Note: This rule would block emails with subjects such as "test email" or "test", but not "testing" or "testy email".
You can block email from arriving your mailbox if it contains an attachment with a filename extension matching one of the extensions in your filter list.
- Deny List for Attachment Extensions
Example: exe <--- if you block this extension, then any email containing an attachment with a .exe extension will be blocked as spam.
You can specify a list of regular expressions to match against URIs which is the address of an Internet Resource (e.g. URLs which are Webpage addresses) which might appear in the body of HTML-based messages. If the URI matches any of the regular expressions in the list, then the email will be sidelined as SPAM.
- Deny List for URIs (Uniform Resource Identifier)
Example: www.example.com/OrderViagra/ <--- if you specify this regular expression, then any email with a URI containing the specified string will be blocked.
You can specify a list of regular expressions to match against entries in the body of an email. If any line of the body of the message matches any of the regular expressions in the list, then the email will be sidelined as SPAM.
- Deny List for Message Body
Warning! This is an extremely dangerous filter. Please be as careful as possible when defining body filter rules.
Example: v.i.a.g.r.a <--- if you specify this regular expression, then any email containing the letter 'v' followed by any character, followed by the letter 'l', followed by any character, followed by the letter 'a', and s o on will be blocked.
Note: A period matches ANY single character.
You can choose from a list of languages that you would like to allow:
English, French, Afrikaans, Albanian, Amharic, Arabic, Armenian, Basque, Bosnian, Bulgarian, Byelorussian, Catalan, Chinese, Croatian, Czech, Danish, Dutch, Esperanto, Estonian, Finnish, Frisian, Georgian, German, Greek, Hebrew, Hindi, Hungarian, Icelandic, Indonesian, Irish Gaelic, Italian, Japanese, Korean, Latin, Latvian, Lithuanian, Malay, Marathi, Nepali, Norwegian, Persian, Polish, Portuguese, Quechua, Rhaeto-Romance, Romanian, Russian, Sanskrit, Scots, Scottish Gaelic, Serbian, Slovak, Slovenian, Spanish, Swahili, Swedish, Tagalog, Tamil, Thai, Turkish, Ukranian, Vietnamese, Welsh, Yiddish.
|The Spam Boycott Home Page
||General references on filtering and blocking spam
|Internet Mail Consortium
||Includes reports on unsolicited commercial email; hosts the IETF's SMTP mail filters mailing list
|Brightmail Anti-Spam Solutions(TM)
||Anti-spam email solution
|Working to Halt Online Abuse(WHOA)
||A volunteer organization to fight online harassment