Junk Spy User's Guide

User's Guide for Junk Spy

Version 1.0

Table of Contents
Introduction A Quick Overview What is Junk Mail and What Isn't Requirements Getting Started: Installation and Setup Installation TCP/IP Wizard Configuring Your Email Program Letting Junk Spy Work for You Junk Spy's Message Area The Status Center Keeps You Informed Junk Spy Keeps Up-to-Date The Junk Spy Monitor	Technical and Other Support Junk Spy's Menu Options All About Clues and Detectors Clues to Junk Looking at Detectors Global Exceptions Are Never Junk Settings for Detectors, Updates, and Connections Detector Settings Update Settings Post Office Settings Looking at Junk Spy's Logs Junk Spy Product Information

1. Introduction

Junk mail is a universal annoyance. It clogs our mail boxes with unsolicited, sometimes obnoxious messages that are a time waster if nothing else. No matter whether it's bulk rate pieces of paper or spam email, junk mail is junk.

Junk Spy is a valuable tool for detecting and filtering out junk email. Most email software products support the concept of filters which can be used to remove unwanted mail. Junk Spy does that and more, and has several advantages over the traditional email filter solution to junk mail.

Junk Spy's benefits include:

Ability to intercept junk email so that you never see it;
Options to delete messages, save them to a text file, or forward junk email to another address;
Integration with popular email programs;
A comprehensive detection system that is kept up-to-date; and,
Ease of use.

A Quick Overview

To effectively eliminate your junk email, Junk Spy sits between your email program and your mail server. When your mail program begins to retrieve your email, it connects to Junk Spy instead of your mail server. Junk Spy then connects to your mail server and starts to download your messages. As it is receiving the messages Junk Spy evaluates them to identify potential junk.

Once Junk Spy finds a message it considers junk email, there are two options. The default is that the message header is flagged to indicate it's junk. You can use that header entry with your email program's filter capability to control what happens to it. You could delete it, move it to a specific folder, or take other action that your email program offers. If you don't want the message flagged, your other option is to have Junk Spy destroy the message completely. However, not all email programs can support this option and you do lose the flexibility of the filtering method. Consult the Getting Started guide for your email program for more information.

Messages that are not considered junk email are sent to your email program untouched.

What Is Junk Mail and What Isn't

Junk mail is:: messages you didn't request or authorize, usually trying to get you to buy something or visit a web site. Junk mail messages often have the sender and recipient email addresses hidden. Frequently they are sent to thousands of email addresses at once. Junk mail is annoying, clutters up your mail box, and wastes your time.
Junk mail is not:: messages you receive on a mailing list or mail from a company you signed up with. While you may find them undesirable, email from organizations you gave your address to is technically not junk.

Requirements

Junk Spy has simple requirements:

OS/2 Warp 3 Connect or higher,
2 MBytes of free disk space,
A connection to the Internet, and
An email program.

2. Getting Started: Installation and Setup

Let's get started. There are basically three things to do:

The actual installation of the program,
Making sure TCP/IP is configured correctly with Junk Spy's TCP/IP Wizard, and
Making a few changes to your email program.

Installation

Junk Spy is quick and easy to install.

If you downloaded Junk Spy, unzip the files into a temporary directory.
At this point you can either:
- Change to the directory where you unzipped the files, or to the diskette on which you received Junk Spy. From this directory run INSTALL.EXE.
- Or if you prefer, open the folder or drive object that contains the Junk Spy distribution files and double click on the INSTALL.EXE icon.
Next, you'll be asked where you want Junk Spy to be installed. Once you've specified a directory, the actual installation begins.
You'll be asked several questions to aid in installing Junk Spy.
Finally, before installation completes, Junk Spy's TCP/IP Wizard will help with the TCP/IP setup on your system.

Junk Spy's TCP/IP Wizard

Junk Spy's TCP/IP Wizard is a handy tool to help make sure that your TCP/IP is optimally setup for Junk Spy. The Wizard will analyze your system and let you know what, if any, changes are needed. In most cases, the TCP/IP Wizard is able to make the changes for you if you so choose.

Once you're done with Junk Spy's TCP/IP Wizard, you'll be ready to configure your email program to work with Junk Spy.

Note that the TCP/IP Wizard is included in your Junk Spy folder as a separate function. That way you can use it at any time, not just during the installation and setup process. You'll find it can be useful if you make changes to your system which affect TCP/IP.

Configuring Your Email Program

There are a few changes that must be made to your email program to make it work with Junk Spy. Setup instructions specific to the following OS/2 email applications are included:

If your program isn't included in this list, there are general instructions for configuring email programs to work with Junk Spy which you should follow.

3. Letting Junk Spy Work for You

After installation and setup of your email program to work with Junk Spy, there's no need to reboot your system (except in the case of some changes made by the TCP/IP Wizard). You can start using Junk Spy right away.

Double click on the program object in the Junk Spy folder to start it. Alternatively, if you open an OS/2 command window, you can change to the Junk Spy directory and run the Junk Spy executable from the command line.

The first time you start Junk Spy you'll be prompted for a license number and access code. Be sure to enter this information exactly because case and dashes are critical. If you don't have a license, you can run Junk Spy in demo mode which lets you try the product while limiting some of its functionality.

As you can see, Junk Spy takes up minimal space on your desktop. At the same time, everything you need is right there at your fingertips.

Junk Spy's Message Area

Look at the message area - it's the white area under the titlebar. You'll see a short informational report on the left and a status icon on the right. These give you information about what's happening with your email.

Cummulative activity is shown on the left.

The text on the left side of the message area gives you a summary of Junk Spy's activities. Clicking in the message area changes the information that is displayed:

The number of Total messages Junk Spy has processed,
The Total bytes of information processed,
The number of Deleted messages,
The number of Deleted bytes in the deleted messages
The Junk ratio based on messages, and
The status of Junk Spy's current activities, if any.

Current activity is shown on the right.

The status icon on the right indicates Junk Spy's current activity. When inactive, you'll see a snooze indicator; when active, the indicator varies with each stage of the junk mail detection process.

Junk Spy is snoozing while waiting for incoming mail to process
a connection is being made with your mail server
your incoming messages are being checked
Junk Spy is getting mail
a message has been determined to be junk mail
a message has been identified as not being junk mail
a message generated by Junk Spy is being sent
a message is being analyzed by the Real-time Blackhole List or the Relay Spam Stopper list
an update to the filter data is being received and processed
you do not have an Internet connection, so Junk Spy is not attempting to retrieve and analyze mail

The Status Center Keeps You Informed

At the far left of the message area in Junk Spy you might see a yellow dot like this one. The dot let's you know there is news for you about the product or its installation in Junk Spy's Status Center.

Use the Junk Spy menu to look at the Status Center. You can display the Junk Spy menu by right-clicking on the message area, or by clicking on the system menu icon in the upper left corner and then selecting Junk Spy.

The Status Center lists information that you should be aware of, such as when an error condition occurred, when Junk Spy got its last dectector update, or when your license for the product expires. When Sundial Systems sends you news about Junk Spy, this is where you'll find it as well.

One other feature of the Status Center is the ability to control whether or not error messages are displayed. If you like knowing when Junk Spy encounters a problem, then check Display Popup Error Messages; if you'd rather not have the error messages displayed, then make sure this option is not checked.

You can look at items in more detail.

If you want to see more information about an item in the Status Center, you can. All you need to do is to double-click on the item, or highlight it on the list and then click on the View button to display the relevant log or information dialog.

For example, if you are running Junk Spy without a license number - or if you have a temporary license as illustrated here - you'll be reminded of it in the Status Center. By highlighting the license message in the Status Center and pressing the View button, you'll get a dialog with your license status in which you can enter a new license number and access code if you choose.

When you are finished looking at or dealing with the information in the Status Center, you should press the OK button and you'll exit the dialog. On the other hand, if you want to leave the dialog but aren't done with the information in it, you can press the Close button. (This is the same as clicking on the close icon in the upper right corner or double-clicking on the system menu icon in the upper left corner.) Using Close rather than OK leaves the yellow news indicator dot in Junk Spy's message area, reminding you to look again at the Status Center.

Junk Spy Keeps Up-to-Date

One of Junk Spy's important features is its ability to automatically receive and process junk detection updates via email. While you can disable this feature in the Update Settings if you prefer, it is the way Junk Spy stays up-to-date working for you to eliminate junk mail.

This service of automatic updates is available only to licensed users of Junk Spy, and is initially based on the contact information provided when the product was purchased. Updates will be sent periodically to keep Junk Spy's database of detectors current.

As part of the update service, licensed users also have access to the Junk Spy Detection Update Center. Information about it - and a password for it - is emailed shortly after purchase.

http://www.sundialsystems.com/junkspy/updatecenter.html

We strongly suggest that you change the password right away to something that is meaningful to you.

The Detection Update Center is the place to go if you need to change the email address that your Junk Spy updates are sent to. In addition, you'll see your personal update history and can have any updates you might have missed resent immediately, if necessary.

The Junk Spy Monitor

You might want to periodically look at the email Monitor. It shows you what Junk Spy's done for you. It gives you the same information as the report indicators on the left in Junk Spy's message area, but here they are all displayed together at the same time. In addition, the Monitor gives some specifics on your most recent message and your most recent junk message - which might be the same if the most recent message is junk mail.

Like the Status Center, the Monitor is a menu option. Right-click on the message area to bring up the popup menu and select Monitor; or, you can access the option by clicking on the system menu icon in the upper left corner, selecting Junk Spy, and then Monitor.

As a shortcut, you can double-click on the message area to display the Monitor. Conversely, double-clicking on the message when the Monitor is open will cause it to close.

4. Technical and Other Support from Sundial Systems

In general, that's all you need to do. One of the best things about Junk Spy is that it works without you doing anything. Because Junk Spy is driven by your email program, you'll rarely interact with it directly. Sit back and watch Junk Spy take care of junk mail for you.

But there may be times when you have a question or concern, and that's when you should contact the Support Services at Sundial Systems.

For Product Support:

Send email to JunkSpy@sundialsystems.com
Send postal mail to Sundial Systems, 909 Electric Avenue, Suite 204, Seal Beach, CA 90740 USA
Visit the Sundial Systems web site at http://www.sundialsystems.com
Phone 562-596-5121 (9:00 to 4:30, Monday through Friday, Pacific time)
FAX to 562-596-7825

When a Junk Message Gets Past Junk Spy:

Sometimes junk mail gets through. It's unfortunate, but true.

In an ideal world, Junk Spy would catch every piece of junk mail that's sent to you, and that, indeed, is the goal. Toward that end, you can help by forwarding a message that should have been recognized as junk (but wasn't) to: junk@sundialsystems.com.

The message will then automatically be entered into Sundial's database of suspicious email.

When a Message Gets Identified as Junk by Mistake:

Conversely, a message might be classified as junk when it shouldn't have been. In order to correct such misidentification, Sundial Systems wants to know when that happens. You can help by forwarding the message that was incorrectly identified as junk to: nojunk@sundialsystems.com.

This will help with Sundial's on-going analysis of what is and is not junk mail.

5. Junk Spy's Menu Options

Even though it isn't obvious from just looking at Junk Spy, the program does have a menu. You may have used it to look at Junk Spy's Status Center or email Monitor, or when you configured your email program.

The quickest way to display the Junk Spy menu is to right-click on the message area. Alternatively, click on the system menu icon in the upper left corner and select Junk Spy.

Junk Spy's menu gives you options for:

Detectors - what Junk Spy uses in its junk mail detection process
Global Exceptions - used to override Junk Spy's detectors
Status Center - gives you information relevant to you and your installation of Junk Spy
Monitor - lets you watch detailed information as messages are filtered
View Log:
- Detection Log - shows you what junk mail Junk Spy has found
- Update Log - shows you when updates were made to the detectors that Junk Spy uses
- Error Log - shows you operational errors that have occurred
Settings:
- Detector Settings - specify how Junk Spy should react to junk mail
- Update Settings - specify how Junk Spy should handle automatic updates
- Post Office Settings - controls connections for retrieving and sending email
Help:
- Help Index
- General Help
- Using Help
- User's Guide - this on-line reference
- Junk Email Slipped Through - what to do when Junk Spy doesn't catch all your junk mail
- Real Email Was Junked - what to do when a message is misidentified as junk
- Product Information - about your installation of Junk Spy

Note: There is on-line help in Junk Spy for all the menu options, dialogs, fields, and buttons. You can get help at any time by pressing the F1 key or clicking the Help button in a dialog.

6. All About Clues and Detectors

Junk Spy includes a comprehensive database of clues that are used to determine which messages are junk mail. The database contains words and phrases that are commonly found in junk email but not in your every day mail. Unlike conventional approaches to eliminating junk messages, Junk Spy's database is provided for you by Sundial Systems so that you don't need to worry about it.

However, everything that Junk Spy uses is actually under your control. So if you want to make changes to the clues Junk Spy works with, you can.

Clues to Junk

Clues are what Junk Spy uses as it analyzes your mail for junk messages, and there is no restriction on how many clues you can have.

Each clue has its own definition which is composed of several elements:

Specific text
Optionally, an exclusion to the text
Where the text is in a message

The Find field has the specific text of the clue. In the example pictured, the text is "HOT STOCK". If there is an exception that should prevent Junk Spy from making a match with this text, it goes in the Unless field.

At first glance you might think that you want to put something quite specific into the Unless field. Maybe you have a brother who forwards all the "hot stock" type offers he gets to you so you can advise him about them. In that case, you'd be inclined to use your brother's email address as the exclusion with HOT STOCK. But, this works only for this one clue. It actually is more appropriate to put your brother's address on the Global Exceptions list, so that nothing he sends you is treated as junk.

Rather, the Unless field in clue definitions is better used for exceptions you don't have specifics on. For example, you might want to put "Internet" in the Unless field with the HOT STOCK clue because you want to see all the emails about new Internet stock offerings.

In addition to specific text, the definition of a clue includes the part of message that Junk Spy will Search in for the text:

To - the email address the message came to
From - the email address the message came from
Subject - the subject line of the message
Header - everything above the body of the message, including the to, from, and subject information
Body - the text of the message
Entire message - all of the above

You might be saying, "Well this is all well and good, but where are the definitions for clues?" They aren't listed on the Junk Spy menu. That's because there are lots and lots of clues which are grouped together for convenience into Detectors (which are on the menu).

Looking at Detectors

Lots of junk email falls into a few common categories such as adult content or schemes for making money. As a way of organizing things, Junk Spy groups the clues it uses into similar categories called Detectors.

To look at detectors and the clues they contain, right-click on Junk Spy's message area to bring up the popup menu or click on the system menu icon in the upper left corner and select Junk Spy. Then select the Detectors option on the menu.

You'll see all the detector categories on the Junk Mail Detectors dialog. Use the Add button to create a new detector and Modify to make changes to one you already have. Select the Delete button to remove the detector that's highlighted on the list; when you delete a detector, all the clues that are associated with it are removed as well.

Adding or modifying a detector gives you access to everything that makes up that detector. Specifically, the Detector Definition includes:

The detector Name which you can change if you prefer something else,

An Enabled checkbox which controls whether or not Junk Spy uses this detector's clues in identifying junk mail, and

A list of clues which can be individually managed by:
- Adding new clues,
- Modifying clues already defined, and/or
- Deleting clues from the list.

Note: You don't have to delete a detector to not have it used. Instead, you can uncheck the Enabled option that is part of the detector's definition.

Global Exceptions Are Never Junk

Global Exceptions are the rules that prevent some messages from being classified as junk email, no matter how much they might look like it.

Junk Spy uses clues to identify junk mail. Likewise, global exceptions are clues that work the other way around. When a global exception is located in an incoming message, the message is automatically determined not to be junk mail.

You can use the Add, Modify, and Delete buttons to maintain your list of global exceptions. Adding or modifying a global exception is just like adding or changing a clue in a detector. You specify the exact text to be searched for, a possible exception to it, and where the text should be looked for in messages.

For example, one of the common uses of junk mail is to advertise multilevel marketing schemes, commonly called MLM. Thus, there is a clue specifically for MLM. Maybe you hate MLMs, but you're a member of the Modern Lawn Mowers' Assocation which goes by the name MLMA. Normally your MLMA mail would be considered junk because it contains MLM. However, if you create a Global Exception for MLMA, any mail containing MLMA will not be considered junk no matter which clues it matches.

7. Settings for Detectors, Updates, and Connections

Depending which email program you are using, when you set it up for Junk Spy you may have made changes to some of Junk Spy's settings as well. Other than for that, you don't have to do anything else with the settings. But you ought to know they are all about.

There are three options on the Settings submenu:

Detector controls the general processing behavior.
Update controls the use of updates to Junk Spy's detectors sent by Sundial Systems.
Post Office controls the connections for retrieving and sending email.

Detector Settings

The Detector Settings determine Junk Spy's general behavior with regard to your incoming email messages.

Several things can happen to junk mail. First, there's what Action to take when a message matches a dectector. You can either have the message destroyed or have it flagged as junk and delivered to you. Which you choose may be determined by the email program you are using because some programs require one or the other. You might want to check the setup instructions for using Junk Spy that are specific to your email program.

There are additional Options you can utilize regarding junk messages, and you should check those you want:

Forward a copy to the Junk Spy Research Center -: A copy of each junk message will be sent to Sundial for analysis. This is useful because it gives Sundial a larger database of junk mail to work with. The more messages that are analyzed, the more accurate the clues and detectors can be to thoroughly screen your mail. All messages forwarded to the Junk Spy Research Center are held in the strictest of confidence, and those that don't meet Sundial's definition of junk mail are immediately deleted.
Send with warning to -: Messages identified as junk are forwarded to another email addres, so be sure to enter the forwarding address in the field provided. As a precaution, a warning that the content is junk mail is included with each forwarded message.
Save to file -: Messages that match clues are saved to the indicated file you specify in the field provided. If you don't include a path with the file name, the file will be saved in the directory where you have Junk Spy installed.
Record in log -: Junk Spy will maintain a log file of the junk mail messages it finds. You can look at the log by selecting the View log - Detection option off the menu.

In addition to Junk Spy's built-in detection system, you have the option to also make use of two outside anti-junk email resources, the Realtime Blackhole List (RBL) and the Relay Spam Stopper (RSS). Both are services of the Mail Abuse Prevention System (MAPS), a nonprofit company whose self-proclaimed goal is "to stop the Internet's e-mail system from being abused by spammers." Information about them can be found at http://maps.vix.com.

The Realtime Blackhole List and the Relay Spam Stopper list include networks which are known to be friendly, or at least neutral, to spammers who use these networks either to originate or relay junk mail. The two lists are similar, and to some extent overlapping, but use different criteria to determine which networks and servers are contained in the list.

When RBL or RSS support is enabled in Junk Spy, all of the servers that a piece of mail has passed through are checked against those on the corresponding list. If even one of the servers is found on the list, the message is considered junk mail.

To make use of the Realtime Blackhole List screening facility, check the Enable box. An IP address or host name for the Realtime Blackhole server is indicated in the RBL Server field. If the address changes or you prefer using a different one, you can change the IP address or host name in this field.

To make use of the Relay Spam Stopper, you do the same thing. Just check the Enable box. When support is enabled, you'll see that an IP address or host name for the Relay Spam Stopper server is indicated in the RSS server field. If the address changes or you prefer using a different one, you can change the IP address or host name in this field.

Update Settings

Junk Spy has the ability to receive automatic updates via email (of course!), so that the detection database can be kept up-to-date. This process is very similar to updating an anti-virus program. The Update Settings determine whether or not updating is done.

The Enable Updates option must be checked in order for Junk Spy to process the updates sent by Sundial Systems. Updates are necessary to keep Junk Spy efficient, so you will want to keep this checkbox marked.

Note: You don't need to worry about changes you may have made to Junk Spy's detectors. Your changes will be maintained during the update process.

When updates are enabled, you have several options for documenting them:

Log updates -

Post Office Settings

The Post Office Settings control your connections for receiving and sending email. In general, you should only need to make changes to these settings when you are configuring your email program and Junk Spy to work together.

You may need to specify addresses for your inbound and/or outbound mail Servers.

Default POP3 mail server -: This is your inbound mail server. Junk Spy needs to know this information in order to work with some email programs, so the field may - or may not - need to be filled in. The Getting Started documentation for your specific email program will tell you if this is necessary.
SMTP server -: This field is used to specify an alternate outgoing mail server if your POP server does not support sending. The information is necessary for some Internet Service Providers (ISPs). If you traditionally have to set SMTP server information in your email program for it to send mail, then you should provide that same information here for Junk Spy as well.

If you connect to the Internet over a dial-up line, you will probably want Junk Spy to Monitor (the) Dial-up Connection. Check Enable to have Junk Spy monitor your connection and only attempt to process mail when the dial-up connection is active. You'll also want to specify in the Interval field how frequently the connection status should be checked. Every 30 seconds is a reasonable frequency, but you can make it shorter or longer.

Note: This only applies to dial-up connections. If you use another method for email, don't enable the Monitor Dial-up Connection option. Also, this setting does not determine when Junk Spy tries to receive mail. It only determines how often if checks to see if your dialup connection has been established.

If the standard POP3 port (110) is already in use by another application, Junk Spy will need to use another port for your Alternate Local Connection. Check Enable if an alternate port should be used and put its number in the Listen port field.

8. Looking at Junk Spy's Logs

Junk Spy maintains logs of relevant activity. You can access them from the View Log submenu:

The Detection Log -

No matter how you have Junk Spy handle your junk email, all the junk messages Junk Spy identifies can be recorded in the Detection Log. Whether or not junk mail is logged is one of the Detector Settings options. When logging is selected, you'll get information for each junk message that shows you:

The time and date the message was received,
The detector and specific clue that were found in the message,
Who the message was addressed to,
Who the message came from, and
The subject line of the message.

If you notice an entry in the Detection Log for a message that should not have been classified as junk, please let Sundial know about it. Forwarding the misidentified message (if you have it in a trash folder or file) is most useful. In lieu of that, copy the information about the message from the log and mail that information.

Sundial Systems also wants to know about junk that doesn't get caught. By forwarding such email to Sundial, you'll be helping improve the junk mail database used to extrapolate Junk Spy's clues.

The Update Log -

Updates to Junk Spy's detectors are the way the product stays up-to-date. This log shows when updates were made.

Whether or not Junk Spy automatically processes updates, and if they are logged, is controlled by the Update Settings.

The Error Log -

Errors can happen for a number of reasons. This log gives you the time, date, and a brief description of all the errors that Junk Spy encounters.

9. Junk Spy Product Information

You can get lots of information about your Junk Spy installation by selecting the Product Information option on the Help menu. This shows you:

The version of Junk Spy you are running,
Ways to contact Sundial Systems Corporation, and
Your Junk Spy license number (but not the access code which is confidential).

You also have options for displaying additional useful information:

Credits - those responsible for Junk Spy
License - the License Agreement for running Junk Spy
Readme - release notes about this version
Sundial - contact numbers and addresses

Copyright 1999, 2000, Sundial Systems Corporation. ALL RIGHTS RESERVED.
Junk Spy is a trademark of Sundial Systems Corporation. OS/2 is a registered trademark of International Business Machines Corporation. All other trademarks remain the property of their respective owners.