SpamBT™ - BoxTrapper Technology

      Processes spam on our mail servers - not on your computer!
       Server-side challenge-response email filtering tool

  • BoxTrapper is a free, built-in hosting account spam elimination tool for your mailbox. It minimizes the spam that is delivered to you by:
    1. keeping a list of addresses that you have corresponded with (called a whitelist, addresses from which are delivered to your inbox immediately), and
    2. sending a friendly message to those "unrecognized" addresses to request them to reply-- this verifies that they are human and likely not unsolicited email.
  • BoxTrapper allows emails from senders on your whitelist to proceed directly to your inbox.
  • All other senders are checked to see if they are coming from a real human before being released to your inbox.
  • You can easily edit (manually) your whitelist any time you want (through a web interface). The whitelist is automatically updated with the email addresses you send to, IF you use our smtp server for outgoing email.
  • BoxTrapper can be turned on or off with the click of a mouse in your cpanel or webmail interface
  • Boxtrapper does its work on our servers, as opposed to other methods that download all the spam and filter it locally on your computer. The server-side processing is particularly useful when you're accessing your email away from your office or home.
  • For business accounts that have web forms, please program your whitelist carefully to accept messages with your web form's subject line.
  • SpamBT BoxTrapper is included free with SherwoodHosting Plan "D", and must be used with mailboxes on our server (as opposed to forward-only addresses).

This page contains:


NOTE: We encourage the following rules:

Because BoxTrapper takes server resources to handle each incoming spam email, in order to be permitted to enable BT for a given email address, that email address must be shown to:

(a) have taken steps to minimize “publishing” of the address (on ANY web site, RSS feed, or forum, not just your own site) in live/parse-able text formats such that spam harvesters can read it, and

(b)  not be a dictionary name (like:  info, sales, help, orders, webmaster, etc., or a common first name like: mary, sue, joe, bill, bob, etc. (suggestion: use mailbox names that are based on some aspect of your business, and people's firstname+lastinitial)).

See point  #1 in minimizing spam

Definitions

  • Spam - unwanted junk mail (Unsolicited Commercial Email (UCE)) Department of Justice Article

  • BoxTrapper - Mailsystem software on SherwoodHosting servers that processes and sorts spam before it gets to your inbox. This software "filter" runs on our server and allows you a preview of the intercepted spam (see the "queue" of emails awaiting challenge responses) for the case that an email was misidentified as spam.

  • WhiteList - A list of people you want to receive email from (e.g., people in your address book entries).
    This is a (text file) list of email addresses (maintained on the server, but editable and viewable through a BT's web interface). If you use the server's outgoing SMTP server for emails you send, BT will automatically white list those sent-to addresses.
    The Whitelist additionally allows pattern-filtering based on both FROM and SUBJECT information. For email generated by web forms that you do want to allow, please program the appropriate entry using the SUBJ keyword and your subject line phrase.

    CRITICAL NOTE
    — EDITING WHITE LIST & VERIFY MSSGS

    WHITELIST - When you manually enter line items in your white list, you must be very careful to add the "escape" character \ (backslash) preceding ANY character other than A-Z,a-z,0-9 or space. This includes *  @  .  -

    If omitted, incoming email will crash and respond to the sender with the following oblique error:

    local delivery failed (internal death)
    Cpanel::BoxTrapper::BoxTrapper_checklist('white', '/home ...)
    [a fatal error or timeout occurred while processing this directive]

    This is most vulnerable for including "subject" lines. Example:
           \*\*\* Contact Web Form Submitted \- contact\.html

    Another gotcha is the | (vertical bar, a.k.a. pipe) character, which, unescaped, means Logical Or.   So if your intention is to pattern match for the literal vertical bar character, then use the syntax   \|

    Wildcards: (often *(asterisk) might be intuitively used) There are no wildcard characters available for use in the whitelist(etc.) line item matchstring syntax.  You don't need a wildcard positioned as a prefix or suffix, since by definition a line item matchstring is matched if found ANYWHERE in the sender's email address.

    For instance, if you enter as a line in your whitelist:
      verizon
    Then the following would be allowed through to your mailbox without challenge:
      mary@verizon.net
      joe@verizon.com
      verizon@aol.com
      help@verizonwireless.com


    VERIFY MESSAGE - When you're editing the verification message, be extremely careful to leave the syntax at the end of the SUBJECT line as the end of that line. Failure to do so will cause senders to keep being challenged because BT cannot see the message ID number.


    Once the sender replies to the challenge message, that sender address is Whitelisted and (New as of July 2007), a confirmation message is sent to the sender acknowledging that their address is now on the whitelist and they will not be challenged in the future. This acknowledgement message is a system-wide message and is not editable by the user.

  • BlackList - Address list that you specify for BoxTrapper to immediately identify as unwanted spam sender addresses and it deletes it and does not challenge it.

  • Challenge - When your server mailbox receives an email from someone not yet on either of your White or Black lists, BoxTrapper will "challenge" the sender (to see if s/he is "human") by sending a polite form email (which is editable by you) to ask them to reply.  If they reply, then the original message they sent will be conveyed to your inbox, if no REPLY was made, the message will sit in the BoxTrapper queue for 15 days (a selectable number, by you, we recommend you change it to 30 days) for your potential review in case a mistake was made. If a new correspondent sends email to you for the first time, they only have to encounter a Challenge email once- thereafter they are on the WhiteList and their email message immediately is conveyed to your inbox.
    Note that IF you have "automatic whitelisting" enabled AND your outgoing email smtp server uses our servers (so that boxtrapper can watch for outgoing messages) AND you send email to Person A, then Boxtrapper will put that address on the Whitelist and at any time in the future if Person A sends you email, that email will be conveyed to your inbox instantly with no challenge.

  • Verify/Verification - The email message and process by which BoxTrapper sends the Challenge message to the sender to see if s/he is human. A challenge message is sent IF the sender's email address was NOT on either the Whitelist or Blacklist.

  • Log (see details below) - A list of transactions for email challenged, or let thru and the reason (rule) is noted.

  • Queue (see details below) - A list of emails which have been challenged and are awaiting the original sender to reply so that BT can release the message to the recipient's inbox. We recommend checking this list about once a week, especially if you're a business and expecting new clients to email you.

Overview

We all hate spam. Here're some discussion topics for how to minimize it even prior to using BT (click on the underscored link for detailed info):

  1. Protect your address: Stop/minimize your email address from getting in spam address list databases in the first place
  2. Filter these pesky emails when you do receive them-- an effective method is to use SpamBT Boxtrapper.

BoxTrapper (BT, also an abbreviation for Bacillus thuringiensis which is an organic control for garden caterpillars, essentially a pest control agent) is software that runs on the SherwoodHosting servers to minimize the spam messages that get through to your inbox. This is accomplished by a filter mechanism that you choose how it operates. When Boxtrapper is enabled, Email sent to your mailbox is either:

  • Transferred directly to your inbox (because the sender's address was on your whitelist). Your whitelist is an accumulation of good email addresses from your address book, from having sent a message outward to a particular email address (using our smtp server), or manually maintained/edited by you.
  • Ignored or deleted or placed in a spam wastebasket (depending on how you set up boxtrapper, based on identifying the sender's address as a spammer, or keywords in the message or subject line match spam profiles - it "smells like spam")
  • Temporarily held (in a waiting queue which you can manually peruse and manipulate) while a reply email message (a "challenge message") is sent to the sender to have them confirm they are human by simply replying (no content is needed in the reply). Spam senders will not reply to such a message. Once the challenge response is received, the original email is released to your inbox.

Note: To be able to use boxtrapper, you need to have a mailbox in your account on the SherwoodHosting server. If you only have a FORWARDER set up in your Cpanel MAIL settings, Boxtrapper cannot intercept the messages. (Independently and perhaps confusingly, Boxtrapper has the feature to be able to additionally FORWARD messages that it permits through to your mailbox, but it's unclear what the difference between BT forwards and the mailsystem's forwards.)

Please be careful that you "prime" (initialize) your Whitelist with your addressbook and especially the exact email address from which mailing list or other automated messages originate from.

 

Quickstart steps to enable BoxTrapper

  • Login to your CPanel on your web site (Note: this is NOT your Windows System Control Panel; see instructions on CPanel)
  • Enter the Mail section by clicking on the Mail Icon
  • Click on the BoxTrapper Spam Trap option.
  • Click the Manage link towards the right hand side of the screen for the email address that you want to enable BoxTrapper for.
  • Click the ENABLE button to turn on BoxTrapper for the account.
  • As a last step (highly reccomended) you will want to turn on Automatic Whitelisting. To do this click the Configure Settings link towards the bottom left of the BoxTrapper Configuration screen and then click the check box for Enable Automatic Whitelisting.
  • Always test your email boxes, forwarders, and spam software. Check occasionally your challenge queue, whitelists, and event log to see if there's anything strange happening.

How to Enable SpamBT Boxtrapper

Cpanel> Mail> BoxTrapper Spam Trap> (select the email box and ENABLE it)
To enter your Cpanel, you'll need to use your hosting account (FTP) username and password.

Manage the settings for your mailbox BoxTrapper processing:

  • Configure Settings:
    • Email addresses going to this account - These are the addresses that you have configured to be interecepted by BT for this collection of settings.
    • How many days should logs and messages in queue be kept - When BT intercepts a message that from an address which is not on any of its lists (Ignore, Black, or White), it sends a challenge message. It makes note of this transaction in the Log, but also puts the message in its Queue. It stays in the queue list until (a) the number of days expires; or (b) the sender responds; or (c) you manually delete it from the queue. You can review messages that are pending in the queue. This number of days parameters tells BT how long you want to keep messages for reviewing (and also they are still alive to be responded to). Typically people use a setting of 15-30 days. If you get lots of spam that has large attachments, then this will run up your disk quota faster (but it's not a big factor usually).
    • Enable Automatic Whitelisting - (What this really means is, Do you want BoxTrapper to add someone to your whitelist when you send email to that address AND you are using our servers' SMTP server to send that email) Thus when you send a message to Person A, Person A can reply to you without being challenged (A's message will proceed directly to your inbox).
    • Confirmation Messages - This is the text of the challenge message that is sent when the FROM address is not on any of your lists (Ignore, Black, or White). You can edit this to be more friendly or specific to your own style.
  • Edit Lists:
    • Forward List - If the email account for which you have boxtrapper enabled is not your normal emailbox, BT offer the option of forwarded "approved" messages. (Approved means those that are whitelisted or those who have responded to the challenge message.) Usually the Forward list is just the one email address for the inbox that you read. Example: you have an info@... mailbox for which you set up BT. You enable BT's forward list to forward (hopefully) non-spam messages to your own mailbox. (But because info@ is a real mailbox, you need to make sure some mechanism is present to empty it: consider a Cron job or custom script-- there is no server-side mechanism to delete old mail messages automatically.)
    • White List - The WhiteList is a list of email addresses (or permitted keywords in Subject lines etc.) that you want BoxTrapper to permit incoming mail to be conveyed to your inbox immediately.
      The WhiteList is populated via:
      • you, the owner, manually typing (or pasting) in your address book or inidividual entries;
      • if you use our outgoing SMTP mailserver, then the TO address(es) in any email you send out are recorded in the WhiteList as "friendly" (you can go back and delete any mistakes or changes of heart!);
      • The WhiteList is also populated from senders who REPLY to the Challenge message sent.

        To prime your whitelist with your existing Outlook Contacts (address book):
    • Outlook> File> Import&Export> Export to a file> Comma Separated Values (either)>  [select CONTACTS]
      To easily convert from CSV to text-one-per-line, open the CSV file with Excel, and then just copy the column of cells.

    Some common subject entries for incoming orders are (comments in parentheses)

    • (PayPal order) Notification of payment received
    • (Agora shopping cart order) Agora.cgi Order


    And a reminder to use the backslash \ escape (quoting) character directly prior to any punctuation character (any non-alphabetic or non-numeric, space is okay)

    If a subject rule succeeds and an email message is released to the recipient, then no "from" address is automatically whitelisted.

    • Black List - When an email comes in from this set of email addresses or keyword matches, a reply message is sent (similar to the Challenge message) with an opportunity to REPLY to answer the challenge. The incoming email message is not conveyed to your inbox(unless the sender REPLIES). The message is kept in the Review Queue area for "15" days.
      Recommended Examples: (tbs)
    • Ignore List - Similar to BlackList (the incoming email message is not conveyed to your inbox) - when an email comes in from this set of email addresses or keyword matches, no reply message is sent. The message is kept in the Review Queue area for "15" days.
      Recommended Examples: subject Viagra

    Note: all whitelist/blacklist/ignore pattern matching is case insensitive (i.e., upper/lower case does not matter)

  • Review Log - This is a very detailed list of every incoming email "event" that has happened in the recent past, and how Boxtrapper handled it. Viewing this list is helpful if you're curious how/when a particular message was categorized or handled. Below are examples of lines in the log file for particular situations for incoming email messages and how they were handled.

    Review Log entry What it means
    Email matches rule "subject \*\*\* REQUEST FOR QUOTE 
    WebForm Response" Line 3 in whitelist
    The incoming email had a subject line that matched a rule that exists in the whitelist.
    Note that whitelist rules must have the \ escape quote character for any punctuation that is in the real subject line (in this case: *** )
    Email matches rule "from kevin\@domain\.com" Line 46 in whitelist The person sending the email was already in the whitelist
    Delivering message to queue and asking for verification joe@domain.com The person sending the email was not in the whitelist so a verification message was sent to them asking them to reply
    Releasing queue for joe@domain.com They replied and the original message was released to the recipient's inbox
    Auto-Whitelisting joe@domain.com Since Joe replied, he'll be added to the whitelist so in the future his email will pass right through to the inbox
  • Review Queue - This displays the messages that are pending a challenge response (i.e., the sender has not REPLY'd yet). We suggest that you keep a link (shortcut icon) to your Cpanel BoxTrapper area on your desktop so you can weekly browse your collected spam messages for messages that you really wanted to receive. If you see a message in this list that you want, you check it and click on SUBMIT which immediately release the message to be sent to your own inbox and it simultaneously puts the email address in your WhiteList. You can create a shortcut icon on your desktop by dragging to your desktop the little emblem just to the left of the web address URL near the top of your browser window. Then in the future when you click on that desktop shortcut, your browser will open to the boxtrapper page (perhaps you may need to enter your account username/password).

Possible mis-categorizations of email messages, and what to do:

  • An important email was sent from someone not yet on your WhiteList, and the sender (for whatever reason) does not reply to answer the challenge message. You can view your "Queue" of messages held back by BoxTrapper and manually release (and add to whitelist) or delete them.
  • A spam email made it through to your inbox, due to an answered challenge reply - (we want to know about these, please forward them to us) You can include additional keywords in your Blacklist
  • A spam (or virus) email made it through to your inbox, due to a forged FROM (sender's) address that was on your WhiteList - This is likely a virus that had "collected" the sender's email address from an address list (beware: always use BCC when sending to more than 2 or 3 people, even if they're all close friends)
  • If you have a WEB FORM that sends email to your account, beware that, depending on how you have your web form set up, BoxTrapper will challenge the email. The question is whom will it challenge? There are two cases:
    • If your web form is set up to appear to come from your customer who filled in their own email on your web form, then there will be a challenge message to that customer's email. They(your customer, the creator of the web form inquiry) may not recognize (1) the email address (your email)that the web form is finally filtered down to, or (2) that their having filled out a web form technically/proceedurally results in an email having been sent to you. Our recommendation is to re-label the web form input text field name (so it still comes thru, e.g. misspell it to distinguish it from the commonly used label of "email"), but the formmail utility you use will mark it as coming from the sherwoodhosting.com server. (but see below)
    • If your web form is set up to essentially come from "no one" then the challenge will end up somewhere in our server: unread and un-responded-to.  A solution is to fill out a test trial of your web form, then go into the BoxTrapper Queue and whitelist the resulting test message, and hopefully (depending on your formmail software) all the subsequent web form inquiries will be whitelisted because the email FROM address will be the same.
    • The better solution is to insert a whitelist rule that has your exact subject line entered.

For those who are computer-savvy/comfortable:

You can modify several aspects of the BoxTrapper mechanism (for sorting/editing capabilities that are not available within the normal BoxTrapper web interface) by going into FTP, sorting queue and log files by date and doing a mass-delete, or editing the white list to sort it in alphabetical order, etc. Do so at your own risk.

Boxtrapper files are located in the directory:  /etc/domain.com/emailusername/.boxtrapper/

For instance, to alphabetize your whitelist (by email address username, ascending order),

  1. FTP or Cpanel>FileManager download your file from
    /etc/yourdomain.com/emailusername/.boxtrapper/white-list.txt
    to your own PC (desktop, for instance)

    Note: periods are important in the directory path above
  2. OpenWith the white-list.txt file with Microsoft Excel (for example)
  3. Data> Sort based on Column A, Ascending
  4. Save the file as simple text .txt
  5. Safety tip: rename the existing white-list.txt file to a duplicate file name, such as white-list-old.txt. (Just in case you need it some day)
  6. Upload the file back to its proper location.

It's sometimes useful to have your whitelist alphabetized:

  1. review it for thoroughness or other bookkeeping
  2. when away from your home computer, it serves as a sort of address book to retrieve almost any email address you've ever dealt with.

Examples of Challenge (Verification) Messages:

I apologize for this automatic reply to your email.

To control spam, I now allow incoming messages only from senders I have approved beforehand.

If you would like to be added to my list of approved senders, please fill out the short request form (see link below). Once I approve you, I will receive your original message in my inbox. You do not need to resend your message. I apologize for this one-time inconvenience.