January 19th, 2010
New Spam Filtering System
Ready for a spam blocking upgrade? I’m happy to announce that PEAK will soon be upgrading to the Red Condor Spam Filtering service starting in February. Red Condor offers a set of different features and a sleek new interface that should make navigating your spam console easier.
Red Condor is a next generation email security system that eliminates unwanted email without the need to continuously monitor and adjust spam filters. With no intervention from you, your spam problem simply disappears.
Red Condor also offers better filtering abilities than the current Barracuda system and will provide capacity for the ever-increasing proliferation of spam. This investment in upgraded services is the latest effort from PEAK to provide premium email service to customers, so accordingly look for this effort to continue (remember: new email system coming soon).
The battle against unsolicited and malicious email (spam) is a constant and ongoing part of providing email service to customers. This is a tough fight, with over a million messages delivered each day to PEAK domains. Around 90% of those messages are spam (you may notice them being blocked by the Barracuda Spam Filter). This figure drives the PEAK engineering team to stay vigilant, constantly monitoring the email platform and making upgrades as necessary. This is a timely upgrade and I’m certain you will all enjoy the improvements that Red Condor offers.
The Red Condor system provides a familiar interface to most email clients, the difference being that Red Condor contains messages caught by the filter and not delivered to your PEAK mailbox. To view blocked messages, delete, or release messages you simply need to log in to your Personal Dashboard with your PEAK credentials. From there you may navigate and configure your settings.
Here are some resources provided by Red Condor that will help you learn the new system (note: these links will navigate you away from PEAK’s blog site).
Flash Video:
Personal Dashboard – (3 minutes, 5 seconds) (recommended for Broadband users)
Spam Digest – (1 minute, 8 seconds) (recommended for Broadband users)
Manuals:
Personal Dashboard User Guide (online) (recommended for Dial-Up users)
Personal Dashboard User Guide (pdf)
Personal Dashboard FAQ (online) (recommended for Dial-Up users)
Personal Dashboard FAQ (pdf)
Remember the transition to Red Condor will begin in February. You will notice a different set of “Spam Digest” emails from Red Condor when your email account has been migrated.
M. Laport
Comments
While I appreciate PEAK’s ongoing efforts to help us fight the spammers, and suspect this will be an improvement over Barracuda, I’d like to see how the daily digest will look to those of us who choose to read our email in text only. Lots of HTML mail is completely unreadable to me because its creators don’t bother providing a plain text alternative.
Pat Kight
January 25th, 2010
Okay, this new spam blocker is already making emails I want to completely vanish. here we go again. Ticks me off I’ll tell. How can I recover these emails????
I am going to turn this new one off like I did with the baracuda.
Christine
January 27th, 2010
Hello Pat,
I can certainly understand your point of contention here. This is a sample of what it looks like with text:
TD class=’SIZE’>1KB
TD class=’COUNTRY’>TW
TD class=’SENDER’>Mr. User aLastname
TD class=’MAILBOX’><name_alastname@email.com;
TD class=’SUBJECT’> Email msg
TR class=’RZONE1′>
TD class=’VIEW’>
=’redcondor1.peak.org/console/digest/view.action?token=dmFueWVsQHJkcm9wLmNvbQAAASb_IJHzldfTorjXVtLyw3b6duqvAvke8GU&dbid=e8dac926-1ec8-47e6-b410-31008b345fb7&
+1′View
TD class=’CATEGORY’
…for a lot of pages worth…
The best option would be to create your account on the Red Condor. When you your get the digest email, queue up the Personal Dashboard in a web browser. Then set the time window back so it includes the last day, and work from there.
This does require starting a web browser and I suspect that you may run text based browsers as well, so it still may not work out. However, the main saving grace is that the Red Condor does a credible job at sorting the good from the bad email.
admin
January 27th, 2010
Christine,
Sorry you have been having issues with the spam blocking system. However, currently the Barracuda is still in place. We will be moving to the Red Condor service in February. If you can, hold a few more days and you will get to evaluate the new system. My guess is that it will help.
If not, give us a call. There is usually logical reason why emails are getting blocked when they shouldn’t be and we can help find out why.
thanks!
Tim Mattson
January 27th, 2010
Some quirks with the Red Condor spam filter:
1. The Red Condor does not play well with text mail clients and web browsers. It’s heavily javascripted and requires web browsers that support it. The email messages are HTML’d and while they can be set to text mode (from a gui browser), that consists basically of a very long link to the web interface that would need to be cut/pasted — you wouldn’t want to type it!
2. Before users can login directly to the RC, you have to go to http://redcondor1.peak.org/console/ and click on the “Signup” link. This asks for an initial password (twice), then sends a confirmation message.
3. When users get a quarantine message, then click on the Personal Dashboard link, the default view is for “messages quarantined today” whereas the email message will have “messages quarantined yesterday”. You have to click on the Time Range button to get the slider control that allows changing that.
4. When you “Release” a message, it will prompt you as to whether or not you want to tell Red Condor they goofed and whether or not you want to whitelist the sender (”modify friends list”).
5. You can’t adjust the sensitivity, only adjust how the different categories are handled (this is done in the Policies tab):
Green (Junk): “legitimate” business/newsletter/mail list etc
Yellow (Suspicious): blank, forged, foreign, attachments
Red (Dangerous): everything else that doesn’t look good
It’s pretty flexible on how you deal with the various types (for example, you can handle messages in specific languages differently), but you can’t adjust *how* it categorizes messages.
6. If you tell it to send a periodic digest, it *will* send you a digest. You can tell it to limit the zones it reports, but all that does is change it so it gives you a count instead of listing them out.
7. All domains were switched to the Red Condor at once by changing the dns for barracuda.peak.org to point to the Red Condor systems. An unfortunate side effect of this was that the links in the Barracuda spam digests that went out today (and previously) go to the Red Condor instead of the Barracuda. There are two aspects to this:
A. To get to the Barracuda, edit the url to barracuda1.peak.org instead of barracuda.peak.org. The Barracudas have been reconfigured to use that in the links in the messages sent out from now on.
B. The Barracuda redirects users to http://barracuda.peak.org/login This url does *not* have the signup link. Only /console has the link (e.g. http://barracuda.peak.org/console/ or http://redcondor1.peak.org/console/)
8. We are still working an issue to get SSL working on the Red Condor; at the moment, if you go to https://redcondor1.peak.org, you will get an untrusted certificate error, then after you connect, it will redirect you to the non SSL url anyhow. This should be fixed in the next couple of days.
–Alan Batie, Senior System Administrator, Peak Internet
Alan Batie
February 2nd, 2010
An additional tip, on handling spam the leaks past the spam filter:
If the spam filter misses something, you can forward the message to spam@peak.org, which will forward to our spam filter vendor for their review. It is, however, possible for spammers to bypass the spam filter by ignoring DNS and sending directly to the mail servers. We can’t fix that without requiring all of our users to reconfigure their mail programs, but fortunately, it is a very small fraction of the problem.
You can tell if this is happening by selecting View/Headers/All in Thunderbird (in Outlook, open the message in its own window, then View/Options and look in the “Internet Headers” box) and see if any of the Received headers say “by redcondor”, e.g. something that looks like this:
Received: from lists.arin.net ([199.212.0.107])
by redcondor1.peak.org ({e03e86cd-14ae-47ce-9578-3c080ce9c462})
via TCP (inbound) with ESMTP id 20100203172939867;
Wed, 03 Feb 2010 17:29:39 +0000
If you do not see something like that, then the spam filter never got a chance to block the message, and forwarding the message is likely redundant.
–Alan Batie, Senior System Administrator, Peak Internet
Alan Batie
February 3rd, 2010
I suspect I have Red Condor turned off as it’s not filtering any incoming email (I had Barracuda turned off so I hope that you continued with that default, not that it’s completely ineffectual). But now I see it blocked one of my outgoing emails – which makes no sense at all. I released it but it’s disturbing that it happened at all…
Nick
February 9th, 2010
Alan – Is it possible to filter PEAK Mailman lists *out* of the Red Condor system? Daily spam digests are being sent to each of my PEAK email lists; they don’t get through because the lists are all subscriber-only, but they bounce to me as list admin. It makes no sense to run Red Condor on mailing lists – if they’re open lists, then every reader will get the daily spam digest message, and if they’re closed lists, that alone suffices to keep the spam out.
I’ve gone to the RC console for my own mail account and set things up to my preference (ie, text-only announcements), but that doesn’t affect my maillist.peak.org lists.
Pat Kight
February 9th, 2010
So far, once I figured out I needed a new username and password, I am liking Red Condor. Only two quarantined messages in 8 days were ones I wanted to receive. All the other quarantined messages were appropriately quarantined. And none of the messages that I received should have been sent to quarantine. That’s far better than Barracuda had been doing.
Art
Art Bervin
February 9th, 2010
We actually did that yesterday; we’re also working on merging aliases properly (a feature the Barracuda hasn’t had in the past), as the Red Condor daily digests are significantly more frequent than the Barracuda digests (as you’ve noticed).
The Red Condor quarantines a lot of messages the Barracuda outright blocked, giving you a better chance to catch and release false positives, at the expense of having to review a lot more. For those with a number of email addresses, that’s a real problem, but when we get all the addresses merged, it’s just a single digest to review.
–Alan Batie, Senior System Administrator, Peak Internet
Alan Batie
February 9th, 2010
Thanks note Art,
We had a thorough evaluation of system before we actually made a decision to move forward. We noticed a better filter presence and much better capacity for mail transfer. Did you find the materials (manual and video) provided by Red Condor easy enough learn the system?
Michael
Michael Laport
February 9th, 2010
Thanks, Alan. I look forward to no longer receiving the spam digests in my daily Mailman admin posts. (-:
Pat Kight
February 9th, 2010
Thanks for the note Nick,
The Red Condor is most likely filtering your service unless you have specifically asked for it to be removed from your account. If you have been able to log into your admin panel, than you are most likely getting your mail filtered. I apologize if it has affected your outgoing mail, we can help you with your mail being blocked by providing some input on how to create messages. Otherwise you are free to not use the Red Condor.
Thanks,
m. laport
Michael Laport
February 10th, 2010