E-Mail filter

E-Mail filter

Our central spam- and securityfilter focusses on the classification of unwanted advertising mails (spam) and rejection of potentially malicious mails which can contain viruses, trojans or phishing attempts in order so secure your DESY account and our DESY network.

Frequently asked questions about this topic:

How do I create a filter?

Log in to the Zimbra web client with your account data.
Now create a new folder by clicking on the small arrow next to "New Mail" in the upper left part of the window and then select "Folder" from the drop-down menu. In the window that appears, enter the name of the future folder and where it should be created.

Next we need to create the filter that will forward our mails to the created folder.

1. We select the "Preferences" tab and click on "Filters"
2. Create a new filter with "Create Filter"
3. Now you should see a window similar to the one shown below this text section
4. Name the filter under "Filter Name" and enter "X-IT-News" for the header
5. Next, select Contains and paste the domain to be highlighted
6. Under "Perform the following actions:" in the selection box click on "Move to folder" and select the folder we want to move the message to

 

Flter settings for an automated filter for important IT news.

Automatic tagging (by header)

What is a Mail Tag? With a mail tag you can mark your mails. If you have tagged your mails with an "external" tag, you can search for them and all corresponding mails will be displayed.

How do I create these filters for tags? To create a filter that tags external mails, we need to consider the following points:

1. We select the "Preferences" tab
2. Now we see the areas in our settings. Please select "Filter" here
3. Click on "Create Filter"
4. Now you should see a window similar to the picture below this text section
5. Name the filter here "Filter Name", select "Header Named" instead of "Subject" and enter

X-desy-gw-Envelope-From


6. Next, select "exists" 
7. Remove the checkmark for "Do not process additional filters" and select the action "Tag with" instead of "keep in Inbox"
8. Now click on "Browse..." and create a new tag with the name "External"
9. Important! After the filter is created, the filter should be at the top of the list of active filters



 

 

Filter settings for an automated filter for external mails

How do I send data? (as secure as possible)

To share files we recommend using the cloud service provided by Desy. How exactly this cloud service can be used is described under this link.

A mail was blocked - What can I do?

If an e-mail to you has been marked as potentially harmful and blocked from our filtersystem you will be notified by e-mail. Now you have to possibility to request a release of that specific e-mail. In order to do that just click on the appropriate link in the notification mail. This link will generate a new e-mail which you need to send without making any changes to it. If the link fails for some reason you may also reply to the notification mail without changing the subject and put release@desy.de into CC.
This release will be possible for 90 days. If you don't request it within this timeframe the mail will be deleted irrecoverable.

Besides you, the DESY mailmaster team will be notified as well, whenever any e-mail gets blocked. The external sender, however will not be notified.


Beside all incoming mails, all mails sent from DESY will also be scanned before they are actually delivered.
If an e-mail has been blocked in this case you, as the author, (as well as the DESY mailmaster team) will be notified by e-mail. The recipient will not be notified about it.

Alternative methods to share and receive files

Due to possibly occuring problems and certain security risks while sending attachments via mails we recommend to share files, especially big ones, with our FTP server or with our DESY cloud.
These can be configured according your needs. You can upload files in order to share with others, like colleagues at DESY or non-DESY colleagues, and vice versa.

Preface

All incoming and outgoing e-mails are redirected to our central spam- and malwarefilter in order to analyze them.

Filtering of mails upon viruses, potentially malicious content and spam take place due to a resolution of our DESY computer security council.

It is common to use the term spam in the internet as a synonym for unwanted, like commercial, mails. As a opposite all wanted mails are called ham. We are going to use both terms in the following sections. More detailed description about spam can be found on these websites:
'What is spam?' on SpamAssasin
About spam on Wikipedia

Due to continious evolution of spam- and phishing mails there is no guarantee that we can filter one-hundred percent of these mail successfully.
Thats why we recommend to be careful if you receive unexpected mails with unknown origin. Well-considered actions are also necessary if you receive attachments or links in such mails. In case you receive a mail where you are requested to type in your login credentials or redirected to such a wegpage under a certain pretence (what we usually would never send), please dont bother to contact the UCO in order to verify if it is an official DESY mail or not.

Filtercriterias

Our e-mail filter blocks all incoming and outgoing e-mails which contain viruses or other potentially malicious content.

If a e-mail was blocked the sender or recipient will get an automatic notification about it depending on the cause for the block.

  • If you get a mail to your DESY address from a third party which was blocked, you and our D4 departement will get a notification about that. The sender won't receive anything.
  • In case you send a mail from DESY with your mailaddress which was blocked from our filter you and our D4 departement will be notified about it. The initial recipient will not get any information about this failed delivery attempt.

Problematic content

Problematic content can consist of various attachments, e.g. ActiveX components of office documents, java-class-files (.jar, .class), javascrip-files (.js) or linux-/unix-binaries. Such attachments are also detected from our scanner if they are in a archive-files like .zip or .rar.

Other executable or as corrupt classified archive-files are also marked from our scanner as problematic content.

Following you can find some of the most common file-ending which are also blocked from our scanner:

  • .com
  • .bat
  • .cmd
  • .scr
  • .dll
  • .exe
  • .cpl
  • .lnk
  • .pif
  • .pi

Passwordprotected attachments

As a try to trick and avoid centralized virusscans of mails some sender attach passwordprotected archives. Such files can not be classified from our central filter and due to this they will be blocked automatically, to avoid any possible security risks.

In case such mails have been send from a attacker with criminal intention, the sender tries to persuade the recipient of the mail to open and extract the protected attachment, which may contain malware. Furthermore they try to raise the authenticity of the mail with the usage of known mailadresses, which can be faked or have been obtained in previous attacks from addressbooks. Such methods try to lower the suspicousness of the recipent in order to install malware on the machine where the attachment has been opened.

Thats why you should be generally sceptical if you receive password protected and excrypted attachments, like archives, especially if you dont expect them!
As a sidenote: If these mails should really contain sensible and confidential information it is definitely not a good choice to send them by mail if the password has been told in the mail itself as well.

SPAM - unwanted advertising mails

Spam mails are e-mails which are not wanted and have been automatically send to millions, usually in connection with massadvertising and suspicious background, as a try to get access to specific information or to spread malware.

Since 2003 all mails, which were send to your UEM - name.surname@desy.de - are automatically scanned wheather they include spam-characteristica or actually are spam. All mails will be rated with points and if a mail reaches five points it will be classified as spam. The system will automatically add the prefix tag '[SPAM]' to the subject of the mail. This tag will help you recongize spam-mails more faster.

Due to the continious evolution of spammails it is not possible to guarantee that all mails are correctly filtered and classified. It is possible that some spam-mails still reach your DESY inbox. If this is the case please let us know. Forward the spam-mail to abuse@desy.de, so we can update our database.

Wrongly as SPAM marked E-Mails

In case e-mails are wrongly marked as SPAM, please also forward them - with a corresponding hint - as attachment to the   mailmaster team.

Outlook: Forward spam as attachment

ZImbra Web-Client: Forward spam as attachment

Thunderbird: Forwarding spam as attachment