Pacific Internet - Ukiah, California

CanIt FAQ

Accessing CanIt

How can I see what spam is quarantined, or change my settings?

Visit https://antispam.roaringpenguin.com/canit/. Log in with your email address and password. Example: joeuser@pacific.net.

I have my own domain name hosted by Pacific Internet. How do I log in?

If you have real domain mail, use your email address (e.g., joeuser@example.com) and password. If you are still stuck with pseudo-domain mail, your domain's mail administrator needs to create a user for you. If you're not sure what address to use, please contact technical support, and we'll be glad to help you.

Turning Filtering On or Off

What if I don't want spam filtering? How do I turn this off?

Easy! Just sign in and follow these steps (and heed these warnings):

  1. Towards the top of your screen, click Preferences.
  2. On the left, click on Opt In/Out.
  3. Click the button that says Click to opt OUT of spam-scanning.

I've changed my mind! How do I opt back in?

Also easy! Just sign in and follow these steps:

  1. Towards the top of your screen, click Preferences.
  2. On the left, click on Opt In/Out.
  3. Click the button that says Click to opt IN to spam-scanning.

What happens if I opt–out of spam filtering?

In short, you'll simply receive all of your mail—spam included. Many people don't realize just how much spam they don't see and quickly decide to opt back in.

There is a special case for customers who have their mail relayed to other domains. This is an official warning from the Postmaster. We quote:

If you get the IP address of my server blacklisted because of all the spam you make it relay, you will be opted back in and the option to opt out will be removed. When the IP of our mail relay gets blacklisted, it affects everybody who uses the service, not just you.

Working with Quarantined Messages

A message that I want got quarantined. How do I release it?

For each message, the Status column, all the way to the right, has a pop-up menu that is set by default to "Do nothing". On this menu, you will find listed all possible actions. To deliver a message, simply:

  1. Click on the "Do nothing" menu and change it to "Accept Message"
  2. Do this for any other messages that you wish to deliver.
  3. Click the Submit Changes button. You'll find one at both the top and bottom of the message list.
  4. That's it! Your message will arrive in your inbox in a few minutes.

How long will messages be available in the quarantine? Do they expire?

Messages will stay in the quarantine for up to 21 days before they expire and are automatically deleted.

Do I have to delete all that spam?

No! You can leave it there, and it will expire after 21 days.

Help! I accidentally rejected a message that I meant to accept! What do I do?

There is no reliable way to guarantee that a rejected message can be retrieved, but there is a chance if you act quickly enough. You must act immediately, as rejected messages are removed very shortly after you discard them. The window of time for retrieval is small (often seconds) and unpredictable. Here is what to do:

  1. Across the top of the screen, click Quarantine.
  2. On the left side of the screen, click Spam.
  3. In the Status column of the message you wish to retrieve, select "Reset as Pending"
  4. Click Submit Changes.
  5. On the left side of the screen, click Pending.
  6. In the message's Status column, select "Accept message"
  7. Click Submit Changes. If successful, the message will arrive in your inbox within a few minutes. If unsuccessful, you will have to ask the sender to re-send the message to you.

Checking the quarantine regularly is such a pain.

We know. Consider notifications.

Whitelisting (Approving) Senders and Domains

How can I whitelist (approve) an address so that it never gets quarantined?

This is easy. If the message in question is quarantined, simply:

  1. Click the Status menu for the message (where it says "No Change" and set this to "Whitelist Sender"
  2. Click Submit Changes. The message will arrive in your inbox within a few minutes, and the sender will be whitelisted.

To proactively or manually whitelist:

  1. Click Rules at the top of the page.
  2. Choose Senders or Domains, as appropriate.
  3. In the field for Enter a specific Sender's e–mail address or Enter a specific Domain, enter the e–mail address or domain, as appropriate.
  4. Click Add Rule.
  5. For the Action, select Always Allow
  6. Click Submit Changes.

Is there any limit to the number of addresses I can whitelist?

No! There is no limit to the number of senders you can whitelist!

I made a mistake. How do I remove a whitelist entry?

CanIt divides the entries into two categories. There are Senders (which are exact addresses like joeuser@gmail.com) and Domains (which are entire organizations like amazon.com). Bearing this distinction in mind for Step 2, here is what to do:

  1. Click on Rules at the top of the CanIt screen
  2. On the left side of the screen, click on either Senders or Domains, as appropriate.
  3. Click the Action menu for the entry you wish to modify (which should currently read "Always Allow") and change this to "Delete from Table"
  4. Do the same for any other entries you wish to remove. If you've made a mistake and wish to start over, click the Reset button.
  5. Click Submit Changes to save your changes.

I whitelisted my own domain, but a message still got quarantined. Why?

Unfortunately, CanIt does not allow you to whitelist your own domain, although you can whitelist anybody else's domain. That's right—anybody's domain but yours, even though it's the only one you have any modicum of control over. They really want to protect you from people spoofing your domain, while allowing you to ignore potential spoofing of every other domain. Worse, the RulesDomains section allows you to create a whitelisting rule for your own domain, without complaint, warning, or error. The rule is silently ignored, unless you happen to read the logs or spam analysis report for a message, in which case you will see a line to the effect of ignoring whitelist.

The best workaround at this point is to just whitelist every address within your domain and try to keep that list up–to–date. We know, it doesn't make sense to be able to whitelist every single address in your own domain which creates essentially the same effect as whitelisting your own domain, with the added inconvenience of having to maintain a static list, but that's just the way it is. We filed a bug report / feature request about this and here is the response we got:

We don't plan on changing the policy; here's why. Let's think like a spammer.

"With SMTP, I can fake my email address. Cool! Now, I'd like to pick one that's likely to be whitelisted. Hmmmm... which domain is most likely to be in a recipient's whitelist (and probably not big enough to be protected by mechanisms such as SPF and DKIM)?"

In our experience, spammers faking recipient domains is extremely common---common enough to have a serious impact on the amount of spam delivered.

There is an escape hatch for those customers who are determined not to take our advice: Go to Rules : Compound Rules and make a rule that says:

IF Domain of Header From Is domain-to-whitelist.com
THEN ADD -1000 points

That knocks off a huge number of points for senders from the domain you want to allow, essentially achieving the whitelist.

We don't plan on making it easier to do because back in the old days when we *did* allow self-whitelists, we were inundated with support calls from people wondering why so much spam was getting through.

Blacklisting (Blocking) Senders and Domains

WARNING: The use of blacklisting is generally futile and a waste of your time.

A random spammer will practically never send from the same address twice. There are very few scenarios where blacklisting is actually effective and tends to cause more problems than anything else. Almost weekly we get complaints about the spam filter rejecting messages from friends and it's because the user logs into their quarantine and just blacklists everything they see. Inevitably, an entire domain like gmail.com, yahoo.com, or outlook.com wind up in that blacklist and their friend who uses gmail suddenly can't send. We do not blacklist or whitelist anybody as company policy—erroneous blacklisting rules were made by you. We will help you identify and fix them, however. See how to undo blacklisting below.

Is there any limit to the number of addresses I can blacklist or hold for approval?

No! There is no limit to the number of senders you can blacklist or hold for approval!

Before I blacklist someone, what should I know about blacklisting in CanIt?

In CanIt, if you blacklist a sender, you won't even know they've tried to email you because you won't see the message, and there is also the possibility that the sender MIGHT receive a bounce message, depending on how their server is configured. If you wouldn't want to risk offending them, you won't want to blacklist them.

Another thing to consider is that, since you won't be able to review the messages that blacklisted users send you, if there is ANY chance the sender might occasionally send you a message you might want (for example, a friend or relative who forwards you lots of unwanted jokes, but who also sends you serious email as well), you won't want to blacklist them. There is another way to deal with that situation. See the question "I don't want the sender to know they've been blocked" further down, for details.

I don't care if the sender knows they're blacklisted, and I never want to see any of their messages. How do I blacklist them?

If the message in question is quarantined, simply:

  1. Click the Status menu for the message (where it says "No Change" and set this to "Blacklist Sender"
  2. Click Submit Changes. You will no longer receive any emails from that address, or be aware of any attempts to email you.  
    If the message in question is not quarantined, but you wish to blacklist an address in advance, simply:
  3. Click the "Always accept mail from" menu at the top of the CanIt Home screen, and change it to "Always reject mail from"
  4. In the box next to that menu, type either the full email address (ie. joeuser@gmail.com) or domain name (ie. foodnetwork.com)
  5. Click the Add button to add the entry.

I don't want the sender to know they've been blocked, or I want to be able to review what they send me, in case they send me something I want once in a while. What do I do?

For this situation, CanIt allows you to create an "Always Hold for Approval" rule. This type of rule will cause all mail from the specified sender or domain to be quarantined, and the sender will not receive any notification that this has been done. You will also have the ability to selectively deliver any messages from the sender that you do want, without having to receive all of them.

CanIt divides rules into two categories. There are Senders (which are exact addresses like joeuser@gmail.com) and Domains (which are entire organizations like amazon.com). Bearing this distinction in mind for Step 2, here is what to do:

  1. At the top of the CanIt screen, click on Rules.
  2. On the left side of the screen, click on either Senders or Domains, as appropriate.
  3. If you are blocking a sender, in the box next to "Enter a specific Sender's e-mail address" type the sender's email address. (For domains, this box will read "Enter a specific domain" and you should enter a full domain)
  4. Click the "Add Rule" button.
  5. Click the "Action" pop-up menu, which currently reads "No Change", and set this to "Always Hold for Approval"
  6. Click the "Submit Changes" button to add the entry.
     

From now on, any messages from that sender will be quarantined in CanIt. You will be able to review the messages, and selectively deliver any individual messages you want to your inbox, while you leave the rest to expire. Just choose "Accept Message", and click "Submit Changes" and the selected messages will be on their way to your inbox in a few minutes.

I made a mistake. How do I remove a blacklist or hold entry?

CanIt divides the entries into two categories. There are Senders (which are exact addresses like joeuser@gmail.com) and Domains (which are entire organizations like amazon.com). Bearing this distinction in mind for Step 2, here is what to do:

  1. Click on Rules at the top of the CanIt screen
  2. On the left side of the screen, click on either Senders or Domains, as appropriate.
  3. Click the Action menu for the entry you wish to modify (which should currently read either "Always Reject" or "Always Hold for Approval") and change this to "Delete from Table"
  4. Do the same for any other entries you wish to remove. If you've made a mistake and wish to start over, click the Reset button.
  5. Click Submit Changes to save your changes.

Virus Filtering

Does CanIt scan incoming emails for viruses?

Yes.

What happens if a message contains a virus?

For your protection, messages that CanIt identifies as containing known viruses are deleted.

If CanIt protects my email from viruses, do I still need anti-virus software for my computer?

Yes. Viruses can and do infect your computer through other means besides email, and CanIt will not protect against this. Therefore, virus protection software is still important to maintain.

Other Spam Filtering Questions

Can I adjust the overall strength of the filter?

Yes. Before doing so, it is important to have a basic understanding of how the filter works. The more spam-like characteristics a message has, the more points it receives, added in small increments. Your spam filter has a setting called the "Spam Threshold". Messages that score above the threshold are considered possible spam. After careful research, CanIt's developer has determined that a threshold of 5 is the most effective default setting.

Any adjustments should be in SMALL increments, such as two-tenths (0.2) of a point, as small adjustments can have a BIG impact. For example, if you find that the filter is too strong, try raising the threshold to 5.2. If you find it is not quarantining enough spam, try a slightly lower threshold, such as 4.8. The rule of thumb is that big changes are NOT recommended, and that you should wait a day or so after making an adjustment to observe the effects before making another change.

To do this, do the following:

  1. Click on Preferences at the top of the CanIt screen.
  2. On the left, click on Quarantine Settings.
  3. Adjust the Spam Threshold setting as desired, then click Submit Changes to save the new setting.

After experimentation, if you should decide you wish to revert to default scoring, click the "Forget My Settings (Revert to Inherited Settings)" button, and click it a second time to confirm. (Wording changes to "Really forget settings? Click again if Yes")

Can I block foreign email?

Yes. Before you do, it is important to understand two things: First, CanIt will block based on the actual country of the sending server, not the country that the email address claims to be from.

Example: Let's say you choose to block Russia (RU). If a spammer sends spam from a faked address of spammer@yahoo.ru (which appears to be Russian at face value), but uses an American email server, the country block will not be a factor because the email originated from the US (even though other factors may still mean the spam is ultimately caught by CanIt).

However, if a spammer emails you from a Russian email server, the country block WILL be a factor (because the spam actually originated from Russia.)

Second, if you choose to block foreign email, be aware that it does not discriminate, and will block legitimate email from that country as well as spam.

Here is how to do it:

  1. Click on Rules across the top of the CanIt screen.
  2. On the left, click on Countries.
  3. In the Country column, either type the two-letter country code, or select the country you wish to block from the pop-up menu.
  4. In the Score box, type a number of points to add. A score of 5 should quarantine the messages. A very high score (such as 2000) should result in the message being deleted, though you should be aware that you will not have a chance to review such high-scoring spam, so choose the score carefully. It is best to start small, waiting a day or so observe the effects of any change you make.
  5. Click Submit Changes to save your changes.

I blocked the wrong country! How do I undo it?

  1. Click on Rules across the top of the CanIt screen.
  2. On the left, click on Countries.
  3. In the Delete column, check the box for the rule you wish to delete.
  4. Click Submit Changes, and click OK to confirm.

I do a lot of business with a particular foreign country. Can I make mail from that country LESS likely to be considered spam?

Yes! Just follow the steps as above in the question "Can I block foreign email?", but in Step 4, specify a NEGATIVE number. This will subtract points from a message's spam score. Be aware that this may mean that you get more spam from that country along with your legitimate email. You will need to experiment to find the negative score that provides the best balance for your situation. It is best to start small and wait a day or so to observe the effects of any change you make.

Notifications

I HATE checking my quarantine but it always catches good mail. Is there anything else I can do?

One severely underused feature of CanIt is the ability to set notification preferences. One of the biggest complaints we get about the filter is having to log in all the time and tediously search through the quarantine, looking for false positives. There is a better way. Under PreferencesNotification, you can control an automatically–generated notice of messages pending in your quarantine. It will be sent to your email address, so you don't have to log in all the time.

The best way to deal with regularly combing through large amounts of spam is to adjust the notification preferences. We won't deny, the overeager filter does tend to catch a lot of false positives. That can be unacceptable in a business setting, because you have no way to whitelist potential customers whose addresses you don't know beforehand, but you have to do something about the deluge of spam.

Of most interest will be Notification Times and Notification Days. You can select any of the days of the week and any combination of hours. For example, check M–F and "5am" to receive a notification every weekday morning reporting the messages sitting in quarantine. You could check "5am" and "2pm" to get notified twice a day. Times will be in CanIt's timezone, which is on Eastern time.

You'll also want to adjust the Basic Settings. The default setting for "Incidents to include in notifications" is "Only New Incidents since Previous Notification", which will cut down the number of messages to inspect per notification and avoid redundancy. What you should do is change "Maximum number of entries per notification message" to the max (1000), so you can see as much as possible. Lastly, playing with the value for "Do not include messages scoring above this threshold in notifications" will fine-tune the messages the notification actually reports. It is 10 by default, which is a reasonable value. Most false positives will be in the 5-10 range (5 is the minimum score to warrant quarantine). Anything higher than that stands a good chance of being spam, but really high spam scores can get up into the 50s+. To be liberal, you might raise it to 20 and lower it as you get comfortable with the reports, in order to decrease the volume of messages you need to inspect per notification.

Using the notifications effectively will cut down the amount of time you spend combing through a large quarantine and will also make sure you're informed automatically of low-scoring messages (i.e., potential false positives). Aside from whitelisting known friendlies, it is probably the best shot at dealing with unavoidable false positives.

Administrative Tasks

How do I create a user so somebody can check the quarantine of an alias?

First of all, if the user has a valid login within the realm of interest, you should consider whether aliasing or address–to–stream mapping is more appropriate. To create a user, log in as the administrator and go to AdministrationUsers. On that page, click Add New User. Make the User-ID and E-mail the same as the email address (user@example.com). Issue them a password. Leave the other settings as they are. Now the user will be able to log in normally using user@example.com with the password you gave them.

Can I change the default stream to view when I log in as an administrator?

Yes. First, change to the stream you want to view. Then go to PreferencesSet Default Stream. Click Set Default Stream.

How do I view different streams?

There are a number of ways to do this. The quickest is to Change Streams in the upper–right corner. After clicking Change Streams, type the stream name in the field, then click View This Stream. You can also partially type in the stream name and CanIt will autocomplete the field.

What is a "stream", anyway?

A stream is essentially the path messages take through the spam filter. Typically, streams are referenced by the name of the recipient's email address, but this is not a requirement. For instance, you can map multiple addresses to a single stream. This way, you can check the quarantine for a single stream and see messages that were sent to multiple addresses. This is useful when a single user receives mail for several addresses—e.g., all of sales@domain.tld, office@domain.tld, and mike@domain.tld are checked by one person, Mike. In CanIt, check out SetupAddress-to-Stream Mappings.

How can I set domain–wide rules?

You can log in to the administrative account and make whitelisting rules which will apply to your entire domain. When you first log in as the administrator you will be in the "default" stream (verify that by looking in the top right; it should say "Viewing stream domain-tld:default"). Then go to RulesSenders or Domains. That will save employees the time of creating these rules themselves and also ensure a smoother mail experience company–wide. It also completely prevents the problem of employees missing mail because they didn't make those rules themselves.

There is one caveat: you can't whitelist your own domain.

My realm is expired! What does that mean?

Absolutely nothing. Ignore it.

Apparently, this is an old, unused feature, deprecated within CanIt but not removed. Realm expirations were a way of reminding users to pay their bills. We provide the spam filtering as a complimentary service anyway, but regardless, when a realm expires, nothing happens and everything continues working normally. Sometimes when we provision a realm, it gets an expiration date, sometimes it doesn't. We have no way to remove (or even update!) the expirations on realms, so since they don't have any impact all you can do is ignore it. We have a feature request in with their developers to do something about this inconsistency.