READ ME v4.0

SpamX v4.0

IMPORTANT: Make sure the date is set correctly on your system BEFORE installing the demo - If the battery on your system has died and the date has reverted to the default epoch is then reset the demo will EXPIRE IMMEDIATELY! SpamX will tell you if this is happening so fix it first, OK?.

WARNING - This is NOT intended to be "politically correct", by any means:

Use your head when evaluating any new piece of software. We highly recommend running a final check using your email program on ALL of your email accounts BEFORE installing SpamX. There have been at least a FEW people who have allowed as many as FOUR THOUSAND emails to languish on their email servers before installing SpamX and then running the program on ALL of those emails! It should be no surprise that those same people have complained that some of those emails may have been falsely identified as spam and that it is a pain to sort them out of all the spam caught - Well, duh - In FOUR THOUSAND? - Who on Earth would think THAT might HAPPEN?! Although no one on this planet should have to ASK you to do this, please think before you act, act in a responsible manner and don't blame the software or complain to us or tell us we need to "fix it" if you happen to do something that no rational, thinking person should do. It is also a darned good idea to load your current email address list into the Friends file before running SpamX for the first time.

*** CHANGES/UPGRADES in v4.0 ***

1) FINALLY, SpamX has a setup helper [SetupWizard] to walk through the setup with you and make it easier!. There is a link on the homepage and it starts automatically the first time SpamX is run.

2) All spam checking modes now store the Unique Message Identifiers (UIDLs) the mailservers assign to messages. If you are one of those who leaves messages up on the mailserver, this new addition will keep SpamX from having to check and recheck the same messages over and over again in Scheduled or Manual modes and can also help in Proxy mode if there is an email client timeout condition with a large amount of mail on the server. Emails will be checked twice, then never again in Scheduled or Manual modes and are checked once only in Proxy mode. The improvement in performance is dramatic when there is a lot of mail on the server.

3) Numerous additions to de-obfuscating links [URLs] in the spam body have been added.

4) A few minor bug fixes.

*** CHANGES/UPGRADES in v3.0.2 ***

1) root.rwhois.net has been absent for too long after its brief revival - SpamX now has its own list of whois servers for most all domain names to determine the registrars of those to send reports to. If there is an error that reports root.rwhois.net as the server it only means that there is no currently listed whois server for that particular ccTLD and that we tried, in the absence of anything else available, to consult that rwhois server just in case it comes up again. We keep searching for whois servers for the few missing domains and will add them as they are discovered until we get them all. This is part of the rationale for the build number referenced in '3)'.

2) Several improvements to parsing out obscured domain names in both HTML and text spam bodies have been added. Just a note to the spammers: Don't you realize most of these will not even work when clicked on and/or pasted into the address bar of any browser so you're WASTING your time [and ours] - Oh well, they are going to get cleaned up and reported anyway so you lose!

3) A build number has been added to more finely track the version of SpamX you are running. We are tired of making new version numbers every time an update is made and released as that requires too much work for too little gain. The build identification is available in the Config application through the Help->Support file menu, File->About and Complaints->Account. Please include that in any correspondence regarding SpamX operation. The current version number is always displayed in the SpamX Control window but does NOT include the build number for lack of available space.

4) If there is an error in matching the number of spam files in the spams directory [folder] to the number in the Spams index file, the dialog box now indicates that the rebuild is recommended - just click 'Yes' and let it rebuild the index.

*** CHANGES/UPGRADES in v3.0.1 ***

1) Now determines and reports to registrars of all domains. Thanks to the folks over at the whois
server which will remain unnamed for getting it working again.

2) New drag-and-drop installer and updater for OS X. Fixes the problem with SpamX not running after
install with the old installer and generally makes life easier all around.

3) !!!OS X UPDATES ONLY!!! The Control.jar file is no longer needed and can be deleted after updating.

4) Locates and defaults to local DNS servers during initial setup to eliminate a huge source of
confusion. The local DNS servers are also included in the dropdown lists in Config and indicated with
"[local]" after the server IP address in the dropdown lists.

*** CHANGES/UPGRADES in v3.0 ***

*** CRITICAL ***
VERSIONS OF JAVA BELOW 1.4 ARE NO LONGER SUPPORTED!

This is due to critical updates in the JVM (Java Virtual Machine) that we could no longer ignore without significant impact on the usability of SpamX and means SpamX is no longer supported at all on versions of Mac OS below OS X and will not run on other systems without a JVM version 1.4 or higher.

SpamX has been tested on Mac OS X 10.2.8 and 10.4.x running Java 1.4.1 and up.

If you are running Windows, Linux or Solaris either download the SpamX installer that includes the Java Virtual Machine - NOTE: This loads a JVM that ONLY SpamX uses and resides in the SpamX folder
- or go to -
http://java.sun.com/javase/downloads/index.jsp and choose the download for Java Runtime Environment (JRE) 5.0 Update 7 to download and install a system-wide Java Virtual Machine for your system.

SpamX has been tested running Java 1.4 and 1.5 on Windows 98, 2000 and XP.

1) DNS lookups entirely rewritten to perform recursion. This became necessary due to the discovery of an exploit that allowed DNS Distributed Denial of Service attacks using DNS servers with recursion turned ON. As a result, most, if not all of the global DNS servers now have recursion turned OFF and we have to do it ourselves. SpamX is completely immune to the exploit as the SpamX DNS engine only works from within SpamX and cannot be accessed from the outside. If you don't know what recursion is, don't worry about it, it needed to be done as it broke earlier versions of SpamX having it turned off at the servers.

2) spams containing inline images which have now become the method of choice by spammers for avoiding content recognition spam filters - which SpamX is NOT [remember a long time ago when we SAID content recognition WILL NOT WORK!?] - can now be viewed using 'Normal' in the Check Spam window so the type of spam [drugs, software piracy, stock scams, etc.] can be more easily identified and reported correctly. This works in about 95% of the cases where spams contain inline images - spammers still mess up the images the other times and there's very little that can be done about that.

3) The inline images are now included in their entirety in the spam reports for all spams containing inline images. This way the people manning abuse desks can copy the spam portion of the spam report and import it into an email client to see the spam with the image.

4) SpamX now reports to the domain registrars of the spammer domains contained in the bodies of the spams. spammers have found it all too easy to simply 'hop' ISPs hosting their domains until they found one so irresponsible as not to act on spam reports [many of these are located in China, interestingly enough] so this is another means of cutting off spammers 'at the source'. If the domain registrars will TAKE RESPONSIBILITY, they can shut the domain off from hosting by ANY ISP - problem solved. No website to advertise and collect responses = NO spam. It also appears spammers have a habit of registering a LARGE number of domains all at the same time so it would make perfect sense that the registrar in question might pay attention to the fact they have been alerted to a spammer using them to register domains used in spam and revoke the registrations on ALL their domains. We'll see who the 'responsible' registrars are and which ones, out of sheer greed, are willing to sacrifice the health of the Internet for their own selfish purposes...

ADDENDUM: Due to an extremely recent development over which we have no control, this feature will not work for all top level domains. We're going to let the spammers try to figure out which particular ones this applies to while we furiously look for a way to correct it.

5) Many, many variants of domain 'hiding' in the bodies of the spams have been circumvented such that the domains will still be reported just about no matter WHAT the spammers do short of making the link totally unusable which would defeat the purpose of sending out the spam in the first place. They HAVE done that in a few cases which we find endlessly hysterical. We DO certainly feel all these attempts at hiding their advertised domains from spam reporting software says one thing very loudly - spam reporting HURTS spammers; keep doing it!

6) Abuse address lookups now use the faster DNS lookups at abuse.net instead of the older and slower whois method. This has resulted in a moderate performance improvement but finding the source, all the links and all the correct reporting addresses still takes some time even for a computer so remember, SpamX does what can be a considerable amount of manual effort in seconds and puts accurate spam reporting into the hands of everyone who chooses to help rid the Internet of spam.

7) NSLookup2 whois now automatically determines the responsible whois server for domain names and retrieves the whois data from the responsible whois server.

8) Many improvements in hiding your email address in possible encoded form or otherwise from the spammers who we know for a fact all too often receive copies of spam reports right from the ISPs.

9) Parse, Preview Report and Report spam automatically switch from Normal to Source view in the Check Spam email content window if in Normal [HTML] view.

10) Non-Mac OSX Systems: The installer looks for and asks the user to choose which Java Virtual Machine to use when it locates installed JVMs - Be sure to choose a JVM version 1.4 or higher or download the installer WITH the JVM [larger size] from the download page.

11) If there any problems with the SpamX launcher, it is now possible to doubleclick the Control.jar file in the SpamX folder to run SpamX without using the launcher. SpamX may identify itself as "Control" or "Java" in the Mac Menu Bar or the Windows task list but this has no effect on operation.

12) If defining DNS Servers other than those in the supplied dropdown lists, the Config application checks to make sure the entered servers are true DNS servers. The demo, therefore, now allows defining DNS Servers other that those in the supplied lists [too many people were putting in entries that were not DNS servers; hence, the limitation in earlier releases].

13) Uninstall instructions have been placed in an Uninstall folder in the SpamX folder with this version. There is nothing to uninstalling, really, as SpamX is entirely self-contained in the SpamX folder and makes no changes to the system environment. To uninstall, simply delete the SpamX folder.

14) Help in Config now detects the default browser.

*** CHANGES/UPGRADES in v2.1 ***

1) Deadlock conditions introduced by Java version 1.4+ have been corrected.

2) Updated installer to download the Java 1.4+ Java VMs on various platforms [Applies to those downloaded installers that INCLUDE a Java VM].

3) The Cache Cleanup dialog displays correctly running under Java 1.4+

*** CHANGES/UPGRADES in v2.0 ***

1) Proxy mode now works with Mozilla Thunderbird for most mailservers.
Since Thunderbird also runs on Windows this means Proxy Mode is finally available to Windows users! To set Proxy mode in Thunderbird, open Thunderbird Preferences, select Advanced, click the arrow by Offline and Connection Settings and click the Connection Settings... button.
Select Manual proxy configuration, enter either localhost or 127.0.0.1 in the SOCKS host field, set the Port to 21336, select SOCKS v4 and click OK.

2) Reporting is now threaded so the GUI is responsive and updates in real-time when sending reports. It is not yet advisable to both report spam and receive mail simultaneously as getting that to work is extremely complicated [it's blocked in Manual mode but Proxy mode will allow it to happen].

3) There's a Stop Reporting function for multiple reports just in case a mistake is made in the multiple selects.

4) There are new checkboxes for special reporting of drug/phishing/sw piracy spams and reporting multiple spams using the new checkboxes is now supported.

5) Fixes a bug in the list view when reporting using limiting in the CheckSpam list.

6) Boolean 'OR's are supported in the limiting field in CheckSpam in the form "xxxxx OR yyyyy" or "xxxx yyyy OR zzzz", the 'OR' MUST be in CAPS with a space on either side, the limiting terms are case-insensitive and it allows as many ORs as any sane individual might care to use. Check the Limits.txt file in the Limiting folder included in the install for an example of some limiting strings for various types of spams.

7) Is much better at removing multiple To and Cc addresses from spam reports.

8) Takes out the THIS IS AN AUTO-GENERATED MESSAGE footer in several recent spams that had innocent 3rd party email addresses in it.

9) Other non-RFC822 header items get blanked in reports and a strange one with a Bounces_to header line is taken care of that caused problems [stupid spammers, Bounces_to is a ListServ keyword...].

10) The Icons and Images folders in the SpamX folder are no longer required and can be deleted as they have now been incorporated into the Control.jar file.

11) Problems with receiving and sending emails with large attachments in Proxy Mode have been corrected.

12) FOR ADVANCED USERS: IP Blocking is now supported but there is not yet a user interface for it. See the IPBlocking folder for an example of the file to use to implement this.

13) A new list has been added to handle reporting addresses that are known to bounce spam reports. If Delivery Status Notifications (DSNs) reporting failures to deliver spam reports to a particular address are received on a consistent basis, the email address in question can be entered into the Bounces list which will prevent further reports from being sent to that address. The GUI is just like the Friends and Block lists - partial entries are supported; there is no need to use the wildcard ('*'), in fact, it will not work if you do, so don't. There is a Bounces folder included in the install which contains a list of addresses known to bounce. To use the list simply move the _Bounces file into the main SpamX folder.

14) The rather nondescript "Error Connecting to Server" message has been replaced with a more informative message that indicates which whois server is responsible for the error.

15) Complaint.txt, ComplaintV.txt, FDA.txt, SEC.txt, M$.txt and Phishing.txt files have been moved into the Control.jar file and can be deleted from the SpamX folder if you have not customized them with your own message(s). If you HAVE customized them, simply leave the customized file(s) there and SpamX will use your custom text.

16) If the email client times out running in Proxy Mode, SpamX will let you know that the mail check needs to be run again to retreive the good mail.

17) The OK button in the XEdit GUI (Friends, Block and Bounces lists) now performs an Add if there is an entry in the Add field when it is clicked.

18) Dynamic reloading of Blocks and Bounces lists is now supported.

19) CheckSpam allows limiting by the 'To' address in the spams ('Show:' field). This can be useful if you have multiple email accounts and are interested in seeing which one is getting the most spam or if you have a special Additional Complain To address you want to use for spam to just one email address, etc.

20) The file structure of the spams storage index files has changed to allow for future sorting and limiting flexibility. #19 is an example of one of these. If you are updating from a previous version, the first time SpamX is run it will need to rebuild the index files to update to the new structure and will let you know it is doing so. The only thing that will be "lost" in the update is the 'new' status of any existing spams. All existing spams will be set to 'new' but, of course, you have been duly reporting all those spammers right away so this will not have any noticeable effect, right!?

21) The 'Count' indicator at the bottom of CheckSpam now reflects the TOTAL spam count AFTER limiting using the 'Show:' field. The count indicators on the Control Strip and on the Inbox label in CheckSpam show the NEW (unread) spam counts AFTER limiting.

22) The delay closing CheckSpam has been removed - The caches are now written when closing SpamX via the Control Strip - There may be a delay while that is happening but it lets you know what it is doing.

23) Is much more forgiving of webmail sources and the non-standard 'things' THEY like to do so they're not as likely to be flagged as spam.

24) Automatically sends a report to spamreport@cox.net if the 'To:' address is a Cox email address. NO, it's NOT sent as an attachment, it's a normal report just like ALL the rest of the abuse desks get since all the NORMAL abuse desks REJECT reports sent as attachments and we're not going to cater to special non-standard 'requirements' of just one abuse desk out of the thousands on the planet.

25) Performs additional header chain consistency checking [chain test] to detect forged header lines and eliminate the possibility of reporting to the owners of IP addresses in forged lines in cases where the RBLs have not yet listed an insecure server in the previous header line. Although this is rarely necessary, the chain test all but completely eliminates any possibility of sending a report to an innocent third party in a forged header line.

26) Changed the send report Message-ID line to contain an '@' instead of a '%' as _some_ abuse addresses are running SpamAssassin on their mailboxes and it can flag a spam report as being spam with the old Message-ID format. Someone _please_ explain the logic behind running a content-based spam filter, or ANY spam filter, on an address to which spam reports, which CONTAIN a copy of the spam being reported, are to be sent. OF COURSE they're going to look like spam - They have a copy of a spam IN THEM!

27) The format of the explanation at the beginning of the spam report has been changed to better detail the reason why a particular address is receiving a report. It appears there are several abuse desks who think they should only receive a spam report if they are part of the transmission path. We're trying to educate them that it's JUST AS IMPORTANT, if not more so, to shut down the spammer WEBSITES advertised in the spam.

28) SpamX now gets past Road Runner email's lack of conformance to accepted email standards and locates the proper addresses to report to instead of reporting to Road Runner [they seem to think it's OK to violate standards because it's _their_ email system... They don't seem to care that their users might use _other_ software, that pays attention to standards, to fight spam on _their_ system.

29) Importing address books exported from Mac Mail [Address Book] in vCard format is now supported.

30) Added checkbox in CheckSpam for Nigerian (419) scams. The text file for that would be called nig419.txt for those who wish to use their own complaint-specific text.

31) DNS servers in the DEMO can now only be selected using the pulldown server lists. There were just FAR too many 'creative' people entering addresses that WERE NOT DNS servers into the windows, breaking SpamX and then asking why!? Using your own DNS servers is allowed after the copy of SpamX is registered - In theory, this means that if you break it at that point by changing the entry you will be good enough to put it BACK the way it was when it was working properly. NOTE: DNS servers MUST support recursion if you want to use them with SpamX - You can check this using NSLookup2 by performing a lookup with the server set to the server you think you want to use and looking for the line "<--Recursion Avail-->" in the output.

32) Removed Bcc'ing of spam reports - caused some reports to be rejected.

33) Detects faked forwarded mail and does not report to ISPs from those forged 'original To:' addresses.

34) Reduced the number of lookups when checking mail to speed that up.

35) Added a new Removes list to exclude any text desired from spam reports. This is good for things like your name and also works for your email address in cases where the email is sent to a 'group' and your email address does not appear in the header but may still be in the spam body. SpamX still automatically removes any 'To', 'Cc' and 'for' email addresses it finds in the header but this provides additional security. The Removes list interface works exactly like the Friends and Block list and is available from the Edit menu in Config. It is best to use individual words you want kept out of the spam as entries as opposed to strings containing spaces since the compare is with each entry in its' entirety and not its' individual words, i.e. if you want your name excluded in the reports, use two entries in the Removes list, one for your first name and one for your last name.

36) The status line in CheckSpam now shows the number of spams selected when making multiple selections.

37) Spams reported as drug and software piracy spams do not send to the additional special addresses if there are no valid links in the spam body.

38) The Sent and Resent folders can now be emptied from Check Spam. Emptying the Sent and Trash folders can improve reporting speed dramatically if those folders have a large number of spams. Selecting either folder in the folder list changes the Empty Trash button to indicate and operate on the selected folder. To empty the Inbox, you must still select and delete, with the Delete button, the spams you wish to delete. This is, of course, predicated on the fact that the spams in the Inbox are supposed to be reported.

39) If you're using Thunderbird in Proxy Mode, get a lot of spam and Thunderbird keeps timing out, you can add the following line to the Thunderbird 'prefs.js' file:

user_pref("mail.pop3_response_timeout", 600);

The number [600 in this case - we trap a lot of spam] is the time in seconds Thunderbird will wait before timing out. This line must be added when Thunderbird is NOT running. The 'prefs.js' file is located in a subfolder of the Library/Thunderbird/Profiles folder [ours was named default.yr1] on Mac OS X. On Windows it was in the
\Documents and Settings\Application Data\<username>\Thunderbird\Profiles\default.tkl
folder [you must have 'show hidden files' turned ON to see the 'Application Data' folder]. We figure UNIX and Linux users know what they are doing and can find it on their own.

40) There is a new Paste Spam function in Check Spam to allow the pasting of ANY email with FULL headers. With the exception of using the Friends file, the Paste Spam interface will flag ANY email pasted into it as spam. You are warned of this fact each time it is used so MAKE SURE the ONLY email you use it for is truly spam. To use it, click the new Paste Spam button in Check Spam to open the new window to paste the email [spam] into, paste it in using the keyboard shortcuts appropriate for your system [there is NO 'Paste' button - this was done on purpose] and click 'Parse'. Once you click 'Yes' in the warning dialog [per above], you will be presented with a 'Save' dialog box. Once saved, the pasted spam will be added to the Check Spam Inbox and can then be reported in the normal manner. To clear the window click 'New'.

41) Support added for the new African Regional Internet Registry [RIR], AFRINIC [whois.afrinic.net].

42) Identifies links in improperly formed multipart spam [there are commercial email clients that don't even know how to display these].

*********************************

*** CHANGES/UPGRADES in v1.2.2 ***

1) Checking mail has been accelerated significantly. This is particularly evident if there are several spams on the server.

2) There is a short delay when closing CheckSpam while the caches are updated. This speeds up parsing and reporting overall.

3) Viral content is no longer displayed in the CheckSpam spam viewing window - just the headers. This solves a problem with RAV anti-virus software replacing the virus with thousands of linefeeds causing CheckSpam to 'hang' for up to 2 minutes due to a Java bug.

4) If the NoCache setting is used in Config, multiple reporting is disabled to prevent excessive, 'rapid-fire' whois queries that may be viewed as data 'harvesting' abuse. The NoCache setting should only be used in special cases and is not recommended for general operation.

5) Spam reports are now Bcc'd to the recipients when they are sent.

6) All information is now removed from any 'X-' fields in the spam header. It was far too easy for spammers to hide victims' encoded email address information in these fields and they are irrelevant to the content of the spam report.

*** CHANGES/UPGRADES in v1.2.1 ***

1) Issues receiving mail from certain mailservers have been addressed and corrected for those servers - To help with other mailservers see: Get a free registration.

2) Added spell checking to prevent lookups of words made to look like domains by spammers stupid attempts to fool context recognition based spam 'filters', i.e. 'Sto.ck', 'b.uy', 'fr.ee', etc.
NOTE: Currently unavailable on any Java version less than 1.2 (primarily Mac OS less than OS X - Mac OS 8.x & 9.x run Java 1.1.8)

3) Enhanced link detection for plain text links mixed into HTML spam bodies.

4) Resend now allows an option to 'Resend Only' which does not add the address to the Friends file - For special cases like mail from 'postmaster@example.com' where the mailbox name (postmaster) may be commonly forged by spammers.

*** CHANGES/UPGRADES in v1.2 ***

CRITICAL UPDATE: If you are upgrading from a previous version of SpamX you MUST go to Config:Complaints:Account and define the new 'Resend To' Address which has been added with v1.2 [see #25 below for details]. Failure to do so will cause Resend to stop working.

1) SMTP Authentication is now supported for Outgoing Complaints and a default port [25] override is available. Use Config:Complaints:Account to set Authorization Required and/or the default port override.

2) Reports decode encoded ASCII URLS.

3) Decodes base64 encoded spam - You can see this in the report preview.

4) Compatibility issues with several mail servers have been corrected.

5) Reporting has been speeded up [most noticeable on broadband connections].

6) Base64 decoding of the subject line in the spam report. This is visible in Preview mode.

7) Placing the mouse over the Scheduler/MAN button [depending on the current mode] in Control shows the last run end time in Manual mode. It also shows the next run time if in Scheduled mode.

8) Default Scheduler interval has been increased to 15 Minutes to prevent collisions in the event of lots of spam coming in at once. This can still be set as low as 5 Minutes in Config:Scheduling:Settings. If you leave you computer on overnight and SpamX is left running it is relatively "safe" to reduce the scheduler run interval [recommended is 15 minutes as a minimum but gauge that according to the amount of spam you receive].

9) Switching from Manual mode to either other mode in Config now sets the new mode to active.

10) Multiple spam reporting is now supported [Woo-Hoo!]. Click on a spam in CheckSpam then SHIFT-click on another spam in the list to select the entire range then use Report Spam to report all the selected spams.

11) When reporting spam the selection will change to the latest unread spam i.e. If the next unread spam is _above_ the current selection it will be selected if it is _below_ the current selection then _it_ will be selected. If both the spams above and below the current selection are unread the selection will move to the unread spam _below_ the current spam. If both the above and below spams are marked as read the selection moves _down_ 1 slot.

12) If spam is being reported and SpamX is running in scheduled mode the scheduler will wait until reporting is complete before running. This prevents some/most of the Data to Index Mismatch errors which required a rebuild of the spams index file and should also improve performance.

13) Tricky references to your domain have been removed i.e.: Return-Path: <owner-nolist-x*postmaster**SPAMX*-COM@TOP--SITES.COM> now is converted to something the spammers cannot pinpoint like: Return-Path: <owner-nolist-x*postmaster**xS.COM>
I HATE spammers!

14) Other tricky references to your email address/domain have been removed from website links in the body of the spam. Turns out that spammers now have the capability of replacing the "www." in a website link with ANYTHING they want and it will still work with the DNS in EXACTLY THE SAME WAY - It's a free-for-all out there.

15) Problems with multiple reports have been corrected - This was more difficult than expected.

16) When running in Manual mode the Scheduler Icon stays displayed until the Scheduler finally finishes.

17) When running in Scheduled Mode, the Scheduler will not start another run until the previous run is complete - A logical result of #16.

18) Entries over 2 weeks old are deleted from the caches at shutdown to prevent the caches from increasing in size without limit. If you have been running SpamX for a while you will notice a significant improvement in startup time. There is a slight delay when exiting SpamX while the caches are cleaned up.

19) Open proxy detection has been vastly improved.

20) SpamX now reports forged Habeas headers to Habeas - These people go after spammers for Copyright violation for forging their headers.

21) Virus reports completely remove the virus itself from the report for safety and to reduce file size/reporting time.

22) Detects at least two types of the Trojan Spambots now infecting systems and dumping TONS of spam onto the Internet - This is also included in the reports to the ISPs.

23) With the advent of the new Trojan Spambots, HAMMERING the ISPs hosting spammers' websites has become much more important. As a result, SpamX now addresses spam reports to EVERY email address found in the whois data records [as opposed to just the abuse address] as well as any additional addresses gleaned from abuse.net. The only exception to this are those IP addresses under the purvey of arin.net [mostly North America] as they tend to be more responsive then, say, ISPs in China where most spammer websites now reside.

24) When running in Scheduled mode, the scheduler icon will flash every half second while the Scheduler is running a check.

25) A Resend To: field has been added to the Complaints:Account window. This field corrects a problem with resending emails sent to multiple addresses when the mailserver fails to insert a 'for' address in its header. This also allows resent mail to be directed to one address while setting the return address for complaints [Complaint Address] to a different address. NOTE: If you get tired of receiving meaningless auto-replies from complaints you can do what the spammers do and simply enter a bogus address in the Complaint Return Address field to send the auto-replies to "never-never land".

26)Selection and reporting of non-contiguous multiple spams in Check Spam is now supported.

27) If running in Scheduled mode and the Scheduler is running a check, reporting is disabled until the check has completed. This prevents collisions between the Scheduler and the reporting process where the spams file [controls the spams listing in Check Spam] is concerned.

28) Problems with file naming on Windows, Linux and Unix Operating Systems have been corrected. There were a few isolated cases where SpamX was unable to save the spam due to special characters the spammers inserted. All special characters are now removed prior to a save. This problem was not evident on Macintosh systems as they tend to be far more forgiving with file names and special characters.

29) Parsing efficiency has been improved - This will be most noticeable when running a spam check to the email server which now runs faster. This also helps to speed up reports and will be most noticeable when reporting multiple spams.

30) The Report spam button is always available - There is no need to parse the spam before sending a spam report.

31) Emails greater than 200Kb in size are skipped [never downloaded] when checking mail on the server. The feeling is that no spammer ever sends out spam of that size or larger and this greatly accelerates mail checking if people send you large files.

32) Body parsing now identifies plain text links in html spam as well as in plain text spam [SpamCop has much heartburn over this and drops those links].

33) Config now has an option to turn OFF abuse lookups when checking mail. This speeds up mail checks if there is a large quantity of spam on the server. The 'flip side' of this is that parsing and reporting will take longer.

34) Garbage with the FONT size set to 0 or 1 pixel/point put in by spammers to confuse context recognition filters is removed from the spam report. SpamX does not rely on ANY context recognition as it is a waste of time and removing this trash makes the spam report much more readable both in Preview mode and for those receiving the reports.

35) The file XDomainsImport has been added to the package. The file contains common cross-references between domains like hotmail.com v.s. msn.com and helps reduce 'false positives' if options like 'Source Consistency' are selected in Config. To load the cross references use the Import menu in Config and select 'Translate'.

36) The problem with the email client returning errors in Proxy mode has been corrected. NOTE: Proxy mode is only available on email clients that allow it and does NOT work using Windows Internet Options. [that's a Windows "thing" as they seem to imply that it will but it doesn't. Call Microsoft and complain.]

37) Sending report copies to SpamCop has been modified to conform to SpamCop's ever more restrictive "rules" about what they will accept. As far as we're concerned, SpamCop is about to "rule" themselves out of operation but that's O.K., it makes SpamX an even better deal all the way around. ps. SpamX does not care whether the spam is RFC compliant or not like SpamCop now does. We figure, why should anyone expect spammers, who ignore the Acceptable Use Policies of ISPs with impunity, to give a rat's butt about RFCs - Unlike SpamCop, SpamX parses and reports the spams regardless.

*** CHANGES/UPGRADES in v1.1 ***

1) SpamX now identifies and reports on links in the body of the spam (body parsing) to get the spammers' websites SHUT DOWN!!!

2) Strange items [and possible encodings of your email address] are removed from HTML spam. This includes weird HTML comments, invalid tags and invisible encodings using the FONT color set to the background color of the body of the spam [i.e. white on white is "invisible"]. This also makes the spam body MUCH EASIER to read for the sysadmins reviewing the reports.

3) A Preview Report function has been added to Check Spam so you can see what will be sent in advance.

4) An "Empty Trash" button is now available in CheckSpam. As the size of the Trash increases so do reporting times so it's a good idea to empty the Trash often [just like any other email program]. The number of files in the Sent folder can also affect reporting performance in the same manner but, for a variety of reasons [like preserving evidence against spammers and their ISPs for possible lawsuits], removing files from the Sent folder is the same [manual] as removing files from the Inbox in most other email programs.

5) All references to any email addresses/domains/mailboxes the spam was sent to are now removed from the spam report to prevent "Joe Jobbing" of your email address by spammers.

6) The spam report is truncated to the end of the last valid link in the spam body to eliminate possible email address encodings that may be contained at the end of the body of the spam.

7) Reports now include a section identifying Open Proxies, Open Relays and the website links detected in the body of the spam to make sysadmins' jobs easier and get those spammers shut down faster.

*** THINGS WE KNOW ABOUT ***

SSL is not yet supported.

If there is a large amount of spam on the email server, the email client may time out waiting for SpamX when running in Proxy mode. If this happens simply allow SpamX to finish checking for and deleting the spam on the server [you will notice that the Traffic Indicator continues to flash after the email client has timed out] then run the email check from the client again. Repeat as necessary. As an alternative, temporarily switch SpamX into Manual Mode using Config and let it run a full Manual check then switch back to Proxy mode and check with the email client [of course you'll need to have your email account(s) defined in Config->Scheduling->Accounts to do this].

Java may still have a problem with displaying images properly when reporting multiple spams [this is Operating System dependent] so the "Reports Sent" image may appear as only a gray rectangle on the screen - This does not affect the sending of the reports [only what you see]. Works just fine on Mac OS X, though.

If reporting multiple spams and switching between applications while the reporting is in process, switching back to SpamX may result in grayed-out screen images [Check Spam]. This does not affect the reporting process and will correct itself once the reporting process is completed.

HAPPY REPORTING!