Domain Admin Quarantine
Yes. In a shared hosting environment, domain owners should have extensive control of their filtering rules and their quarantine.
User Quarantine
I am not a fan of user quarantine. Since users work from the formatted document, they are poorly equipped to assess risk. They should only be offered a choice between accepting a safe message as acceptable advertising, or rejecting a safe messages as unwanted advertising. If the message presents any greater ambiguity, system quarantine should be involved. I can imagine two work flows:
- Ambiguous message is released first to system quarantine. If the system administrator approves the message as safe, one disposition option is to release the message to user quarantine. This permits the user to choose whether the message is acceptable or noise, and to provide immediate feedback about what he wants and does not want.
- Ambiguous message is released first to user quarantine. If the user wants the message, then it proceeds to system quarantine for the administrator to decide if it is safe. This distributes the first-level screening workload across more users, and reduces administrative workload.
For the record, I don't think I have seen any existing product which supports message low through both types of quarantine.
Quarantine Review features
Your question also opens the topic of what do users need in a quarantine review interface. Since I have cast aspersions on what SmarterMail currently offers, I am providing a review of what I have seen in other products and what I would like to see in an optimal implementation.
Message List
Quarantine review begins with a one-line summary for each quarantined message. This should provide enough data for the reviewer to make some decisions and to prioritize additional investigation.
The data used for message log review does not fit conveniently on a screen, and there is a lot of data that might be desirable to include. So the quarantine design needs a space management strategy. This are some of the techniques I have seen, from worst to best:
- Only display a fixed set of fields, chosen by the developers. Use fixed field sizes as well. Wide screens do not display more data, they just add white space between columns. If the data is too big for the field, display the full contents in a tool-tip when the user hovers on that field.
- Only display a fixed set of fields, but field size is adjusted to the size of the screen. The user can stretch one field, at the expense of other fields, to see more data in a particular column.
- Allow the user to choose from a large set of available fields. Shrink columns as necessary to make everything fit, on the assumption that the user will export to CSV to see the full data set.
- Optimal would be to mimic Excel, with horizontal scrolling, manual and automatic column width adjustment, and the option of wrapping cell contents to show all data with making width excessive.
Since a filtering system may be downstream from the MX server, the message log should be able to report Source IP based on the data seen by the MX server. The MX server IP address will usually be of no interest (but can be a selectable option if the message list provides a robust set of available data.)
Message Viewer
An optimal review tool will include an embedded viewer, which displays the message without leaving a copy of the message in the user's download foldere. The viewer should provide both formatted and raw views of the message contents. The viewer should take steps to protect the reviewer from accidentally triggering a malicious payload. I have seen viewers that disable CGI scripts, and viewers that present everything as plain text. I think an ideal tool would scramble links so that the intended destination is detectable, but the link cannot be followed. Similarly, clicking on an attachment link should trigger an "are you sure?" screen, and then a download without activation (maybe by downloading as a zip?.)
Sorting
Sorting is missing from several of the products that I have used, but the feature is desiirable. These are my favorite uses:
- Finding message with the same subject but different domains, which reliably indicates a spammer.
- Finding all messages from a particular source.
When sorting on email addresses and domain names, it is desirable to sort according to the DNS hierarchy. This means that "
John@mail.example.com" is ideally sorted as if it was "com.example.mail@John".
Exporting
Most tools permit exporting to CSV. This gives the reviewer all the flexibility of Excel, but the message information is now fully disconnected from the message details in the log. If the review interface had features more like Excel, the need for export would be significantly reduced.
Disposition follow-up
When a messageis dispositioned from quarantine, it often indicates a decision about future messages with the same characteristics. An optimal interface would help the reviewer document that decisioni by assisting in creation a block rule, local authentication rule, or whitelist rule. The requirements for this undertaking are difficult to define, so this is more of a pipe dream than an expectation.
Global Message Log
Some products, including SmarterMail, only retain message files while they are in quarantine. This is a problem because administrators also need to review blocked messages to detect overly strict fitlers, and allowed messages to detect overly permissive filters. I am currently filtering allowed messages on Known/Unknown Sender status, because Unknown Senders have proven to be my primary source of unwanted messages.
To support this need, better products retain a continuously maintained history of every message processed in the last N days, so that message review, including message contents, can be performed on all messages. "Continuously maintained" means that users do not need to worry about file management, because old data is purged automatically on a fixed schedule, usually nightly.