Email Spam and Our Defence Against It

With email comes unwanted email of all sorts; probably the biggest category of unwanted email is spam – unsolicited bulk email. Note that not all unwanted email is spam! Spam is basically where someone has decided to send out very large quantities of email to a list of people who have no business relationship with the organisation arranging the spam run. This could mean advertising a commercial product; it could also be religious spam, campaign spam, or malicious spam such as phishing attacks or virus distribution. In this blog entry I will go through some general details on spam, and then move onto our defences about spammers.

Spam Not SPAM

The history of dealing with spam is littered with examples of those who have mistakenly used the label SPAM to refer to unsolicited bulk emails; at which point a certain irate food manufacturer sends out cease and desist letters backed up with a howling pack of savage attack lawyers. Hormel foods are actually quite reasonable about the situation – especially in the early days when they could have caused considerable difficulty to the anti-spam community – they don’t object to the use of the term “spam” but do object when “SPAM” gets used.

So don’t do it.

It Costs Money!

Spam is obviously an irritant to anyone who has ever trawled through a mail box looking for the real content amongst swathes of adverts for herbal mortgages and the like. And that is by itself a good reason for trying to prevent spam getting through. But there is also a monetary cost involved. Each time someone spends a moment looking at a spam email rather than doing their work, it costs us money. Every time someone asks questions about spam, it costs us money. That money adds up to quite a considerable sum across the entire University. The current estimate (which is based on very outdated salary figures) is that our current defences are saving the University between £2,000-£5,000 every day.

Near Spam

If you bought a pair of socks off an Internet shop 10 years ago, you will probably still be getting emails from the relevant shop even if you have not bought anything from them all that time. Unfortunately whilst you may no longer wish to receive email from them, it does not count as spam. At least legally (in the UK).

Your best option here, is to simply ask to be removed from the list of people the retailer sends messages to – instructions to do this are often contained within the message. They should comply, but be careful it really is “near spam” from a reputable retailer before replying!

Malware

Email containing viruses is just as much spam as that email telling you how to get rich quick by buying special herbs from an obscure seller in an obscure country. In fact the spammers who send adverts for products are quite often the ones responsible for sending out viruses too.

This is because spammers often use infected PCs as their ‘data centre’ for sending out spam – it’s cheaper to steal someone else’s computer and electricity rather than use your own. And of course someone else gets the blame when they track down the origin of the spam.

Our Anti-Spam Defences

For a long time, we have been attempting to protect University mailboxes from receiving spam, and despite the spam that does show up in your inbox, we do quite a good job blocking some 95% of spam before it is accepted by our servers. To do that we run a layered defence with different measures applied in different ways. One of the methods relies on your inbox being equipped by a “Junk Mail” folder, which for some reason seems to go missing in GroupWise on occasions.

Check if this is enabled, by selecting the Tools menu, and then Junk Mail Handling from the pull-down menu. And make sure that the option “Enable Junk List” is enabled.

Of course the problem with spam defences is that people do not see the spam that does not reach them (which is after all the point), so get concerned with the spam that does reach them. Our defences err on the side of caution, so it can be expected that some spam will still get through; however it is far less than would be seen if there were no defences in place.

Block Lists

Our main defence against spam is the use of a number of blocklists. These lists are built up by various anti-spam organisations to contain lists of known spammers, or the addresses of machines that spammers have taken over (with malware) and are currently sending out large (or smaller) quantities of spam. Of the lists in use, many of them are sanctioned for use (and subscribed to on our behalf) by JANET.

We also operate local block lists to which we can add addresses. However we rarely offer to do this for spam that escapes our defences as it is not effective – spammers “rotate” amongst a large number of legitimate email addresses, and rarely use the same one more than a few times.

Content “Filtering”

One of the more usual methods of dealing with spam elsewhere is to run software which looks at the content of a message to determine whether a message is spam or not. For historical reasons, we do not routinely block based on the content of messages with the following exceptions :-

  1. If the message contains a virus attachment.
  2. If the message scores as a “phishing attack”.
  3. Or if it publicises a web location well known to be hosted by a spammer.

What we do instead, is to mark the message with a ‘spammyness’ score to indicate how likely it is to be spam. This is done by adding three headers to the email message – X-Spam-Score (which contains the numeric score), X-Spam-Flag (a “yes” or “no” value), and a detailed report within the X-Spam-Report header. This should be handled automatically by GroupWise which should send all messages with an “X-Spam-Flag” header of “yes” into your “Junk Mail” folder.

What You Can Do

Nothing. Or at least nothing if you are not prepared to spend a lot of time learning about spam, how it works, how to deal with it appropriately, etc.

This entry was posted in Uncategorized. Bookmark the permalink.