|
|
 |
| CONTENTS A-Z | SEARCH | CHANGE YOUR PASSWORD | ANNOUNCEMENTS | STATUS MESSAGES |
|
These pages explain how to manage spam - by which we mean unwanted email, typically advertising for something you don't want, sometimes obscene.
There are three things you can do to manage spam for your University email account:
The University email system tries to identify spam, and mark it with {SPAM?} in the subject line; you can manage emails flagged {SPAM?} by having the email system delete them outright, and/or by setting up Outlook rules to handle them once they are delivered to your mailbox;
You can set up Outlook rules to weed out other emails that might be spam by managing email coming from outside the University .
You can follow good practice to reduce the risk that spammers will get hold of your email address.
These techniques are described below, with notes at the end. Instructions on how to apply and use all the techniques are on a separate page.
The University email system uses a
program called SpamAssassin to try to identify incoming external emails which
might be spam. SpamAssassin checks an email against a
number of characteristics which typify spam and allocates a score. If the score
is 5 or more, it inserts {SPAM?} at the start of the subject field. If the
score is 10 or more it inserts {SPAM?}{HIGH}. SpamAssassin also adds the
X-Essex-MailScanner-SpamScore header line, which takes the form
X-Essex-MailScanner-SpamScore: sssssss
where the length of the line of "s" characters is the spam score, rounded down.
This may be used in Outlook Rules to define your own level at which SPAM is rejected.
This technique identifies much spam, but not all. It can also cause some genuine emails to be flagged as spam - these are known as "false positives". An email flagged {SPAM?}{HIGH} is less likely to be a false positive than one flagged just {SPAM?}.
The default behaviour at Essex is for email tagged {SPAM?} or{SPAM?}{HIGH} to be deleted. You may alter this behaviour by using the spam deletion service web page.
You can also use Outlook to manage {SPAM?} which does get delivered by writing a rule to divert the spam to a special email folder. You can then occasionally check the folder, in case of false positives, and delete the real spam - or set the folder to delete them automatically after a certain amount of time. Alternatively you can set up a rule to delete flagged spam outright — this is useful even if you subscribe to the spam deletion service, since occasionally {SPAM?} can still get through. Here are instructions on how to set up a rule to filter {SPAM?}, or alternatively a rule to delete {SPAM?}.
The University's spam-detection systems do not identify all spam, and probably never will be able to. We recommend a second technique to reduce the impact of spam: write a rule in Outlook to divert all incoming emails from outside the University to a special folder, if they have not already been processed by some other rule. If you have Outlook 2002 or later, you can adapt the rule so that it doesn't divert emails from senders in your contacts list - and then gradually add genuine callers you hear from regularly to your contacts list.
You then frequently inspect the folder, extract genuine messages, and delete the rest - or set the folder to delete them automatically after a certain amount of time. The advantage of this is that the unwanted messages don't clutter up your Inbox.
It also helps to set up rules for messages arriving via mailing lists, to stop them being diverted to your special external mail folder.
Here are instructions on how to set up a rule for external mail, and also rules for mailing lists.
Here are some techniques for not drawing spammers' attention to yourself (or your colleagues).
Only advertise your email address in a disguised format: on a web page or Usenet mailing, do not use gandalf@essex.ac.uk, but something like my email is gandalf. Non essex users should add essex.ac.uk in the usual way. This thwarts programs scanning for email addresses. Note that on webpages an address does not have to be a clickable link to be dangerous: an address in plain text can just as easily be harvested.
Similarly don't put explicit email addresses in out-of-office messages.
Don't open spam emails - you may confirm through web links that your email address is valid.
If you do open a spam, never reply or click web links, even those inviting you to be "taken off the list". Again this only confirms that your email is valid.
Switch off the Reading Pane in Outlook - instructions here.
These notes are for those who would like a bit more technical information.
Incoming external emails are also checked against the RBL (Realtime Blackhole List, or Realtime Blocking List) zen.dnsbl.ja.net - a list of sites which are, or have been, involved in the distribution of spam, or are misconfigured in ways that may enable them to be used for the distribution of spam. Any mail from a listed site is given a local header:-
X-Essex-RBL: zen.dnsbl.ja.net lists <sending IP address> as sending {SPAM?}
{SPAM?} is not put in the subject field just because an email is from an RBL-listed site. Of course the email may also fall foul of SpamAssassin tests and be tagged {SPAM?} in the subject field as a consequence of that.
SpamAssassin is the mechanism currently used in most universities to tackle spam. It runs in the email servers which are the entry point for external emails into the University network. SpamAssassin applies a complex set of rules to an email in attempt to weed out spam. It accumulates a score for each rule matching the email.
A message that accumulates a sufficiently high score (currently 5) is considered potential SPAM, and marked as such by the tag {SPAM?} added to the Subject line. (We can choose this threshold. The value 5 does seem to be in wide use elsewhere). A message that accumulates a higher number of points (currently 10) has the tag changed to {SPAM?} {HIGH}.
SpamAssassin adds a number of Internet headers to emails, containing information. All these headers begin with "X-Essex-", such as
X-Essex-ExternalMail: 210.3.178.103
X-Essex-MailScanner-SpamCheck: spam, SpamAssassin (score=8.2, required 5,
BASE64_ENC_TEXT 1.37, CARRIAGE_RETURNS 0.32, CTYPE_JUST_HTML 0.41,
ESSEX_DRUGS 5.00, HTML_50_70 0.30, SPAM_PHRASE_00_01 0.78,
USER_AGENT_OUTLOOK -0.01)
X-Essex-MailScanner-SpamScore: sssssssssssss
The X-Essex-ExternalMail Header is put on mail from external sites, and gives the IP number of the site. It is this header that is used in the rule for filtering external email. The X-Essex-MailScanner-SpamCheck gives details of the email's scam score, and the particular rules it violated. The X-Essex-MailScanner-SpamScore Header contains a string of 's' characters, one for each demerit point the email has scored. This allows you to create a filter to match spam more accurately than by using the {SPAM?} and {HIGH} tags: for example, you may match emails with at least 8 demerit points by looking for the string X-Essex-MailScanner-SpamScore: ssssssss.
You can view the Internet headers in an external email at the bottom of the Message Options window. Recent versions of Outlook let you see the Message Options by right mouse-clicking on the message, then selecting Options. In earlier versions of Outlook you need to open the email, click View, then click Options: this is undesirable.
It is not possible to give an exact description of the rules used by Spam Assassin, as they are continuously being updated in response to new threats. The rules look for indicative strings in the header or body of messages, or refer to external databases of known sources of spam, or to databases of known characteristics of particular spam emails, such as the DCC databases
SpamAssassin runs under the control of the system MailScanner, which also controls virus checking and some other checks.
The name comes from a Monty Python sketch.
Document last modified by Alan Stanier
(e-mail: alan; non-Essex users should add @essex.ac.uk to create full e-mail address)
on 20 November 2009.