| |
Table of Contents
What is Spam?
Essentially, Spam is like the junk mail you receive at home. According to the
Mail Abuse Prevention System,
“an electronic message (email, instant message) is Spam IF: (1) the recipient's
personal identity and context are irrelevant because the message is equally
applicable to many other potential recipients; AND (2) the recipient has not
verifiably granted deliberate, explicit, and still-revocable permission for
it to be sent; AND (3) the transmission and reception of the message appears
to the recipient to give a disproportionate benefit to the sender.”
How can I protect myself from Spam?
The simplest and most efficient way is to delete it. Replying to it or trying
to unsubscribe or remove oneself from a Spam mailing list may actually end up
confirming your email address as a useable address to the Spam sender. If you
get a lot of Spam, see below on what you can do.
- Do not follow any unsubscribe directions
At the bottom of some messages I am told if I click on the unsubscribe
link, I will be unsubscribed from the email list that sends such messages.
Should I “click here”?
Unless you actually signed up for the particular listserve, you should not
click to remove yourself. If you try to unsubscribe yourself from a list you
never signed up for, then you are actually confirming your email as a valid
address, which can then be sold to other Spam lists. If you did subscribe
for the list, such as a listserve for your field of research, then you can
use that link to remove yourself.
- Do not reply to messages from Spammers
- Do not click any other links in a Spam or open any attachment
- Create "disposal" email accounts
Use these email accounts in uncertain situations where you do not feel comfortable
leaving your USF email account. A Yahoo or MSN free email account can be ideal
for these purposes. When you use newsgroups (Usenet, Dejanews), use your disposable
email address as your return address. (This is a setting in the software
that you use to read newsgroups.)
- Avoid signing up for "free" services on the Internet
Avoid signing up for "free" services on the Internet or putting
your email address on warranty cards or providing it in chat rooms.
- Beware messages sent from corporations, such as Microsoft, that
promise solutions to certain problems or contain attachments
Spammers constantly change deployment tactics and use brand spoofing or Phishing
Spam, which is on the rise. Phishing Spam is where the Spammer forges emails
coming from companies such as Citibank and Microsoft. Often computer worms
are attached to such messages and, if opened by an unaware user, allow the
now infected computer to be used to spread Spam. It is therefore vital that
you make sure your computer is protected from viruses and that you perform critical updates and install security patches when appropriate.
- Never forward a "chain" email
Never forward an email that claims that it is capable of tracking the email
as it is sent or will help generate revenue for a certain cause to the more
people it is forwarded to. These emails are commonly referred to as a chain
mail and are commonly false and help individuals get additional email address
for Spam.
- Avoid posting your email address in a webpage
There are programs that “harvest” email addresses by looking for
mailto: codes in HTML documents. In chat rooms or news groups for example
anyone could quickly grab your email address. Also avoid using your email
address when setting up chat or FTP clients.
- Be a bit cautious about giving out your email address
Don't conceal it totally, but don't give it to anyone from whom you do not
actually want to receive email. Don't automatically type it every time anyone
asks for it; ask what it's going to be used for.
- Don't put a mailto button on your web page
Present your email address as plain text, and only in one place. (Automatic
programs called "Spambots" examine web pages and gather email addresses
from them. The fewer times yours gets gathered, the better.)
What is USF doing about Spam?
There are two fronts where Spam can be attacked: on the desktop side, by customers
setting up email filters or using Spam filtering software and on the server-side,
handled by ITS System Administrators.
To address the first front, ITS is in the process of reviewing potential desktop
Spam filtering products (including Eudora 6, which comes with special Spam blocking
resources). We are also working to educate our customers about Spam and other
technology-based security vulnerabilities.
On the server side, we are currently doing the following to help minimize Spam:
- Using PureMessage to tag incoming messages that appear to be Spam and filtering
those messages into a USFconnect IMAP junk folder. To learn more about PureMessag
please check out our faq on Spam Management with PureMessage.
- Subscribing to Blacklists which catch incoming Spam before it is ever delivered
to a particular email account. A Blacklist is a database of known internet
addresses (or IPs) used by persons or companies sending Spam. Various ISPs
and bandwidth providers subscribe to these blacklist databases in order to
filter out Spam sent across their network or to their subscribers.
- Manually creating filters on the server side when we detect a pattern from
alerts or a flood of Spam and/or worm activity. We have created an email
for the reporting of Spam bulkmail@usfca.edu, that can help us collect information
to aid in the creation of our own Spam filters.
- IP Blocking. This is done in response to reports/complaints of Spam activity
generating from USF networks. When the reports/complaints get to a certain
threshold, we block the IP address and attempt to track the person who's machine
is being used to send out Spam (often times this is being done without the
person's knowledge)..
- We subscribe to TrendMicro's Gateway Spam solution that's tied into our
server-side Anti-virus product.
We have already implemented some server-side anti-Spam services, but will seek
UITC guidance before implementing key word, combination key words, heuristic
and other algorithm based filtering.
If I am getting a lot of Spam, what can be done?
At present, the ITS Help Desk recommends what many other universities are advising
their users. E-mail Client Filtering. This is the least intrusive method to
other university email users. You filter within your email client.
I have heard about desktop Spam software.
What does it do and is it something I should consider using?
Desktop anti-Spam software can be downloaded and/or purchased so you can control
Spam more extensively than with email client filters. Many of these include
preset filters for known Spam domains from which Spam email is sent. Currently
ITS has not found a desktop Spam application that we would recommend, though
we are investigating some possibilities. When looking at Spam software, check
for IMAP protocol support. We are hoping to reduce Spam through centralized
server products.
How do I get on Spam lists?
See the above section on: How can I protect myself from
Spam?
If I am getting a lot of Spam, can I change
my email address?
At this point, changes to email addresses for faculty and staff will be done only in the most extreme cases and only after other efforts, such
as desktop filtering, has been applied but is not resulting in reduction of
Spam. The main reason we are reluctant to change email addresses is because
it won’t necessarily stop you from getting Spam. As long as you have an
email address you are vulnerable to Spam, just like you are vulnerable to junk
mail in your snail-mail mailbox. What we would do, however, is work with you
to try and block as much of the Spam as possible either on the email server
side or from your desktop. If all our efforts do not help, then as a last resort
we would consider changing an email address.
What do I do if I am getting offensive Spam?
As most of us know, in an academic environment it is not feasible to do content
filtering. Also, what is offensive to one person, may be useful information
to another (research material, for example). As a first line of defense, we
recommend the use of filters in Eudora or Outlook for regular Spam. For example,
setting up filters to block messages containing key words you know you will
not want to receive. If the Spam email is pornographic in nature or otherwise
extremely offensive, please report it to bulkmail@usfca.edu. Please turn on
email headers before forwarding the offensive Spam to the above address. If
you come across child pornography Spam, feel free to report it based upon the
information provided at http://www.cauce.org/about/faq.shtml#kidporn.
How To Turn On Email Headers
- To turn on full Internet headers in Eudora do the following:
1) Open the email
2) Click on the button above the message area that says "Blah
Blah Blah"
3) Forward the email to bulkmail@usfca.edu
- To turn on full Internet headers in Outlook do the following:
1) Open the email
2) Click on the View menu and select Options
3) The headers will appear in the bottom of the box. Copy and paste the
headers into the email and forward it to bulkmail@usfca.edu
- To turn on full Internet headers in Netscape Mail do
the following:
1) Choose Options from the options menu bar.
2) In the section for "Show Headers", select
Full Header
Additional Spam Links
|
|
