|People | Departments | Search UMD|
Spam. What Is It? What Can I Do About It?
The ITSS Help Desk has received a large number of questions about email spam recently, so we though it would be a good issue to discuss.
Spam is a generic term for the advertisements and promotional emails individuals and companies send to most any active email account they can find. They use this as a fast, easy, and inexpensive way to advertise products or services to large numbers of people. This practice gets frustrating for the email users as they can be sent many emails they do not wish to read or even receive.
So what can be done about spam emails?
First, ITSS wants email users at UMD to know that our system administrators are currently (and have been for many years) monitoring and making efforts to block spammers. We are able to see when a large number of emails originating from one source come to our campus, and we are often able to block those transmissions. Offenders are simply blocked by not allowing the messages they send to reach our email servers.
However, despite our best efforts, there is no magic solution for stopping all spam. People that use the Internet or email should assume they will receive some junk emails. It is simply impossible to block all such messages. Few states have legislation against spam, but there are ideas for pending legislation.
There are different formats of spam, and senders are becoming better at hiding or altering the appearance of what they send or where they send it from. Users will often get emails addressed specifically to them (and only them), or so it will appear. What often happens is the sender uses the BCC (Blind Carbon Copy) function of an email program to hide all the names to whom the message was sent. The sender will then also use a "fake" account for the origination of the message so that responses cannot be directed anywhere legitimate.Spam is generated in a number of ways and we thought users might like to know how that happens. Here are some of the common techniques used to find email addresses so messages can be sent out en masse.
- Automated software is used to fake a sender's address and/or host.
- Web robots go through web sites, newsgroups and talk lists (like Yahoo! Groups) to find and accumulate member addresses.
- Web browsers go through mail servers and expand lists to compile addresses.
- When a user visits a web page the owner of that page may allow software to query the user's browser and get the addresses from the settings in their program.
- Users are often asked to enter an email account along with other personal information.
- Guessing often works. Spammers will just make attempts to find the easy combinations (John Doe may be jdoe@...). This technique has become more difficult to use successfully at UMD, with the implementation of the x.500 software which uses letters and numbers for new users.
- The campus phonebook is a source of information as is the University's web site (x.500).
It is commonly asked if the University is "selling" addresses and the answer is no. Spam is covered by the Policy on the Appropriate Use of Information Technology. Additional information on U of M policies towards spam emails can be found on the Security portion of the University of Minnesota Office of Information Technology web site.
People often ask, "Why is this happening now when it was not before?" Unfortunately, the answer is not simple. Spammers are simply getting better at finding addresses. Additionally, they are ignoring some of the commonly used advertising practices, specifically the tendency to try and advertise to the "target market" of customers. Spammers find it is not worth expending their time and resources to analyze their possible customers in contrast to just sending messages to everyone they can find.
Many spam emails include an option that says something along the lines of "click here to unsubscribe from this mailing list". Generally, it is not a good idea to use this option. What this does is it tells the spammers that this is an active email account. They may remove you from that particular email list but may add you to many more. It is usually best to just ignore and delete spam emails. Clicking on this "remove me" option may also be a way for nefarious people to create a conduit to load viruses onto your system.
Another common inquiry to the Help Desk is about University policy and the privacy of email addresses for members of the institution. There is an ongoing debate on this issue. At the crux of the debate is the question of "Can we make addresses public within the university and private without?" but there are opposing camps. PeopleSoft is a "public" aspect of the University. At this time, email addresses are not protected legally as part of the information that must be considered private.
So how is ITSS fighting spam?? The mail system has been set to reject messages from known spam sites and mail senders. Our software will check for these addresses, and the email software will reject mail that appears to be coming from a bogus system. We also reject network connections from problematic sites. Currently we have a list of more than 30 known spammers trying to send vast amounts of junk email to our campus.
ITSS cannot filter emails based upon content. The decision for what is filtered is based upon criteria our network administrators have used to determine what is and what is not spam. What users could do if they are having problems with a specific group or spam source is set their Email Filter Settings file so that any email from a particular source is deleted before it gets to your Inbox. This technique will not eliminate all spam emails and will not stop "one shot" spammers, but it will stop a source of emails repeatedly sent from the same source. Users can find more information about this option in this article about Email Filter Settings.
Did you find what you were looking for?
NO ©2003 Regents of the University of Minnesota. All rights reserved.
The University of Minnesota is an equal opportunity educator and employer.
Last modified on 06/11/02
Contact ITSS |