The university spam filters handle 10-15 thousand messages per day with about 60% being identified as spam.

• Quicknote: What is Spam?

ITS has several technologies in place to combat spam and phishing attacks, arranged in a series of tiers.

Tier 1: Site block-lists and allow-lists. Used to outright block or allow mail, these lists control access from specific addresses and domains, either ahead of time (to allow trusted senders) or on-demand (to block an acute spam influx).

Tier 2: Real-time public block-lists. Published by The Spamhaus Project, the SBL, XBL, and PBL lists are proven dependable and we use them to block junk originating from spammer/phishing operations identified worldwide.

Tier 3: Sender verification. Our policy is not to accept mail from sender addresses that cannot be replied to. This technique may result in an issue when expecting mail from automated systems on various websites (and strictly speaking, the website is to blame as they are violating standards.) If you do not receive a message you expected within 24 hours, contact the ITS Helpdesk and request an exception be made to allow the mail through.

Tier 4: Greylisting. We temporarily reject all incoming mail, forcing sender mail systems (not senders themselves) to retry any time after one minute to be accepted. This works well because standards-compliant mail systems happily retry and usually quickly, whereas spammer mail systems tend not to retry at all. The technique can cause short delays for legitimate mail, but is very effective at blocking spam.

Tier 5: SpamAssassin. (Opt-in) This technology, a heuristic scanning engine, goes through the subject and body of each message looking for suspicious patterns and applying a score, ultimately making the call as to whether or not mail is spam. A "spam tag" is then injected into the headers of the message for clients to filter by. ITS has Quicknotes that explain how to opt-in to this feature. It might take 10 minutes to set up, but will save time in the long run since the most blatant spam and phishing attacks will be automatically filtered out of your main inbox and into a sub-folder.

• Quicknote: Creating a Spam Filter for Outlook Web Access 2007 (Webmail)
  
• Quicknote: Creating a Spam Filter for Outlook 2007
• Quicknote: Creating a Spam Filter for Outlook 2003
• Quicknote: Creating a Spam Filter for Entourage 2008 (Mac)
  

We also take a variety of measures on a per-incident basis. For instance, if a targeted phishing attack sneaks through, the spam filters are configured to intercept any replies to the phisher's email address. Should one of our users get taken by a scam, the ITS Security Services group are made aware as they receive the actual reply as sent from the user. Configuring these "interceptors" all depends on ITS getting good reports (with headers) about phishing attempts.

• Quicknote: Finding Internet Headers for Phishing Emails in Outlook 2003/2007

Despite these measures, spam filtering remains a best-effort service. When the premise is the ability to receive Internet mail from potentially anyone, some spam will inevitably sneak through. No commercial or free solution claims to be 100% effective for the same reasons we cannot. Spammers continue to acquire resources and many are re-designing their operations to defeat filtering technologies.

We do our best to combat spam with the technology available, and are fairly aggressive without risking false positives. ITS continues researching new methods to aid in the endless battle against spam in our university inboxes.