Spam Stats
The university mail filters handle hundreds of thousands of messages per day, rejecting most and identifying about half the rest as spam.
Last week 3,102,049 total messages were attempted. Of those, 99.35% were rejected by block lists, sender verification, and greylisting. The other 0.65% (20,163 messages) were accepted and delivered, with 64.49% (13,003 messages) identified and tagged as spam to benefit those who opt-in to using a personal filter rule.
ITS has several technologies in place to combat spam and phishing attacks, arranged in a series of tiers.
Tier 1: University block/allow lists — Used to outright block or allow mail, these lists control access from addresses and domains we specify, either ahead of time to allow trusted senders or on-demand to block a spam influx.
Tier 2: Internet block lists — Published by The Spamhaus Project, the SBL, XBL, and PBL are “real-time” block lists that are proven dependable. We use them to block junk originating from spammer/phishing operations identified worldwide.
Tier 3: Sender verification — Our policy is not to accept mail from addresses that cannot be replied to. This technique can block mail from automated systems on some websites. Strictly speaking, the website’s mail system is violating standards, expecting us to accept mail from them even though no reply is possible. If you do not receive a message within 24 hours, contact the ITS Helpdesk and request an exception to allow the mail through.
Tier 4: Greylisting — We temporarily reject all incoming mail, forcing sender mail systems (not senders themselves) to retry any time after one minute and be accepted. This works well because standards-compliant mail systems will retry and usually quickly, whereas spammer systems tend not to retry at all. An unfortunate side-effect is short delays for legitimate mail, but the technique is very effective at blocking spam.
Tier 5: SpamAssassin — This (opt-in) technology, a heuristic scanning engine, goes through the subject and body of each message looking for suspicious patterns and applying a score, ultimately making the call as to whether or not a message is spam. A spam “tag” is then injected into the headers of the message for clients to filter by. ITS has Quicknotes explaining how to opt-in to this feature. It may take 10 minutes to set up, but will save time in the long run since the most blatant spam and phishing attacks will be automatically filtered out of your main inbox and into a sub-folder.
———————————————————————————————————————————
Quicknotes for setting up spam filters on your account can be found in the email category on the Helpdesk homepage. (www.umflint.edu/helpdesk)
We also take measures on a per-incident basis. For instance, if a targeted phishing attack sneaks through — those which claim to be official, from the university — the outbound mail servers are configured to intercept any reply to the phisher’s address. Should one of our users get taken by such a scam, the ITS Security Services group are made aware as they receive the actual reply as sent from the user. Configuring these intercepters all depends on ITS getting timely reports of the spam messages.
Despite these measures, spam filtering remains a best-effort service. When the premise is being able to receive Internet mail from potentially anyone, occasional spam will sneak through. No commercial or open-source solution claims to be 100% effective for the same reasons we cannot. Spammers continue to acquire resources and are always seeking new techniques to defeat filtering technologies.
We do our best to combat spam with the latest technology available, and are fairly aggressive without risking false positives. ITS continues researching new methods to aid in the endless battle against spam in our university inboxes.