Table of Contents
What is "spam"?
What is Rutgers doing to manage spam?
Setting up or disabling spam-filtering on OIT systems
What else can users do to stop spam?
Where can I get help?
The term "spam" is computer slang for the electronic equivalent of
junk mail. Spam floods message boards, newsgroups, mailing lists, and
Rutgers e-mail accounts with unwanted, unsolicited, and often repugnant
messages--usually advertisements, promotions, or deliberate
disruptions. It is also a flagrant violation of membership agreements
with most Internet Service Providers. While spam is often identified
as "large numbers of messages", even just one unwanted message to
someone can be considered spam. The term is attributed to a sketch,
performed in the 1970s by the British comedy troupe Monty Python,
about a repetitive breakfast menu in which each item has more Spam
(the canned meat product) than the previous.
Spam is a problem for all e-mail users. It has been determined
that 80 - 90% of all e-mail coming into the University's central e-mail
servers is spam. For example, in July 2007, the New Brunswick faculty/staff e-mail server
received 66,088,392 e-mail messages. Of those e-mail messages, 41,264,942
messages we detected as being spam or viruses and were blocked. This is not
only a problem at Rutgers. Spamcop.net, a website dedicated to
reporting spam worldwide, has estimated that 11.5 spam messages are sent out
What is Rutgers doing to manage spam?
Starting the first week of April 2008, the Office of Information Technology
(OIT) will be implementing more aggressive methods of combating spam on the
RCI email service. Some of the enhancements will include more comprehensive
scanning of messages for various characteristics of spam, as well as looking
for email from known spam sources.
Currently, OIT offers an e-mail spam filter based on a popular program
called SpamAssassin. With that
program, all incoming messages are assigned a score according to
complex formulas that determine the likelihood of a given message being
spam. Individual account holders can then determine what to do with messages that exceed a particular score (e.g., delete them).
- Login to Rutgers Webmail.
- Click on the Webtools option on the top of the webmail screen.
- Select the "spam filtering" option under Setup.
- Choose the "Setup spam filtering" or "Disable spam filtering" option, depending on what you want to do.
Determining what is spam
There are various ways that a message can be classified as spam.
The webtool allows three methods of spam filtering: 1. user address, 2. domain name and 3. filter level. The spam filter can be set to work with those three types of filtering, depending upon needs and preferences.
1. Spam filtering by user address
Filtering spam by user address requires the e-mail address of spam senders be specified in the appropriate fields of Section 1 of the Webtool spam Filter (Note: use of this filter will catch all mail from an address, even legitimate messages.)
This is the least effective of the three options for general spam control, as the user must continually add new addresses to filter out new messages. However, if you are beset with messages from a particular correspondent which you no longer wish to see, this is the option to use.
2. Spam filtering by domain
The spam filter can also be set to detect spam by domain, which is the name of the organization in an e-mail address. For example, in an e-mail address of NetID@rci.rutgers.edu the domain is rci.rutgers.edu. Examples of some other well-known domains can include aol.com and Amazon.com, to name just two (Note: use of this filter will catch all mail from a domain, even legitimate messages.) Filtering messages based on domain, or e-mail address is called a Black List
Enter the domain names from which spam is to be detected into the fields in the middle portion of Section 1 of the Webtool spam Filter:
This is somewhat more effective than the previous option, as it catches all messages coming from a particular domain, rather than just those of a particular account at that domain. However, as a general spam-prevention method, it is not much of an improvement, as you continually need to add new domains.
Also, it must be noted that spammers frequently fake e-mail addresses, including entire domains. If you attempt to put in a domain that does not actually exist, a warning message will be shown and your changes will not be saved. Remove the invalid domain and resubmit the changes.
Exempting domains and e-mail addresses
If legitimate e-mail addresses or domains are consistently being filtered by the spam filtering software, exceptions can be made with the tool to allow these messages to go through. This method is referred to as setting up a White List
Enter the domain name or e-mail address on which the exceptions should be made by filling out the bottom half of Section 1 of the Webtool spam Filter.
NOTE: Black Lists take precedence over White Lists. This means that if the domain aol.com is listed in the Black List, and firstname.lastname@example.org is listed in the White Lists, the email@example.com e-mail's will still be treated as spam.
3. Spam filtering by a filter level
The filter level establishes a very important criterion: messages above a chosen value will trigger a response from the filter and route those messages accordingly. Messages labeled as spam can be handled in three different ways:
- Delete the spam
- Store the spam in a folder named AUTO-DELETED-SPAM
- Store the spam in a folder designated by the user
Rutgers sets a default trigger value of each account's filter at 5 on a 1-to-30 scale, with 1 a strict setting and 30 a very lenient setting. The former will filter almost all e-mail messages, while the latter will filter very little. If you put purported spam into AUTO-DELETED-SPAM, OIT recommends the median level of 5. However, if you are directing the filter to delete spam immediately, we recommend the safer level of 10. There is no way to recover a legitimate message which the spam filter has automatically deleted upon arrival.
Deciding what to do with spam messages
Once a message has been flagged as spam, you next need to decide what should be done with that message. You have several options.
- Storing spam in the AUTO-DELETED-SPAM Folder
OIT RECOMMENDS THIS SETTING.
To set the filter to send mail into the AUTO-DELETED-SPAM folder, click the button next to the Store the spam in a folder named AUTO-DELETED-SPAM option:
If this setting is selected, messages designated as spam will be placed into a special folder called AUTO-DELETED-SPAM. It is wise to regularly review this folder in case any legitimate e-mail messages were accidentally placed inside of it. All messages placed in this folder will be deleted after 14 days, by default. OIT recommends a "filter level" of 5 or lower. However, if a large number of legitimate messages end up in the folder, increasing the filter level (making it more lenient) may be necessary. If you
plan to review messages placed into this folder, you will want to make sure your e-mail software is subscribed to this folder.
Subscribing to folders
You can control how frequently the messages in AUTO-DELETED-SPAM are deleted. Click on the pull down menu in the "Keep messages around in this folder" line and select the number of days, between 1 and 30, then click the "Submit" button.
NOTE: Those who use the POP server for incoming mail will be unable to view the contents of an AUTO-DELETED-SPAM folder, and risk missing legitimate messages that may be placed there. OIT recommends configuring Mozilla Thunderbird or Outlook Express to the IMAP protocol to send and receive mail.
- Store the spam in a user-designated folder
Messages marked as spam can be placed into a designated folder in the Rutgers e-mail account. A new folder for that purpose will be created when the button is selected and a name entered into the "Supply the folder name:" text field. Messages stored in that folder will need to be deleted manually. OIT highly recommends the custom folder be monitored regularly. Deleting unwanted stored messages on a regular basis will help prevent exceeding the account disk quota, which is the maximum amount of space allowed to store files in Rutgers e-mail accounts.
- Deleting the spam
With this setting, all messages below the set trigger level will be deleted immediately. This means that if, for some reason, a legitimate e-mail message is flagged as being spam, it will be deleted, and there will be no way to get the message back. For that reason, OIT strongly recommends using the filter cautiously, and to set the spam level to 10.
Those choosing to route spam into folders for viewing later (e.g. the AUTO-DELETED-SPAM folder) will need to re-subscribe to their e-mail folders on the server. While programs such as Mozilla Thunderbird and Outlook differ in appearance, they generally work the same in terms of managing e-mail and folders. Instructions for subscribing to folders in each software product are available by clicking on the respective link:
Entourage for Macintosh
Macintosh OS X
What else can users do to stop spam?
There is no 100% fool proof way to stop spam entirely. There are ways to cut down on the amount of spam an account receives.
- Do not put a personal e-mail address on a publicly accessible web
Many times companies who send out spam get e-mail address by using
programs that search web pages for e-mail addresses and use those addresses
for their spam lists. So if an e-mail address is listed on a webpage it is
more likely to get spam.
A second solution is to write the e-mail address on the webpage in
a format that is not easily detectable as being an e-mail address. For
example the e-mail address firstname.lastname@example.org can be rewritten
fakeuser at rci.rutgers.edu. While easier to implement, the second
solution is not as effective in curtailing the amount of spam being delivered
to an account.
Another solution is to not include a personal work address on a public
webpage, and instead use a departmental e-mail address as a contact.
Departmental e-mail addresses are accounts on the central server system that
multiple people can be given access to. These people can log into that
account and read any e-mail that has been sent to that account. While the
departmental account will still receive spam, because it is listed on a
public website, the personal accounts will receive much less spam then if
they were listed publicly.
To request a departmental account please fill out the following form:
- Do not use your e-mail address on online forms
Many websites require that you register your e-mail address with them before using their service. Some of these sites sell their e-mail lists to other organizations. If a service requires an e-mail address to use their service, it is best to use a secondary account rather than a primary or work e-mail account. This secondary account should only be used for registration purposes, ensuring that, if the secondary account is sent spam, it will not interfere with legitimate e-mails on the primary account.
- Do not follow the removal instructions in unsolicited e-mails
Spam messages often provide a link that users can click on to take themselves off of the mailing list. This is often a trick that spam companies use to see if they have reached a working e-mail account. Once a user clicks on this link, spammers know that they have a working address and can continue to send e-mail messages to that account, so the amount of spam increases.
- Enabling Junk Mail Controls
Although Rutgers systems automatically filter spam, you may wish to set up additional filters in your desktop e-mail program.
Instructions for enabling and setting junk mail controls on the e-mail programs we support are available by clicking on their respective links:
- Report the spam
Another way to try to decrease the amount of spam going to an account is to
report the spam. One company that is very good as a spam reporting site is
spamcop.net. The spamCop website
does require that a user register for their reporting service, but this will
only need to be done the first time spam is reported by the user. When spam is
reported to spamcop.net they determine where the spam is coming from and
report it to the proper people.
Where can I get help?
Please call the NBCS Help Desk at 732-445-HELP (4357), or visit Room 013, Hill Center, Busch Campus. You may also write to "help" on the system where your account is located (e.g., email@example.com for Eden accounts, or firstname.lastname@example.org for RCI accounts) or consult your Unit Computing Manager or Unit Computing Specialist.