Fighting Spam

Unsolicited bulk e-mail, commonly called "spam," is a problem for every electronic mail system on the Internet today. Medaille is no exception. This form of net abuse is known to virtually everyone who has ever had an e-mail account. It is commonly estimated that spam on the internet is doubling every three or four months.

Server-based spam defenses (what IT does)

Our server-based spam defenses block and filter the vast majority of the spam which is sent to Medaille mailboxes. Here are the mechanisms we currently have in place.

Blocking Lists

Our first line of defense is a set of remote blocking lists that are maintained by various spam-fighting organizations (for example, Spamhaus). These are lists of computers and servers which are either known spam sources or known to be vulnerable to spam operations. These lists are generally updated frequently each day.

Medaille also maintains its own additional blocking list, based on the largest-volume spammers to get through to our servers. We generally update this list each day based on the previous day's spam haul.

We also use an internally developed utility which does enhanced matching against blocking lists. (This utility alone blocks between 30,000 to 250,000 spam items daily.)

Spam blocking should protect us against systems which are dedicated to generating spam. It should have a very small chance of rejecting a real piece of email. We are conservative in the blocking lists we use; occasionally we stop using a particular external list if its blocking criteria are too aggressive.

While not likely, it can happen that a legitimate email source gets blocked. All blocked messages are returned with an appropriate error code, so the sender can see that the message was not delivered. If you believe you have not received a desired message due to Medaille's spam blocking, please contact IT's Help Desk at helpdesk@Medaille.edu.

Spam filtering (PureMessage)

Spam that is not blocked based on its source then hits our second line of defense, the Sophos PureMessage spam filter system. PureMessage evaluates each email item individually for a long list of possible spam indicators in both the email headers and the contents. The more clues that match, the higher the probability that the item is in fact spam.

At Medaille, any message that PureMessage thinks has at least a 70% chance of being spam is tagged and moved to the recipient's individual Junk E-mail folder.

You can see the spam-likelihood score that PureMessage has assigned to any particular piece of email, as well as the factors behind that score, by looking at the full email headers. (Although Cornell's implementation of PureMessage is a bit different than ours, their PureMessage web page offers a good explanation of the principles.)

PureMessage makes available (and we apply) updates to their spam-detection rules nearly every day.

As we all know from the regular offers we get for instant wealth from distant shores and unnatural enlargement of body parts, despite all of these defenses, some spam still gets through. We estimate that PureMessage is detecting about 90% of the actual spam that gets past the blocking. We are currently evaluating alternatives to PureMessage to see if any of its competitors might do a better job.

What You Can Do About Spam:

Keep your email address off the spam radar

  • Don't post your address on a publicly searchable web page if you can avoid it. (It's good practice for departments and organizations to use functional rather than personal addresses, such as our helpdesk@Medaille.edu.)
  • Only give out your email address to reputable organizations with good privacy policies (yes, you should read the privacy policies)
  • For all other sites, if you must give out an email address, use one you don't care about (a free one from a service like hotmail for example).
  • Don't ever reply to spam or use the "option" to unsubscribe -- that just tells the spammer they have found a real person willing to read what they are sending. (See http://www.spamhaus.org/removeisformugs.html.)

Protect your PC from viruses and malware

Spammers want to infect your PC so they can get all of the email addresses in your address book, and so they can use your PC as a "zombie" to send out more spam. By following good security practices, you are protecting your friends and your community as well as yourself.

Report untagged spam

Sophos encourages its customers to send any missed spam back to them; this helps them improve the PureMessage filtering rules.

About full mail headers:

Most email clients only display the To:, From:, Date: and Subject: lines of the headers. However, what we don't normally see as email recipients is the path which the email followed from its original SMTP outbound server to reach our inbound mail server. This header information is critical for the spam detection effort. (SpamCop is a public site dedicated to helping rid the net of the spam nuisance. Use the link above to get the scoop on where to find this header info for your particular mail client.)

Block automatic display of images

Unwanted, disturbing images are a particularly upsetting aspect of spam. Automatically loading "images" can also trigger malicious software.

For web-based email clients such as MedailleOne and webmail, your main defense is to only open email from recognized sources.

Using spam-filtering software on your own computer

If you are really frustrated with all of the spam in your inbox, then you may want to invest some time in setting up and training spam-filtering software on your own computer. Outlook, Entourage and Apple Mail all have built-in spam filtering capabitilies that you can choose to turn on. There are also add-on spam filtering products you can install.

Frequently Asked Questions

Q1. The email I sent to my colleague at hotmail (Comcast, yahoo, AOL, ...) was rejected as spam!

Occasionally outside companies -- sometimes even some of the major ones who should know better -- get too aggressive in their spam blocking lists and reject mail from perfectly fine servers such as ours. If this happens to you, please send the email with the bounce message to us at consult@Medaille.edu, and our email administrators will work with the outside service to get the problem fixed. You could also ask your colleague to notify their service of the problem.

Q2. Why is there tagged spam in my inbox?

Tagged spam (subject starting with [SPAM:XXXXXXX) should always go straight to the Junk E-mail folder. We've seen some cases in Outlook where this is not happening automatically.

This is especially important for people who use a hand-held device (such as a Blackberry or a Treo) to receive email directly. No one wants to be notified of each incoming piece of spam.

Q3. A real piece of email was sent to Junk E-mail!

Case 1: the server-side filter goofed.

In this case, you'll see the tell-tale [SPAM:XXXXXXX tag in the message subject. While the rate of "false positives" is very, very low at the 70% setting, every once in a great while we do see a non-spam item falsely tagged and filtered into the Junk E-mail folder. For this reason we strongly recommend you glance at this folder at least once every 28 days so that you can catch and rescue any such error. Please also send the incorrectly tagged email (with full mail headers) to consult@Medaille.edu, so we can try to prevent the problem in the future.

Case 2: your local filter is at work.

If the wrongly filtered item is not tagged (that is, the subject does not start with [SPAM:XXXXXXX), then the server-side filtering is not the cause. Rather, this is an indication that some additional spam filtering is happening within your email program, even if you didn't realize it. Recommendation: turn your local filtering off, or spend the necessary time tuning it and checking the results.
Back to top