Text only
 IT SERVICES Goldsmiths, University of London


Home
A-Z lists:
> Students
> Staff
Need help?
> Got a problem?
> Who do I contact?
> FAQs
About IT Services
System Status
Feedback
Submit work to the Web Team
Goldsmiths home
Help Desk
Ext: 7555
Email: helpdesk
 
Image bar

Defeating Spam

IT Services
October 2006

Introduction

Amongst the most universally hated developments of the modern world are cold callers, junk mail and spam. Essentially they are all the same thing just using different media for delivery. Unfortunately whilst there are numbers you can phone to get yourself put on a "Do not cold call me and do not send me junk mail" list, the same is not true for spam. Part of the problem lies in the international nature of the internet. No single government can impose regulations which can legally impact the whole internet. This means that fighting spam becomes the responsibility of the recipient.

A recent BBC article claims that more than 95% of email is 'junk'. Goldsmiths has experienced a dramatic increase in the volume of spam arriving over the last few months, and we are not alone in reporting this.

Goldsmiths' Position

Because Goldsmiths is a university there are additional reasons why you may get more spam in your Goldsmiths' account than you do, say, in your home ISP's account:

  • We do not whitelist our mail. A whitelist is a list of accepted senders - if an email arrives and the sender's address does not appear on the whitelist then email is automatically rejected. We don't do this because it is important that users in a University are contactable by anyone in the world without prior arrangement.

For staff, there are two additional reasons why spam may be sent to your College e-mail address:

  • We use real names as email aliases for staff. Your ISP account will probably be something like "payne47@myisp.com". Such combinations of letters and numbers are quite hard to guess and a spammer would have to get through "payne1" to "payne46" before he got to your account! However "f.smith@gold.ac.uk" isn't so hard to guess. For legitimate senders this is obviously a bonus as it means that if you're trying to contact a Dr Frederick Smith at Goldsmiths for a legitimate academic reason you can make a good stab at a likely email address, unfortunately it also means that it's easy for spammers to guess a valid email address. Another rather unfair part of this scenario is that those people with more unusual names are actually less likely to get random spam that poor Dr Smith!
  • However, probably the biggest culprit in the question of just why your Goldsmiths' account receives more spam than other accounts lies in the fact that your email addresses are plastered all over publicity material, web pages, conference reports etc.. Moreover, as Goldsmiths has been online since 1992, may staff email addresses have been out there for some considerable time and will have been bought and sold on email lists for a number of years - long before anyone realized that there was a nasty payoff for having your email address published.

The bottom line is that if you have worked here for several years, you publish a lot, and particularly if you have a reasonably common name, your email address will be known to every spammer in the world and short of redesigning the Laws of Physics to turn back time, there's nothing that can be done about it.

What we do about it!

As IT Services has yet to redesign the Laws of Physics we concentrate instead on stopping as much of this spam from reaching your InBox. When you receive 20 spam messages in your InBox a day you might be forgiven for thinking that we don't do this very well, however you have to bear in mind that these 20 messages are only the ones that got away! You don't see the ones we do catch!

In keeping with good practice guidelines we have a two-pronged approach. The gateway server (the main email server that talks to the outside world) is setup with various access control lists that seek to identify when mail is being sent incorrectly to it. Responsible ISPs set up their mail servers so that they "talk nicely" with other ISPs' mail servers, so if our server encounters a mail server that is is not producing the correct responses the chances are very high that the server in question is trying to spam us and therefore our server refuses the message. In addition Goldsmiths subscribes to several blacklists. (A "blacklist" is the opposite of a "whitelist", it is a list of IP numbers of servers that have been found to be sending out spam.) If a message is sent from a blacklisted IP number, then our server will refuse the message. More than 50% of all the messages that arrive at our gateway server are refused. These are the emails you never, ever see.

The second prong is when our server accepts a message it runs some software that checks each and every message to see if it is infected with a virus and whether or not the message is likely to be spam, giving each message an individual "SpamScore". Unlike a school, which has rather different obligations to its users as they are mostly minors, Goldsmiths does not filter messages on content. Indeed content filtering is actually very ineffective. Take, for example, the following list of words (with which you will undoubtedly be familiar if you receive spam!): pen1s, p3nis, p3n1s, PEN1s, pennis, p_enis, p e n i s, pen'is. Not a single one of them actually says "penis", yet you will have read every one of them as "penis". You can get wordlists like this, and this is what schools use amongst other things, but they are far from complete and messages will still get through. Regardless of word lists though we cannot filter globally on, say, the word "penis" with all its permutations otherwise Psychology would not be able to teach about Freud, Visual Cultures would not be able to discuss the history of the nude, and Sociology would not be able to study the impact of pornography on society. The spam rules that we use base their information on email header details (spammers often forge a lot of email headers), known spam content (such as the Nigerian Money Scam), and likely indicators of spam (such as the email comprising solely of an image). Based on those rules each message is given a SpamScore and then our server delivers the message.

All of the above happens by default, globally to all email. The next step is down up to individual users because circumstances vary for each user and what is right for one may not be right for another. We run software called Sieve which interacts with every email delivered to an individual user's mailbox. ...where you can setup Sieve to filter away the emails that have been given high SpamScore to a separate "spam" mailbox. This Sieve filter will usually remove around 80% of the spam delivered to your account from your InBox.

However, correct identification of spam is difficult and changing constantly as the spammers get wiser. Set the identification too strongly and you get too many false positives. Set it too weakly and users will receive too many spams in their Inbox. There will always be some spam that gets through no matter what system you use or how expensive that system is. The only way not to get spam is to whitelist all your emails: but then you will miss out on all sorts of things and strict whitelisting is not recommended on your College account.

[ Back to Top ]