Search:

• Technology Services at MSU
• Guidelines & Policies
• Help & Support
• MSU IT Exchange
• Network
• SecureIT
  (Safe Computing)

Quick Links

• E-mail
• ANGEL - Course Management
• LON-CAPA
• Computer Repair
• Computer Store
• Computer Labs
• Training Classes
• Library Catalog

• Libraries, Computing & Technology
• Institutional Memberships & Associations

Fighting Spam

What We're Doing, and What You Can Do

January 10, 2007

Spam, or unsolicited commercial e-mail, plagues Internet users worldwide. In 2003, Congress passed and the President signed the CAN-SPAM Act, legislation that outlawed most forms of spam. Despite some limited success in prosecutions, the flow of spam continues unabated; spam mail is skyrocketing. (Much of the spam originates from overseas, especially from countries not easily reached by U.S. laws.) Postini, a company that markets spam filtering services, calculates that more than 80% of all mail sent on the Internet is now spam.

Ed Kryda, who heads the team that supports mail.msu.edu, says the pattern at MSU is similar. “We’re handling more than 78 million messages a month now, up from a little over 11 million just three years ago. Most of the increase is spam."

The Internet community, in general, and MSU’s mail team in particular, are applying technology to address the problem. You as an individual can also take steps to minimize the impact of spam on your daily life.

Steps the ACNS Mail Team is Taking

Shortly after its inception mail.msu.edu has offered a spam filtering tool. Customers can turn the spam feature on by selecting an option under Preferences. Many users find this sufficient to manage the flow of spam.

The built-in spam filter uses an algorithm, or formula, to calculate the likelihood that a given piece of mail is spam. There are two drawbacks: One, the algorithm is not perfect; sometimes legitimate mail will be flagged as spam. Therefore you must skim through your Spam folder periodically to see if a message you need was falsely flagged as spam. Two, calculating the spam score is computationally intensive; at times the flood of spam is so severe that it strains mail.msu.edu, causing delivery slowdowns for everyone.

Spamassassin also uses a list of regular expressions that a message is checked against. These are often referred to as rule-sets. Spammers adapt and figure out ways to avoid triggering the different rules when sending Spam. Each rule has a point value defined to it, which all add up to give a user their final Spam score for a message.

Last July the mail team implemented a Domain Name System (DNS) based scheme to identify known spam sources, and to reject mail from those sources at the outset. This dramatically reduces both processing costs and the number of spam messages that might slip past the formula. Mail.msu.edu relies on accepted spam information sources such as Spamhaus.

The mail team is evaluating further technological measures. One approach looks at patterns of traffic from off-campus mail sources. If a particular domain name suddenly sends large volumes of mail to a variety of MSU recipients, the system would “shape” or limit the amount of mail delivery bandwidth the offender can consume. Many spam sites will stop the assault if they realize that a smart victim is throttling them.

The MSU mail team works with the e-mail community to explore new anti-spam measures. Most recently they are examining techniques for “greylisting” new servers that seek to send e-mail to msu.edu recipients. Unknown sources will be tested to see that they conform to the behavior of legitimate mail sources. Institutions that currently use greylisting have seen a significant decrease in the amount of Spam messages delivered to their users.

Steps You Can Take

There are several steps you can take to manage the flow of spam:

• Turn on spam filtering. Log into mail.msu.edu, go to Preferences, and turn on Spam filtering. You have three choices to make: (1) you can have ***** SPAM ***** inserted into the subject line of flagged messages; (2) you can choose to have flagged messages moved to your SPAM folder; (3) you can have SPAM discarded. (Warning: if you choose to have spam discarded, you’ll never have a chance to see a message falsely flagged.)
• If you know that certain senders are likely to send spam, use the Blocked Senders feature in mail.msu.edu to prevent their mail from reaching your inbox. You can also specify Trusted Senders, those whose addresses should not be blocked. And you can block an entire domain.
• If you use a mail client program such as Eudora or Outlook, turn on the spam filtering option in that program as well. Note that if you automatically forward your mail from mail.msu.edu to a departmental or external mail service, mail.msu.edu spam processing will not take place.
• Be careful how you publish your e-mail address. Spammers use tools to harvest addresses from Web pages and mailing lists. Consider using the form “johndoe (at) msu.edu” when you give out your address.
• When you give your address to a vendor with whom you have a casual relationship, such as the online edition of a faraway newspaper, consider using a “sacrificial” account on a free mail service such as Hotmail, Yahoo! Mail, or Gmail. You can skim this account from time to time to see if you have messages of value.

One measure we don’t suggest is changing your MSU NetID. Some users feel that their particular NetID is targeted, and ask to change to a new ID. While ACNS will perform this service for a $10 fee, the benefits are fleeting.

Much more information about how to fight spam is in the ACNS knowledge base. To learn more about settings in mail.msu.edu and in desktop client mail software, just go to computing.msu.edu and search for “spam.” Or contact the ACNS Help Desk at (517) 432-6200.

by Richard Wiggins, Academic Computing and Network Services

Computing Features Archive

• Accessibility
• Contact Us
• MSU Home Page