Network Engineering uses several tools to help keep spam from reaching your mailbox. Read on for more information about what we are doing to prevent spam, what you can do, and how to keep your address off of spammers' lists.
Spam is defined as unsolicited, bulk e-mail. Typically spam comes from strangers - people who have obtained your e-mail address without your permission. If you signed up for the mailing (intentionally or accidentally), it may be undesirable e-mail, but it is not technically spam. Likewise, if you have some sort of business relationship with the sender, it is not spam. So, an e-mail sent to you from your bank, an online service you signed up for, or your department at OSU would not be considered spam.
Note: Using OSU's e-mail system to send unauthorized bulk mailings is against the Acceptable Use Policy. For information about how to do a bulk mailing at OSU correctly, please see the Guidelines for Release of E-mail Addresses.
If Step 1 doesn't stop the spam from coming through, you can report the spam to OSU Network Engineering:
Greylisting works by sending a temporary failure message on the first attempt of a unique combination of sender IP, sender and recipient. Legitimate, properly-configured mail servers deal with a temporary failure by queuing the message and resending later (typically within 15 to 30 minutes). On subsequent attempts to send a message, the greylisting server allows the message to be delivered.
Greylisting works as an effective method to prevent spam because spammers typically do not bother to queue mail. Rather they blast the spam out once and ignore delivery failures.
The downside of greylisting is that it may cause a legitimate message to be delayed. Messages may also appear to arrive out of order, as subsequent messages from the same sender are not delayed. Also some sites do not queue and redeliver messages properly.
OSU addresses these issues by building up a comprehensive whitelist of allowed senders. If there are sites that you are concerned about, please send us a list at net (at) oregonstate.edu, and we will add them to the whitelist.
NOTE: Greylisting does not apply to e-mail sent within OSU.
A RBL is a list of hosts that are known untrustworthy e-mail senders. When we receive email from one of these sites, we bounce the message back to the site with an explanation that they are in an RBL and a link with directions on how to get unlisted from it. In addition to RBLs, we have an access list of domain names and email addresses of known spammers that we reject mail from. We also block mail from dynamic IP ranges, because mail servers should never have a dynamic IP. Finally, we block mail from dialup users and cable modem users - these users must relay through their ISP's mail server (or they can relay through OSU with ONID authentication).
We use the following RBLs at OSU
If you are having trouble receiving mail from another site because they are listed in one of our RBLs, please tell the person at the remote location to contact their e-mail administrator or ISP and give them the information in the bounce message that they received from OSU. Contact us at net(at)oregonstate.edu if the sending site is unable or unwilling to get unlisted - we may be able to help them get unlisted, or whitelist the site here.
For more information about phishing, please see the Phishing helpdoc page.
OSU blocks e-mail messages that contain a reply-to address that goes to a known phisher. If practical, we will also "poison DNS" for links included in phishing e-mails, so that clicking the link will redirect you to a safe page instead.
If you respond in any way to a phishing e-mail that asks for your username and password, we will disable your account and ask you to reset your password. OSU has had several accounts become hacked in the past and these hacked accounts have been used to send hundreds of thousands of spam e-mails to OSU and to the world, causing serious e-mail disruption.
NEVER respond to phishing e-mails!
Content-based filtering refers to sorting or deleting mail based on the content of the message itself. We do content-based tagging at the mail relays using SpamAssassin, and these tags can be used to filter spam in your e-mail client.
Many e-mail clients now come with "Junk Mail" filters built-in, which you can turn on to help sort out the messages you don't want to see. When you use a junk mail filter, make sure that you set it to sort the unwanted mail into a junk folder, rather than your deleted items. That way, you can check the junk folder once in a while to make sure that no innocent e-mails have ended up there.
SpamAssassin headers that you can filter on:
X-Spam-Flag: YES (indicates that this message has a score of 5 or more)
X-Spam-Level: ******** (the number of stars indicates the spam score)
For example, to filter all messages with a score of 3 or higher, you could create a rule in your email client to match on "X-Spam-Level: ***".
Instructions on how to set this up can be found here.
The best way to avoid being spammed is to be careful how you share your e-mail address. Every time that you sign up for something online and provide your e-mail address to do so, you are potentially sharing your contact information with not only that site, but with third parties as well.
The following are things you can do to keep your address off spammers' lists:
In the past, most spam came from misconfigured mail servers or proxy servers. But today most spam comes from virus-infected personal computers, hacked e-mail accounts and free e-mail providers. See the Wikipedia article on Spam for more information about how spammers operate.
One very important thing that you can do in the fight against spam is to keep your computer up-to-date on software patches and anti-virus software. It's also a good idea to run a personal firewall. Use caution when opening e-mails from addresses you don't recognize, and always scan email attachments for viruses. If your computer has become noticeably slower, it's a good idea to run virus-detection software.
Finally: NEVER share your password!
Inbox Rules can be used to lower the amount of spam received to exchange? email addresses.
These instructions do not apply if you receive your ONID email via Google Apps for OSU. Email filtering will not work with ONID if you have your ONID account set to forward to another email account. For more information about forwarding, click here.
Following are directions for setting up Spam Assassin and Mail Filters on ONID:
Personal Mail Filters
To customize junk email controls:
To train Thunderbird:
Quick Jump Links:
If you would like to report phishing emails, please follow the process below for your particular mail client.
1. Once you are in the phishing attempt email, click on the little drop down arrow. This will bring up several options.
2. Click on the “Show original” option in that drop down menu.
3.This will open a new tab with a page that looks like this, a lot of text. You will need to copy and paste this text into a new email. An easy way to highlight all of the text is to press the Ctrl button and the A button at the same time. After that you can press Ctrl and C together to copy it.
4. If you feel the message is abusive or asking for your crendentials please send it to phishing (@) oregonstate.edu. Otherwise send the email to phishing (@) oregonstate.edu and we will look at it.