Blocking E-mail Spam

Network Engineering uses several tools to help keep spam from reaching your mailbox. Read on for more information about what we are doing to prevent spam, what you can do, and how to keep your address off of spammers' lists.

What is Spam?

Spam is defined as unsolicited, bulk e-mail.  Typically spam comes from strangers - people who have obtained your e-mail address without your permission.  If you signed up for the mailing (intentionally or accidentally), it may be undesirable e-mail, but it is not technically spam.  Likewise, if you have some sort of business relationship with the sender, it is not spam.  So, an e-mail sent to you from your bank, an online service you signed up for, or your department at OSU would not be considered spam. 

Note: Using OSU's e-mail system to send unauthorized bulk mailings is against the Acceptable Use Policy.  For information about how to do a bulk mailing at OSU correctly, please see the Guidelines for Release of E-mail Addresses.

Blocking Spam

Step 1 - Using Filtering On Your Account

Step 2 - Reporting Spam

If Step 1 doesn't stop the spam from coming through, you can report the spam to OSU Network Engineering:

Greylisting

Greylisting works by sending a temporary failure message on the first attempt of a unique combination of sender IP, sender and recipient. Legitimate, properly-configured mail servers deal with a temporary failure by queuing the message and resending later (typically within 15 to 30 minutes). On subsequent attempts to send a message, the greylisting server allows the message to be delivered.

Greylisting works as an effective method to prevent spam because spammers typically do not bother to queue mail. Rather they blast the spam out once and ignore delivery failures.

The downside of greylisting is that it may cause a legitimate message to be delayed. Messages may also appear to arrive out of order, as subsequent messages from the same sender are not delayed. Also some sites do not queue and redeliver messages properly.

OSU addresses these issues by building up a comprehensive whitelist of allowed senders. If there are sites that you are concerned about, please send us a list at net (at) oregonstate.edu, and we will add them to the whitelist.

NOTE: Greylisting does not apply to e-mail sent within OSU.

Real-Time Black Hole Lists (RBLs)

A RBL is a list of hosts that are known untrustworthy e-mail senders. When we receive email from one of these sites, we bounce the message back to the site with an explanation that they are in an RBL and a link with directions on how to get unlisted from it. In addition to RBLs, we have an access list of domain names and email addresses of known spammers that we reject mail from. We also block mail from dynamic IP ranges, because mail servers should never have a dynamic IP. Finally, we block mail from dialup users and cable modem users - these users must relay through their ISP's mail server (or they can relay through OSU with ONID authentication).

We use the following RBLs at OSU

If you are having trouble receiving mail from another site because they are listed in one of our RBLs, please tell the person at the remote location to contact their e-mail administrator or ISP and give them the information in the bounce message that they received from OSU. Contact us at net(at)oregonstate.edu if the sending site is unable or unwilling to get unlisted - we may be able to help them get unlisted, or whitelist the site here.

Phish Detection

For more information about phishing, please see the Phishing helpdoc page.

OSU blocks e-mail messages that contain a reply-to address that goes to a known phisher.  If practical, we will also "poison DNS" for links included in phishing e-mails, so that clicking the link will redirect you to a safe page instead. 

If you respond in any way to a phishing e-mail that asks for your username and password, we will disable your account and ask you to reset your password.  OSU has had several accounts become hacked in the past and these hacked accounts have been used to send hundreds of thousands of spam e-mails to OSU and to the world, causing serious e-mail disruption.

NEVER respond to phishing e-mails!

Content-Based Filtering & SpamAssassin

Content-based filtering refers to sorting or deleting mail based on the content of the message itself. We do content-based tagging at the mail relays using SpamAssassin, and these tags can be used to filter spam in your e-mail client.

Many e-mail clients now come with "Junk Mail" filters built-in, which you can turn on to help sort out the messages you don't want to see. When you use a junk mail filter, make sure that you set it to sort the unwanted mail into a junk folder, rather than your deleted items. That way, you can check the junk folder once in a while to make sure that no innocent e-mails have ended up there.

SpamAssassin headers that you can filter on:

X-Spam-Flag: YES  (indicates that this message has a score of 5 or more)

X-Spam-Level: ******** (the number of stars indicates the spam score)

For example, to filter all messages with a score of 3 or higher, you could create a rule in your email client to match on "X-Spam-Level: ***". 

How to Keep Your E-mail Address Off Spam Lists

The best way to avoid being spammed is to be careful how you share your e-mail address.  Every time that you sign up for something online and provide your e-mail address to do so, you are potentially sharing your contact information with not only that site, but with third parties as well.

The following are things you can do to keep your address off spammers' lists:

  • Don't sign up for work-at-home or other too-good-to-be-true offers; they are typically scams and your contact information will definitely go to spammers.
  • NEVER reply to spam or phishing emails.  If you do, it verifies to the spammer that your address is a real working address and that makes it even more valuable to them (and makes it more likely that you will get more spam).
  • If you post your e-mail address on a publicly accesible website, try to obscure it in some way (e.g. bob(at)oregonstate.edu).
  • When signing up for various accounts online, uncheck the boxes that ask about putting you on their mailing list.  Typically these will be checked by default.

OSU Email Statistics

Where does spam come from?

In the past, most spam came from misconfigured mail servers or proxy servers. But today most spam comes from virus-infected personal computers, hacked e-mail accounts and free e-mail providers.  See the Wikipedia article on Spam for more information about how spammers operate.

One very important thing that you can do in the fight against spam is to keep your computer up-to-date on software patches and anti-virus software. It's also a good idea to run a personal firewall. Use caution when opening e-mails from addresses you don't recognize, and always scan email attachments for viruses. If your computer has become noticeably slower, it's a good idea to run virus-detection software.

Finally: NEVER share your password!

Email Filtering

ONID

Email filtering will not work with ONID if you have your ONID account set to forward to another email account. For more information about forwarding, click here.

Following are directions for setting up Spam Assassin and Mail Filters on ONID:

Spam Assassin

  1. Browse to http://onid.oregonstate.edu/
  2. Click Login To ONID in the left hand column
  3. After logging in, click Manage Mail in the left hand column
  4. If mail forward IS NOT set, you will see a Spam Assassin section on this page
  5. Check the box that says Use Spam Assassin
  6. You may check either or both of the other two boxes at your preference
  7. Click Modify Spam Assassin Settings

Personal Mail Filters

  1. Browse to http://onid.oregonstate.edu/
  2. Click Login To ONID in the left hand column
  3. After logging in, click Manage Mail in the left hand column
  4. If mail forward IS NOT set, you will see a Personal Mail Filters section on this page
  5. You can create a custom mail filter under this section to automatically move emails coming from a certain email address or email domain to a spam folder in your ONID account.
    Caution: If you block a domain, all emails from that domain will be blocked. For example if you block @gmail.com, all emails coming from an @gmail.com email account will be blocked.

 

Outlook 2007

  1. From the main Outlook window, select the Actions menu
  2. Navigate to Junk Email and select Junk Email Options... from the sub menu
  3. From the Blocked Senders tab, click Add
  4. Enter the sender's email address or email domain to block the sender
    Caution: If you block a domain, all emails from that domain will be blocked. For example if you block @gmail.com, all emails coming from an @gmail.com email account will be blocked.
  5. Click OK
  6. Click OK

 

Outlook 2010

  1. From the main Outlook window, click Junk
  2. Select Junk Email Options... from the drop-down
    Junk Email Options
  3. From the Blocked Senders tab, click Add
  4. Enter the sender's email address or email domain to block the sender
    Caution: If you block a domain, all emails from that domain will be blocked. For example if you block @gmail.com, all emails coming from an @gmail.com email account will be blocked.
  5. Click OK
  6. Click OK

 

Outlook 2011 (Mac)

  1. Click the Junk menu, then click Junk E-mail Protection

  2. Select the level ou prefer to use for junk protection (the Low setting is fine for most users)

  3. Click OK

Entourage

  1. From the Tools menu, select Junk Mail Filter
  2. Check the Enable Junk Mail Filter box
  3. You can adjust the sensitivity of the filter with the slider bar

 

Mac Mail

  1. Select the spam email from the mail list
  2. Click Junk from the toolbar near the top of the window

 

Thunderbird

To customize junk email controls:

  1. From the Tools menu, select Junk Mail Controls

To train Thunderbird:

  1. Select the spam email from the mail list
  2. Click Junk from the toolbar near the top of the window

Reporting Spam & Phishing

If you would like to report spam emails to Network Engineering, please follow the process below for your particular mail client:

ONID

  1. Login to ONID Webmail at http://webmail.oregonstate.edu/
  2. Open the spam email (DO NOT open any attachments that may be contained within the email as they could contain viruses)
  3. Under the Forward menu, select Entire Message
    Forward Entire Message
  4. This will open a new email with the spam email included as an attachment.
  5. Send the email to abuse (@) oregonstate.edu

 

Outlook 2007

  1. Open the spam email in a new window (DO NOT open any attachments that may be contained within the email as they could contain viruses)
  2. Click Other Actions near the top of the window and select Forward as Attachment
    Forward as Attachment
  3. Send the attached email to abuse (@) oregonstate.edu

 

Outlook 2010

  1. Open the spam email in a new window (DO NOT open any attachments that may be contained within the email as they could contain viruses)
  2. Click More near the top of the window and select Forward as Attachment
    Forward as Attachment
  3. Send the attached email to abuse (@) oregonstate.edu

 

Outlook 2011 (Mac)

  1. Select the message in the message pane
  2. Click the Attachment button
  3. Send the email to abuse (@) oregonstate.edu

Entourage

  1. Select the message in the mail pane
  2. Click the Message menu from the top of the screen and select Forward as Attachment
    Forward as Attachment
  3. Send the attached email to abuse (@) oregonstate.edu

 

Mac Mail

  1. Open the spam email (DO NOT open any attachments that may be contained within the email as they could contain viruses)
  2. Under the View menu, select Message and then Long Headers from the sub menu
  3. Click Forward
  4. Forward the email to abuse (@) oregonstate.edu

 

Thunderbird

  1. Select the spam message
  2. Under the Message menu, select Forward As and then select Attachment from the sub menu
  3. Send the attached email to abuse (@) oregonstate.edu