| Quick Information | |
| SpamAssassin Instructions | |
| Email Statistics | |
Spam is a continuing problem at Oregon State University. Network Engineering uses several tools to help keep spam from reaching your mailbox. Read on for more information about what we are doing to prevent spam, what you can do, and how to keep your address off of spammers' lists.
OSU implemented greylisting at the campus mail relays on October 30, 2007. Preliminary statistics show that greylisting has reduced by over half the amount of spam that arrives in OSU email accounts.
Greylisting works by sending a temporary failure message on the first attempt of a unique combination of sender IP, sender and recipient. Legitimate, properly-configured mail servers deal with a temporary failure by queueing the message and resending later. (Resend times vary, but 15-30 minutes is typical.) On subsequent attempts to send a message, the greylisting server allows the message to be delivered.
Greylisting works as an effective method to prevent spam because spammers typically do not bother to queue mail. Rather they blast the spam out once and ignore delivery failures.
The downside of greylisting is that it may cause a legitimate message to be delayed (typically for about 30 minutes, although this depends on the configuration at the sending server). Messages may also appear to arrive out of order, as subsequent messages from the same sender are not delayed. This will only happen the first time that a new sender tries to send to a new recipient.
Sites that have implemented greylisting address these issues by building up a comprehensive whitelist. That is the approach we are taking as well. We have already whitelisted several sites that OSU communicates with on a daily basis. If there are sites that you are concerned about, please send us a list at net (at) oregonstate.edu, and we will add them to the whitelist.
NOTE: Greylisting does not apply to email sent within OSU.
An RBL is a list of hosts that are known spammers or open relays (misconfigured mail servers). When we receive email from one of these sites, we bounce the message back to the site with an explanation that they are in an RBL and a link with directions on how to get unlisted from it. In addition to RBLs, we have an access list of domain names and email addresses of known spammers that we reject mail from. We also block mail from dynamic IP ranges, because mail servers should never have a dynamic IP. Finally, we block mail from dialup users and cable modem users - these users must relay through their ISPs mail server rather than sending directly to us (a trick often used by spammers).
We use the following RBLs at OSU:
If you are having trouble receiving mail from another site because they are listed in one of our RBLs, please tell the person at the remote location to contact their e-mail administrator or ISP and give them the information in the bounce message that they received from OSU. Contact us at net(at)oregonstate.edu if the sending site is unable or unwilling to get unlisted - we may be able to help them get unlisted, or whitelist the site here.
In order to help you filter junk mail out of your inbox, we tag all messages coming to OSU with Spam Assassin tags that indicate the likeliness that a given message is spam. To use these tags, read the Spamassassin documentation.
Content-based filtering refers to sorting or deleting mail based on the content of the message itself. Because of the risk of intercepting legitimate email, we do not perform content-based filtering at the server. Instead, we encourage individual users who are having trouble with spam to turn on content-based filtering within their e-mail client programs.
Many e-mail clients now come with "Junk Mail" filters built-in, which you can turn on to help sort out the messages you don't want to see. When you use a junk mail filter, make sure that you set it to sort the unwanted mail into a junk folder, rather than your deleted items. That way, you can check the junk folder once in a while to make sure that no innocent mails have ended up there.
Bayesian Filtering
The best type of content filtering is bayesian filtering. To learn more about bayesian filtering, read Paul Graham's paper on the subject.
The basic idea behind bayesian filtering is that you train the filtering application as to what you consider to be spam or not spam. The training process is actually quite simple, and after a few days, you will find that the bayesian filter is almost 100% accurate, both in catching spam, and in not catching legitimate messages. Bayesian filtering is the only spam-fighting technique that spammers cannot circumvent (at present, anyway).
Although it's pretty inconvienient to do so, it's best not to have your real email address posted somewhere on the Internet (such as your website). A study performed by the CDT found that the number one way that spammers get your email address is by crawling websites: Study on how spammers get email addresses
To avoid having your e-mail address harvested by spammers, you should obscure it whenever you put it on a webpage. The basic rule of thumb is to avoid a "mailto:" link on a webpage with your real address in it. Here are a few methods that you can use to obscure your email address on webpages:
Also, when you are posting to email lists or filling out online web forms that ask for an email address, you may want to set up a temporary email address as a spam catcher. There are free services such as SpamGourmet that will allow you to setup temporary email addresses for posting to email lists, newsgroups, etc.
As of January 2007, honeypot spam statistics indicate the following:
Up until a few years ago, most spam came from misconfigured mail servers or proxy servers. But in the past three years, spammers have started using email viruses to infect workstations and use them to send their spam. See the Wikipedia article on Spam for more information about how spammers operate.
This trend has made it very difficult to block spam based on the IP of the sending machine. Spammers continually move from one IP address to another to fool block lists. By the time a host has been listed in an RBL, the spammers have moved on.
One very important thing that you can do in the fight against spam is to keep your workstations up-to-date on software patches and anti-virus software. It's also a good idea to run a personal firewall - Windows XP SP2 comes with firewall software built-in. And, as always, use caution when opening emails from addresses you don't recognize, and always scan email attachments for viruses. If your computer has become noticeably slower, it's a good idea to run software designed to detect virus infections, such as AdAware or Spybot. Don't let your computer become part of a zombie botnet!