IT Services

• ITS home
• Help
• Services
• My IT account
• About

Questions and answers

983

What is the IT Services doing to reduce the amount of unwanted, unsolicited, 'spam' email?

IT Services currently have several mechanisms to reduce the amount of unsolicited mail on the campus mail system:

1. We subscribe to and use all three levels of the Mail Abuse Prevention Scheme (MAPS) email blocking service. This blocks inbound mail from servers sending spam (using RBL, the Realtime Blackhole List), from dial up users who are not using their ISP's mail service (using DUL, the Dial-up User List), or from mailers which are relaying spam (using RSS, the Relay Spam Stopper).  We also make use of two other RBL lists: Spamhaus, and DSBL. Mail matching any listed sources is rejected.  See also the note below about the Janet anti-spam DNS block listing service, launched in October 2007.
2. We maintain a local blacklist of spammer addresses. Sources of spam are added to this list by members of the IT Services Systems team, mainly when large amounts of spam show up in the mail queues.
3. We verify message senders by 'calling' their claimed email address. Only if the the sender's claimed email address is valid, according to their own email system, will the message now be accepted. This sender verification process is quite expensive to implement in terms of computing power requirements and will be subject to review.   Sender verification, and our reasons for using it, is discussed in detail in FAQ 1101.
4. We block email from servers whose IP addresses are not correctly registered in the Domain Name Service (DNS).  Without such registration, it is impossible for us to verify that the sender's server is the one it's claiming to be, and not one acting as an imposter.
5. We use a spam blocking system called SpamAssassin, with which we can refuse to accept messages thought to be spam. Genuine email erroneously identified as spam will be sent back to the sender, who can then choose to use another contact method.
6. We don't accept messages purporting to be from our own email domains, unless they're submitted directly to our servers with a username and password, or they've already been handled by our servers. This means that you must configure your email program to use our mail servers or use our webmail service to send email from any University email domain. The effect of this policy is that "internal" email is almost completely spam free.
7. In an academic setting, it's hard to create strict rules about email content which would permit legitimate discussion of a wide range of academic interests. For that reason, we're investigating the possibility of using personal filtering rules - but these can only be applied to emails with single recipients.
8. We don't filter internal email for spam (though we do check for viruses), and we're looking at extending this exemption to some other important domains (like brighton.ac.uk, for example), where we can be certain that the sender addresses aren't forged.

Some argue that some emailed material should be reported to the Police. However, they are powerless to prevent it being sent, unable to identify its true sender, and unwilling to accept a case which they do not believe they can solve.

The only measure we could take to stop our students receiving spam is to stop them receiving any email from off campus (including preventing them from using off campus mail facilities, such as Hotmail and Yahoo mail). We are sure that the majority of our staff and students would not consider this to be in their best interests.

Nothing that we do will reliably stop spam from entering the university's email system, and the more aggressively we try to block spam, the more likely legitimate mail will be prevented from getting to Sussex recipients.  In many cases, identification of spam is purely a human value judgement which is currently beyond a feasible technical solution.

We know that a significant portion of spam comes from IP addresses which are not correctly registered in the Domain Name Service (DNS). Our systems stop mail from such addresses being accepted onto campus. Unfortunately, a small but significant percentage of such messages will be from organisations (mainly companies) which do not care or know how to correctly set up their mail systems.

Sussex, like other universities, has experimented with blocking such mail, only to find that "critical messages", essential to the business of the University, were being blocked.

On October 2007, Janet launched an anti-spam DNS block listing service. It's a redistribution of Spamhaus's highly respected Zen lists, which list machines that have sent spam. We had been unable to use the Spamhaus lists because of our quantity of traffic, but we are able to use JANET's redistribution.  We have been using two other similar lists (DSBL and RBL-PLUS), and have now configured our servers to use the Zen lists. In the first 90 minutes of the launching of this new service,  we blocked over 10,000 messages which had not been caught by DSBL and  RBL-PLUS.  Some of those messages would have been blocked by other policy mechanisms,  but those mechanisms are more expensive to operate.

Ian Eiloart
University of Sussex postmaster.

Latest amendment by Andy Clews, January 2012