SPAM and other unwanted messages
The Problem - Unwanted messages - SPAM, Phishing, e-mail borne viruses, instant message borne viruses, ...
Almost everybody gets them. Messages advertising stock market tips, office supplies and pornographic sites or promising easy money or miracle cures. Messages warning of dire consequences or lost fortunes if the messages aren't forwarded to everyone we know. Scams attempting to fool victims to typing banking information and passwords into fake web sites. They're a nuisance, wasting our time and computing resources. Some are shocking, others are fraudulent and illegal.
SPAM continues to be a growing problem. Malicious and nuisance messages continue to grow in number and sophistication in ways to get past SPAM filters, fool people, and in some cases deliver malware. This situation is not likely to improve in the near future. Like all email servers, the JMU email server advertises itself to the world as the place to send email to @jmu.edu addresses. Anonymity and instant, worldwide communications combined with our desire to be reachable make it impossible to prevent unwanted messages. Anyone can connect a computer to the Internet and send messages. Public computers abound. Unsafely operated computers are abundant and easily used by abusers and criminals. Neither the computer operators, who may be regular home computer users, or the network operators, who may be mass Internet Service Providers, are equipped to handle the notification and cleanup reliably and in a timely manner. While there are laws prohibiting SPAM, they are largely ineffective for a variety of reasons.
Our e-mail system attempts to discriminate between wanted and unwanted messages. Its doubtful that a person could do this this with 100% accuracy. For a machine its impossible. If the machines are configured to be stricter, the chances of losing legitimate messages increase. At peak times, our email system blocks 636 messages per minute that it has classified as SPAM and thousands of messages per hour that carry viruses. 86% of the 1.2 million messages we receive daily are rejected.
Criminals and abusive marketers are increasingly using the Internet. Oftentimes, they use virus infected home computers and/or computers in other countries to send the stuff making it easy for them to avoid blocks and prosecution. Various sources estimate that unwanted messages constitute anywhere from 60% to 80% of all Internet e-mail and that the average person receives anywhere from half a dozen to two dozen messages daily. In the first half of 2005, 5.7 million fraudulent "phishing" messages alone were detected *PER DAY*. There has been a large increase of this type of fraud the past several months and it is expected to continue.
We continue to evaluate our email system for improvements. There are a variety of schemes being planned that depend upon partial authentication of senders to allow receiving e-mail servers to make decisions. All these schemes depend a lot on the participation of the majority of Internet e-mail senders and are vulnerable to the use of compromised computers within a domain which is more and more common through the use of 'BOTS'.
And even as we and the rest of the Internet improve our motivation and ability to handle unwanted and abusive e-mail messages, criminals are moving to instant messaging and other technologies to spread their abuse.
In our present environment, it is impossible to prevent people from sending us unwanted messages if they know our e-mail address.
Theoretically, if we assigned staff 24 X 7 to do nothing but watch for this stuff and block it as it came in, we'd put a dent in it. But aside from the resources it would take, it would be a reactive process where messages would still get through even if we searched through individual mailboxes. Additionally, legitimate messages would likely be delayed or lost as we blocked email servers that were unknowingly being used to forward SPAM.
You can minimize unwanted messages by keeping your e-mail addresses private but it is almost impossibl to do these days and is something a lot of us go out of our way not to do. What good is an address nobody knows about?
Unfortunately, there are many ways spammers and criminals can get our e-mail addresses that are beyond our control.
If you are unhappy with the way our e-mail system classifies messages, you have the ability to modify it to match your personal needs and preferences in ways that are impractical to do for the entire population. Both email services and email clients generally include functionality that allows individuals to set up custom filters and actions. Filters allow you to screen messages based on text found in the messages' sender, subject, body, and other fields and take actions such as delete them, put them in a specified folder, or flag them in some way.
Howver, we recommend that most people simply delete unwanted messages. Setting up filters can be tricky and lead to loss of legtimate messages.
These personalized e-mail message filtering rules allow to you be as stringent as you want in blocking incoming messages. You can apply filters that are impractical when applied to the mailboxes of 30,000 diverse people. If you want to reject all messages containing the words "chase bank", "$20 reward", "to whom it may concern", "viagra", "penis", "paypal", "stock symbol", "free pics", and/or "ebay" you're free to do so. Just make sure you consider what types of legitimate messages may be blocked if you do so.
Be very careful with the parameters you select for filtering lest they match messages you really want. Use these guidelines before setting a filter to delete messages:
Given the nature of today's Internet and e-mail, it is almost inevitable that you will receive unwanted messages. Due to the variety and increasing sophistication, it is difficult to provide specific guidance without a very long list of complicated and conflicting rules that may or may not apply. The best general advice for minimizing risk due to malicious messages is:
The most efficient and safe way to handle SPAM is to delete it. Never reply to it, click on any links, or follow instructions about removing yourself from a list.
Refusing to purchase products advertised in SPAM may reduce motivation.
If you receive messages with images that offend you, most e-mail clients can be configured so they do not display images or display messages in text rather than HTML, the language of the web that supports images. This also reduces malware risk but obviously reduces functionality.
Images depicting child pornography should be reported to law enforcement.
Faculty and staff using the campus Exchange server can forward improperly classified messages to the anti-spam vendor using the following procedure. This may enable them to improve their anti-spam services: