|
Spam Information
These pages offer
information about the nature of spam, tips for avoiding spam,
and steps for reporting spam yourself.
|
How
To: Best practice advice on how to control spam
|
|
|
return
to the top
|
Penn
State e-Mail News: Previous announcements about
Penn State e-mail. Current announcements are found at the
main ITS-ASET web page.
|
-
Using your Penn State Access
Account or Penn State e-mail alias, a plus sign (+), and
some meaningful text "tag" will always be delivered
to your Penn State e-mail inbox.
view here
-
Checking
e-mail requires a secure-only connection using.
view here
-
Spam scoring on incoming e-mail going
through psu.edu.
view here
- Spam reduction system.
view
here
|
return
to the top
|
Frequently Asked
Questions: Questions asked by Penn State
users regarding spam. Note: e-mail virus and e-mail worm are
used interchangeably in these explanations, as these terms
refer to the same thing.
|
1.
Is this spam or an e-mail virus?
2.
Is this opt-in spam, or regular old mass
mailing spam? How can I tell?
3.
If a suspicious message is not flagged by
your antivirus software, then is it spam?
4.
How could you have
agreed to receive opt-in advertisements indirectly?
5.
What are some suggested
spam filtering products?
6.
Interpreting
e-mail full headers:
- Headers
and message body together, of an e-mail which carried
an attachment that was infected with a common e-mail
worm, the
W32.Mimail.A@mm. (printable
.pdf version)
- Headers
and message body together, of a mass mailed spam
e-mail. (printable .pdf
version)
- Headers
and message body together, of a mass mailed spam
e-mail, with two real hops, no forgery, before arriving
at Penn State. (printable
.pdf version)
-
Headers
and message body together, of a mass mailed spam
e-mail, where the spammer just went crazy, and inserted
THREE bogus hops into the headers, before sending. (printable
.pdf version)
-
The
IP address of the Penn State e-mail server [146.186.15.17]
see the top line) has been forged as the machine name
at the originating hop, and as the receiving server
in the faked first hop. (printable
.pdf version)
- An
example of a spammer using web-based e-mail, in
this case Yahoo, as the mailer for the spam. Web-base
email users must connect to the Internet with an ISP,
so the hop from [80.88.128.12], a Danish ISP, to Yahoo
is legitimate. printable
.pdf version)
|
return
to the top
return
to the top
Is this an e-mail virus or
spam?
Users with antivirus software
Some people will declare that
spam is any e-mail that they don't want to receive. There is a generally
accepted convention that spam is unsolicited commercial e-mail (UCE),
a.k.a. unsolicited bulk e-mail (UBE). Generally, spam e-mail is
advertising a product for sale or a paid service.
Since recent e-mail worms have been written to appear
as if they were sent by reputable businesses, the difference between
UCE and the more malicious e-mail is becoming less clear. For example,
two of the variants of the Mimail e-mail worm falsely appear to
have been sent from PayPal.
Your computer should run an up-to-date antivirus program
at all times. If e-mail arrives in your e-mail client's Inbox that
contains an attachment that is infected with an e-mail virus or
worm, an up-to-date antivirus program will automatically move that
attachment to its Quarantine area, and alert you. (Note: this does
not apply to WebMail users.)
If you are not alerted that an unexpected attachment
is infected, and you know the sender, don't open the attachment
and do contact the sender to verify the legitimacy. If the attachment
is indeed an e-mail worm or a virus and you were not alerted, here
are some possibilities for what may have happened:
• If the attachment's file extension is .exe, .bat,
.pif, .scr, or is a .zip folder and your antivirus definitions
do not detect the attachment as infected, your antivirus definitions
may not have been updated in a while. These file extensions are
typical for e-mail worms. Check for new updates for your antivirus
program every day. If there is an update, after the update
has downloaded and installed, run a manual virus scan on the attachment.
• If the attachment's file extension is .exe, .bat,
.pif, .scr, or is a .zip folder and you religiously (or automatically)
update your antivirus definitions daily, this may be a newly released
e-mail worm since your last update, and your antivirus definitions
cannot yet detect the attachment as infected. Continue to check
for new updates for your antivirus program throughout the day.
When a new update is available, download and install it, then
run a manual virus scan on the attachment.
return
to the top
Is this an e-mail virus or
spam? Users
not using an antivirus software
Some people will declare that spam is any e-mail that
they don't want. And nobody wants to receive an e-mail virus, even
if they have up-to-date antivirus software running, and always practice
safe computing. But there is a generally accepted convention that
spam is unsolicited commercial e-mail (UCE), a.k.a. unsolicited
bulk e-mail (UBE). Generally, they are e-mails advertising a product
for sale or a paid service.
Since recent e-mail worms have been written to appear
as if they were sent by reputable businesses, the difference between
UCE and the more malicious e-mail is becoming less clear. For example,
two variants of the Mimail e-mail worm pretend to have been sent
from PayPal.
If you are using a Windows or MAC computer and do
not have antivirus software installed,
download antivirus software. Penn State's WebMail does not interact
with antivirus software, but users are still strongly urged to run
antivirus software and update regularly.
If a suspicious message is not flagged
by your antivirus software, then is it spam?
• An e-mail virus almost always carries an attachment.
The attachment usually has an .exe, .bat, .pif, or .scr file extension,
or is a .zip folder. Sending attachments is written into an e-mail
virus's code to propagate the next generation.
Spam rarely carries an attachment; exceptions
are usually image files, with a .gif or .jpg file extension. Spammers
usually send tens of thousands of spam e-mails at one time, and
an attachment with each individual e-mail would slow "productivity."
• An e-mail virus is sent only to you.
Spam may be sent only to you, it may be sent
to you and several others, several dozen others, or a hundred
or more others. It may appear that it was sent to someone who
is not you, and the spam mail was misdelivered - in this case,
only one recipient was used in the spam's To: line, and many others
were Blind Carbon Copied (BCC), so you won't see your own e-mail
address or any other addresses.
• An e-mail virus is sent UNintentionally
by someone you may know, even if not very well. It may be someone
you do not know, such as a classmate in a very large class.
Spam is sent to you intentionally, by someone
you do not know who probably purchased a large list containing
your address (among tens of thousands) from another spammer, or
a person who harvests addresses from the Internet with intent
to sell them.
return
to the top
Is this opt-in spam, or regular old mass mailing
spam? How can I tell?
It is important to be able to
tell the difference between an opt-in advertising e-mail and unsolicited
bulk e-mail because in general, it is recommended that you do
not reply to a unsolicited commercial e-mail (UCE), nor click
on a removal/unsubscribe link. Doing
so confirms to the spammers that your e-mail address is a valid
one, and that is it worth it to them to continue sending spam to
you, and passing your address to other spammers.
Some advertising e-mail is of the opt-in
variety. You have agreed, either directly or indirectly, to receive
ads via e-mail from a company which conducts all or part of its
business on the Internet. This may have happened when you entered
a contest on the Internet, registered a product at a company’s
Internet web site, or when you requested further information about
a product or service, and that it be delivered by e-mail.
How could you have agreed to
receive opt-in advertisements indirectly?
Look carefully before entering your e-mail address
on any web site. A reputable company will list what it is you are
agreeing to when you do so, and will provide a link to their complete
Privacy Policy. The text on the web page or within the Privacy Policy
may state something to the effect that you are also agreeing to
receive e-mail from this company’s “partners”,
other related companies who sell products or services known to be
of interest to people who do business with this company, and these
“partners” are usually unnamed. This may be found in
a statement next to a check box, which may already be checked by
default. If you do not wish to receive additional e-mail from these
“partners”, be sure that any checkboxes are not checked
before submitting your e-mail address at that website. Or re-think
submitting your e-mail address to this company. Or submit a disposable
e-mail address.
Usually (by law?) reputable, domestic businesses that
send opt-in e-mail advertising will allow you to opt-out. But how
can you tell?
Look for the following:
1.
Was the e-mail from a US-based, well-known company? (for example:
LL Bean)
2. Was the e-mail from a company that you have recently
done business with via the Internet? (for example: Amazon.com)
3. Was the e-mail sent only to you?
4. If the e-mail is from a company unknown to you,
or one you have not recently done business with, was it sent
from a US-based Internet Service Provider? (If so, a reputable
company will comply with US Federal Trade Commission regulations
on advertising.) For instructions
on finding the ISP view the spam
complaint page.
5. Was the e-mail a professional presentation (with
no errors), does it contain a mention of the company’s
Privacy Policy or communication preferences (Amazon's
full privacy statement ), and is there a clear provision
to opt out somewhere in the message body, usually at the end?
6. When you hover your mouse over the removal/unsubscribe
link, does your e-mail address appear as part of the previewed
URL in the browser’s status bar? What is a status
bar? |
If the answer to all six questions is “yes”,
then this is very likely an opt-in solicitation. There is a good
chance that if you follow the removal instructions in that e-mail,
that you will be successfully removed, and by doing so will probably
not increase your spam volume in the future. (HOWEVER, if you
click on the remove/unsubscribe link and find that your e-mail
address is not already entered, that you must enter it yourself,
then STOP HERE and close the window.)
If the answer to any ONE of questions 3 through
6 is “no”, regardless of the answer to questions 1
or 2, then the message is bulk spam, and possibly a scam. Do not
click on any link, or reply to or otherwise contact the apparent
sender directly. Doing so may only verify to strangers that your
e-mail address is valid.
return
to the top
What are some spam filtering
products?
University Supported
Eudora 7 with SpamWatch is available
at NO CHARGE to all Penn State Faculty, staff, and students.
All you need is a valid access account and your password. Eudora
7 for both Microsoft Windows and Apple Macintosh (Mac OS 9 or later)
can be downloaded from the following link:
http://downloads.its.psu.edu/
-
Select your operating
system
-
Then select e-mail Software
-
To initiate SpamWatch,
select "yes" at the invitation to use Eudora's
Junk mailbox during installation
-
Additional information
about how to use SpamWatch can be found at
Eudora’s website
|
Downloadable spam filtering software
Should you be shopping around for
a spam filtering alternative using an e-mail client other than Eudora
with SpamWatch, here are some products to think about. Some cost
money, and some are free. Keep in mind that, in general, you
get what you pay for. Those that cost something are likely
to work more effectively, and have support and updating available
from their makers. Penn State does not endorse any one product above
the others.
-
Visit PC World Magazine’s
download site for descriptions and links to fourteen
spam products
-
Over a dozen choices,
from Download.com,
some are specific to the Microsoft e-mail clients.
|
return
to the top
Alternative Internet Service Providers which filter
spam
If you wish to pay for an e-mail
account with a commercial Internet Service Provider for your personal
correspondence, some ISPs filter spam at their servers. Some
commercial ISPs will allow you to have several addresses under one
account. Then, if you wish, you can set up a
disposable address along with your main identity. Penn
State does not endorse any one above the others.
return
to the top
The effectiveness of spam filtering
All spam blocking methods, whether
at the user level or at the server, are not perfect. Spammers use
new methods of delivery to slip past the filters. Bayesian filters
have a learning curve and the personal filters cost money.
From Measuring up – Evaluating
the return on investment (ROI) of spam filtering (Sophos White
Paper, September 2003)
“The accuracy of a spam-filtering
solution is measured using two primary metrics –
the catch rate and the false
positive rate. The catch rate refers to the percentage of
spam that is detected. The
false positive rate refers to the percentage of legitimate
e-mail that is incorrectly
identified as spam. Unfortunately, perfect performance on
both metrics is not possible
– 100% of spam can be caught with a very high false
positive rate, or 50-60% of
spam can be caught with few or no false positives.”
return
to the top
|
