Information Services

Spam Information

If you use e-mail, you are no doubt familiar with spam. Spam is unwanted junk e-mail, usually sent in bulk. Some bulk electronic messaging is useful, even necessary, as when the college uses it judiciously to conduct its own business. But bulk messaging that is widespread, annoying and/or offensive is referred to derisively as spam. Most people don't like to receive it and e-mail domains want to protect their users from the repercussions of spam mail sent to or through their system.
  • What is and isn't Spam?
  • How do I prevent Spam?
  • Should I just unsubscribe to Spam messages?
  • What does the College do to reduce the amount of Spam I recieve?
  • How can I report Spam?
  • Where can I get additional information on Spam and what I can do about it?
    		•

    "The sending of obscene or abusive messages, chain letters, mass mailings, viruses or other forms of electronic mayhem is expressly forbidden."

    Kalamazoo College
    General Computing Policy

    What is and isn't Spam?:

  • Not all bulk/commercial e-mail is spam:

    • Bulk e-mail can be split into two categories: Opt-in and Opt-out. Opt-in is e-mail that you requested (or at least agreed to receive), and this is what legitimate bulk e-mailers use (microsoft, deja.com, etc.) Opt-out is a system whereby the sender finds your address in some nefarious way (harvesting addresses from web-sites or public discussion forums), then asks you to request removal if you do not want to receive e-mail. Most people find opt-out e-mail to be offensive and classify it as spam.

  • Viruses:

    • The spread of viruses through e-mail has been described as having reached "epidemic proportions." Most infected e-mails though, are sent out without the knowlege of the owner of the infected computer. The virus itself composes and sends itself out to addresses obtained from various sources.

  • Virus notifications:

    • Occasionally you may receive a bounce or notice from another system claiming a message sent by you contained a virus and has been rejected. All recent virus/worms use forged return addresses, so chances are you didn't send the infected mail that has been refused. While these notices are a nuisance, they are not spam.

  • Bounces:

    • Bounces are simply mail servers doing what they are designed to do... return mail that has been rejected for various reasons. Most spam, viruses, worms, etc. contain forged return addresses, so the mail being returned was probably not sent by yourself.

  • "Legitimate" looking spam:

    • In general, e-mail from reputable companies, such as Microsoft and Amazon are opt-in, and if you receive e-mail purporting to be from a company you would normally consider to be legitimate, you should consider carefully the possibility that you did agree to receive it sometime in the past. If you are sure you did not, then it may be someone attempting to appear to be a representative of the company in question, but who actually does not have the consent of the company. Once in a while, a large, otherwise reputable organization will "accidentally" send out some unsolicited e-mail. The main domain-name registry, Network Solutions, is a noteable example of this. It has in the past sent outright spam and has been widely criticized for this action among spam-fighters.

  • Hoaxes and form letters:

    • Often, people receive e-mail warning them of a dire threat due to new viruses or offering amazing rewards for continuing a chain letter. Even innocent seeming e-mails like petitions can circulate for years. Any e-mail asking you to make and distribute copies of it should be viewed very skeptically. However, this type of e-mail is not normally considered spam. Usually the sender is an acquaintance - not someone you want to report as a spammer. It is much better to simply reply to the sender and explain the situation to them - "this e-mail is a hoax, please don't send me this type of thing" - or whatever applies. Be sure to reply only to the sender of the e-mail, not to the sender and all the other recipients as well.

  • Mailing lists and groups:

    • Spam sent to mailing lists/groups will often show the list server as the source of the spam rather than the originating spammer's IP address. If the mail list/group you belong to receives spam, you should send a complaint to the list owner/manager, who can block that sender.



    How do I prevent Spam?

    The best method of dealing with spam is by taking measures not to get it in the first place. Whenever you use the Internet, you're running the risk of having your e-mail address "harvested." Opportunists use specialized software to collect e-mail addresses on the Internet, which they then use for their own spamming purposes or add to bulk lists for resale to other spammers. You can use the Internet and in seemingly innocent ways and your e-mail address may be picked up. For instance, when you post to newsgroups or mailing lists, add your e-mail address to a database directory, or register for products online, your e-mail address is vulnerable. To avoid becoming part of their lists, observe the following:

    Tips to Avoid Receiving Spam E-mail

    • Be careful how you post to a mailing list or newsgroup. Posting (not subscribing) makes your address available for harvesting. All newsgroups and mailing lists are vulnerable, even the technical ones. If you don't mind possibly receiving spam mail, post anyway. But if you do mind, use personal e-mail to correspond directly with the person to whom you are responding. For chat rooms or newsgroups, you can also correspond directly with one of the frequent posters, or with the moderator, if there is one.

    • Whenever possible, do not add your e-mail address to public databases and directories, such as electronic white pages, especially if you don't know how the information will be used.

    • Beware of sites that let you register to request not to get spam; some of them actually exist to collect e-mail addresses for spam purposes.

    • When you receive spam, don't ever respond to spammers directly, because you'll be giving them a valid address to add to their list.

    • Be careful in giving out your e-mail address when signing up for products or online services; frequently these services add you to their own mailing lists of information about that product, and occasionally these services will pass on or sell collected e-mail addresses to other spammers.

    • Avoid putting your e-mail address on public pages, or in member profiles for Internet services.



    Should I just unsubscribe to Spam messages?

    If you have signed up for a newsletter or product updates, or otherwise agreed to receive e-mail from a legitimate company, you owe it to the sender to at least try the removal process provided in the e-mail before you cry "spam!". If you have tried unsubscribing to no avail, but you think the company normally makes an honest attempt to remove people, then you can file a spam report, but please include a note stating what you have done to try to be removed in the comments section of your spam report - you will have an option to add comments to all your spam reports. This will lend credence to your claim of spamming.

    Also remember that some services require you to receive mail from them in order to use their services. This is usually limited to free services like e-mail accounts and website hosts, but may also include downloaded software. This is 'the cost of using the service' and cannot be considered spam. They have supplied you with a product/service in exchange for your attention.

    The dangers of unsubscribing

    However, if the e-mail is not from a legitimate organization that you have had prior communication with, then following the removal instructions in the spam usually just gets you more spam. By using the removal instructions, you have verified that you received the spam and read it. That makes your e-mail address even more valuable to the spammer, and you will just get even more junk in the future. Normally, we recommend that you never reply to spam e-mail, or trust any of the information in the spam unless you really know what information you can and cannot trust. For instance, if you get a spam from john@aol.com, you should not reply to john@aol.com, nor should you report the spam to aol's abuse administrator (abuse@aol.com). Usually, most of the information in the header of the spam is "forged." Just as you can put any return address on a normal paper letter, spammers can put any return address they want on their e-mail. Usually, the return address belongs to someone the spammer wants to annoy with a bunch of erroneous complaints.



    What does the College do to reduce the amount of Spam I recieve?

    Information Services has implemented a Barracuda Spam Firewall 300 that processes all mail coming in to the College from outside of our mail server.  This firewall receives updated signatures on a hourly basis to provide the most current database of known spammers and spam signatures.  The vast majority of such messages are blocked outright at the firewall, and additional messages are tagged as likely spam, and are delivered to your mailbox with a subject prepended with [SPAM?].
     
    The firewall generates statistics on the volume of messages.  You may be interested to know that we receive over 500,000 emails on a weekly basis from outside the campus, and block between 75% and 80% of them as spam. This number does not include mail sent from one kzoo.edu address to another.    The volume of mail received, as well as blocked, has increased markedly in the past few months; see the attached chart for more details.  This increase does not appear to be related to any technology changes at the College, but rather to increased spam volumes throughout the Internet.   The volume of unblocked email (mostly non-spam) has been fairly consistent even as the amount of blocked mail has increased.
     
    We continue to look for ways to reduce further the amount of spam that does get through.  We are testing plug-ins for the Outlook client that interact with the Barracuda database, so that as more people mark messages that are delivered to them as spam, the plug-in can use algorithms to increase the blocking of subsequent spam.  We will make these plug-ins available to Outlook users that would like them as we complete our testing.

    How can I report Spam?

    Please do not report spam to Information Services, Use an outside agency such as SpamCop or send the complaint to the postmaster or abuse address of the originating system.

    For more information about reporting spam see this page: abuse.net.

    Please Note: Kalamazoo College does not take responsibility for or endorse the information on these sites.



    Where can I get additional information on Spam and what I can do about it?

    Additional information on Spam and how to prevent and report it can be found on the websites listed below:

    http://spam.abuse.net

    http://www.spamcop.net

    Please Note: Kalamazoo College does not take responsibility for or endorse the information on these sites.
    last revised : February 15, 2006