UCSC Currents online

Front Page
Classified Ads
In Memoriam
New Faculty
Publications

November 11, 2002

CATS looks at ways to deal with spam

By Louise Donahue

It wasn't long ago that campus e-mail was mainly used for communicating with co-workers and friends, and any risqué material was most likely just a joke.

Those wishing to offer input are encouraged to participate in an online survey being conducted by CATS. With the feedback and subsequent testing, implementation of spam marking could start as early as January.

The situation has turned serious now, as many users' mailboxes have become clogged with "spam"--unwanted e-mail distributed en masse.

Besides risqué material, users are now bombarded with offers for cheaper toner cartridges, reduced long-distance rates, university diplomas, and even supposed multimillion-dollar cuts of money from Nigeria.

UCSC is not alone in the onslaught of spam. The Postini company, which provides virus and spam filtering services, includes daily statistics about spam on their web site. On one recent weekday, 58 percent of the e-mail traffic the company saw was identified as spam.

Completely blocking spam is not possible, because the only effective method is stopping it at the source, but Communications and Technology Services (CATS) is looking at ways to reduce the impact.

CATS is looking to add spam marking to its central e-mail servers. Using a "Deliver to the Desktop" approach, all messages would be delivered, but messages identified as spam would be marked in the subject line with a notation of "{SPAM?}" With this method, users could then use their own filters to send the offending e-mail to another folder (or the trash) and de-clutter their inboxes.

Because spam is not easily identified, CATS is weighing the implementation options for marking spam. Each option has both advantages and drawbacks. Those wishing to offer input are encouraged to participate in an online survey being conducted by CATS. With the feedback and subsequent testing, implementation of spam marking could start as early as January.

These are some of the issues CATS is weighing as it looks at the best way to deal with spam.

Thresholds. The threshold determines when e-mail is identified as spam. Is it better to set the threshold low, risking legitimate e-mail being identified as potential spam (false positives) or set the threshold high, risking spam being delivered without being identified (false negatives)?

Exception lists. Exception lists allow e-mail originating from specific servers to bypass the spam identification process, regardless of other spam criteria it might meet. One example may be any e-mail from any ucsc.edu e-mail server, which assumes that e-mail from within UCSC is not spam. Under such a system, it must be decided what servers should be included in the campus exception list and what process or expectations should be met to have a server included on such a list.

Blocking lists. Blocking lists identify servers from which e-mail is automatically suspect, regardless of whether it meets other spam criteria. Several questions arise with blocking lists. For instance, is it OK to use external references for a spam blocking list? If a message comes from a listed site, should it be automatically marked as spam, or should that simply increase its score toward the spam threshold? (UCSC recently experienced a drawback to the automatic approach when the CATS' e-mail server itself was erroneously included on an external list and legitimate e-mail was rejected by other sites.)

Local mitigation options. Are users currently using desktop tools such as e-mail client filters to detect spam? What tools should be encouraged as we implement central spam marking?

While there is no surefire solution to spam--many observers now think legislation that punishes the spam sources will be necessary--there are a few simple things users can do to reduce the likelihood of spam.

Limit visibility of e-mail addresses. Your e-mail address can be harvested from a variety of sources, including mailing lists, web pages, newsgroups—in other words, anywhere you use the address. An online listing of Frequently Asked Questions about how e-mail addresses are harvested can provide guidance on how to avoid harvesting.

Complain to the Internet Service Provider (ISP) used if the e-mail is from outside UCSC. CATS can do little to stop spam that originates outside UCSC, but Steve Zenone, CATS Information Security manager, recommends SpamCop as a way of complaining to the source. SpamCop will contact the domain from which the offending message originated and request that appropriate action be taken. SpamCop also provides information on how to obtain full headers, which will be needed to make a complaint. "We’ve seen good results from SpamCop, especially from spam that originated in Europe, North and South America" said Zenone.

Contact CATS if the offending e-mail is from a UCSC account. CATS and UCSC do not approve or support the sending of harassing or unsolicited e-mail by UCSC users and by policy can stop this source of spam. When fowarding a complaint e-mail message to abuse@ucsc.edu, be sure to include the full, unedited message headers (more information on how to get full headers is available online and a brief description of the problem. Users will not receive a reply unless more information is needed. Information on UCSC and UC policies on electronic communications is available online.

Send your spam to the Federal Trade Commission. E-mail can be sent directly to the Federal Trade Commission. This is the approach that Rita Walker, Title IX coordinator and sexual harassment officer takes. "Many campus students and employees have received pornographic e-mail spam in the past six months. These messages do not appear to be personally directed to the receiver. I forward pornographic spam to the Federal Trade Commision's e-mail spam complaint site," said Walker.

Report e-mailed threats to life or personal safety to the police, not CATS. CATS does not handle law enforcement. UCSC police should be notified immediately at (831) 459-2231 whenever a threat to life or safety is made so that they may investigate as soon as possible.

Take a look at free anti-spam resources. There are a number of sites that are dedicated to the fight against spam. These sites include legislative updates, more about identifying and reporting spam, and other helpful information:

Spamcop

Coalition Against Unsolicited Commercial E-mail

Mail Abuse Prevention System

SpamCon Foundation


Return to Front Page
  Maintained by pioweb@cats
UC Santa Cruz Home Page Contact Currents Currents Archives Search Currents Currents Home Maintained By Email Contact