Spam: What ARE We Doing About IT?

message that gets marked as spam. Also, it is possible that an occasional legitimate message could be rejected by the mail forwarders. If a message is rejected by the forwarders, the sender of the message will get a bounce-back message. If you or one of your e-mail correspondents finds that legitimate e-mail is being rejected, please call the OIT Help Desk at 301.405.1400 to have the problem resolved quickly.

Because spammers often aim to masquerade their messages as legitimate mail and regularly change their tactics to circumvent anti-spam procedures, a 100 percent effective solution for spam prevention does not exist. Still, OIT employs several strategies to limit the amount of spam that arrives in university inboxes.

“What are you doing about these unwanted messages?” is the most common question that OIT e-mail system administrators receive about e-mail service. OIT uses several tactics to limit spam (the electronic equivalent of junk mail), including blocking e-mail from our systems based on message profiling and marking messages so that the recipient can decide what to do with them. Studies have shown that about 70 percent of all e-mail on the Internet is spam. Without some limits on spam, it would overwhelm our e-mail systems and make them unusable.

The first level of defense against spam is at the mail forwarders, which receive all messages sent to ‘name@umd.edu’ addresses, and forward them to the recipients’ primary e-mail addresses, listed in the University Directory. The mail forwarders reject incoming spam messages based on dynamic, frequently updated local and shared lists of IP addresses sending spam, as well as telltale words in subject lines, like “viagra,” “dr@gstore,” and “st0ck.” Using these methods, the mail forwarders reject about 60 percent of the university’s incoming mail as spam.

After mail destined for OIT’s three major e-mail systems (WAM, Glue/DEANS, and Mail@umd) leaves the mail forwarders, it is evaluated by anti-spam filtering

software, which scores and marks the messages and then passes them on to the individual e-mail accounts. The WAM and Glue/DEANS systems use SpamAssassin. This is an open source product that is designed to use a number of filtering approaches on both the message header and body to determine if a message is spam or not.

Messages are scored and marked, then passed on to the recipient’s e-mail account, which may or may not have filters to determine where the e-mail will end up. If there are no filters, the marked messages will go into the recipient’s inbox. The Mail@umd system filters arriving e-mail through its own proprietary anti-spam engine. The messages are also scored and marked, but since spam filtering is automatically turned on for all Mail@umd account holders, spam messages are deposited into the recipient’s Junk Mail folder instead of the inbox.

While a person may see a message as spam, software programs and automated blocking methods are not as sensitive. Despite best efforts to mark spam, no software program is fully effective at marking all spam without also occasionally marking legitimate e-mail. Folders used to collect filtered junk mail should be checked regularly to remove the occasional legitimate

How Do Spammers Get My E-mail Address?

Spammers have many tricks up their sleeves when it comes to finding valid addresses to add to their databases. These are some of their more popular methods:

• sending messages to random e-mail addresses and seeing which messages are accepted (usernames such as “joe” and “bob” get far more spam than “xyz3443”) ;
• finding e-mail addresses on Web sites;
• monitoring public mailing lists;
• getting e-mail addresses from chain letters;
• collecting address books and e-mail from virus-infected personal computers;
• trading lists with other spammers.

As a result of these techniques, even e-mail accounts that have never been used and that don’t have the e-mail address published anywhere have been shown to receive spam. Luckily, the spam detection engine on the Mail@umd system is effective at detecting and diverting spam to your Junk Mail folder (log in to your account using Webmail at http://mail.umd.edu, click “Folders” then “Junk Mail” to see your spam). It is good practice to visit your Junk Mail folder periodically to make sure no legitimate message has been mistakenly labeled as spam.

OIT to Select Campus-Wide Course Management System

If one of your classes requires online class discussions or assignment submissions, you’re likely using WebCT or Blackboard, the two course management systems currently in use here at UM. These systems have been around for at least five years, but within the last five years, other course management systems have also come on the market and may be candidates for adoption.

For ease of student and faculty use, as well as system support, the university is in the process of selecting one course management system (also called an enterprise learning management system, or eLMS) for use campus-wide. This process has been ongoing since February 2005.

The process itself is confidential, but once an appropriate product has been selected, it will be used as the course management system for all classes on campus. The new system will be available beginning with the fall 2006 semester, but courses will be migrating from the current systems to the new system throughout the 2006-2007 academic year. For more information, please visit www.oit.umd.edu/elms.