Junk (SPAM) Email Frequently Asked Questions (FAQ)
- What is "SPAM"?
- What are the different types of SPAM?
- Where does SPAM email come from?
- How can I tell if an email is SPAM or not?
- How do virus generated emails work?
- What does WPI do to protect users from malicious email?
- What tools does WPI offer or recommend for SPAM management?
What is "SPAM"?
In short, SPAM is any unsolicited email that a user receives. Intent of the SPAM messages varies from advertisement to virus-spreading. Often times SPAM email includes material that is offensive.
What are the different types of SPAM?
- This type of junk e-mail is geared towards getting you to give money or data (such as your credit card information or important passwords) away to an illegitimate cause.
- In general, hoaxes attempt to convince you that something untrue is true. These often go hand in hand with the other types of SPAM.
- Malicious Code Warnings
- These SPAM e-mails attempt to trick you into removing standard and potentially important applications from your computer, falsely claiming that the applications in question are viruses.
- Chain Letters
- Much like the pen-and-paper chain letters of the past, e-mail chain letters promise something good will happen if you forward them to enough people, and that something bad will happen if you do not.
- Urban Legends
- These e-mails are intended to scare you. Often, they detail gruesome things that have supposedly happened, and aim to make you feel disgust or horror about totally fabricated events.
Where does SPAM email come from?
Generally, SPAM comes from giving out your email address somewhere on the internet. E-mail addresses can be harvested from chat rooms, newsgroup posts, signup forms, and any webpage that they are posted on (such as personal homepages). SPAM can also be generated by computers infected with viruses, and sent out to people whose addresses are stored on those computers in address books or other places.
How can I tell if an email is SPAM or not?
First and foremost, use common sense. If it is not from someone you know, and has an illegitimate looking subject, it is probably spam.
For potential hoaxes and scams, check online to see if other people have reported the scam. Two useful sites to do this on are McAfee's Hoax page and Hoaxbusters. Both of these sites list hoaxes and explain how they work.
Check the WPI IT News page for reports of recent scams.
Call or email the Helpdesk to ask about it. You can also forward the email to the Helpdesk with the full headers. (An explanation of how to send full headers can be found here.)
Also note that virus generated junk emails have very specific subject lines, such as:
- "Returned due to virus"
- "Returned Mail - Error During Delivery"
- "Returned mail: see transcript for details"
- "Delivery Notifcation: Delivery has failed"
- "Undeliverable: Returned mail: User unknown"
How do virus generated emails work?
Propagation of virus generated emails can be broken down into three steps. First, a computer on the internet becomes infected with a virus. This virus harvests addresses off of the infected computer, from address books, internet histories, saved files, and other sources. After the email addresses are stolen, the virus uses them to send out emails with spoofed "from" fields. Other computers whose addresses the virus has stored receive a message that appears to come from the spoofed address, and reject the message. Then, the person whose address was stolen gets a message saying that their email has been returned, when in fact, they never sent an email at all.
Here is an illustration of how this works:
What does WPI do to protect users from malicious email?
WPI protects users by scanning all e-mail that enters and exits the WPI network. All mail is scanned for viruses before it is delivered, including messages sent between computers inside of the network. Infected messages are not discarded, however. The offending file is replaced with a file called warning.txt, which alerts the user to the fact that someone sent them an infected email. (If the virus e-mail comes from a legitimate source, such as someone you know, this can be very useful, as then you can let them know that they're infected!)
Also, the WPI mail servers block attachments that tend to be used to communicate viruses. A full list of these can be found in this IT News Article.
What tools does WPI offer for SPAM management?
WPI offers spam filtering via the UNIX Spam Management page. From this page, you can decide to whitelist or blacklist messages. Whitelisting sets up filtering so that messages from certain senders or with certain subjects are always delivered. Blacklisting works the same way, except that the specified messages are never delivered. This page can also be used to set up a Procmail filter.
We also offer PureMessage, a spam filtering system that is explained on our Puremessage page.itweb.
Last modified: Jan 31, 2006, 18:32 EST