UWA is working hard to reduce the amount of spam emails being received through its servers.

As well as the dangers of viruses enclosed in such emails, the unwanted emails waste the valuable time of our staff.

Working to reduce spam

  1. Avoiding spam
  2. Detecting spam
  3. Volume of spam
  4. Messages from other institutions
  5. Redirecting to another account
  6. Message couldn't be delivered
  7. Additional hints

Avoiding spam

To avoid receiving spam:

  • Don't enter your email address to any website you don't trust and avoid posting it to online bulletin boards or newsgroups.
  • Get a free web-based account such as yahoo or gmail, and give this address to any site that you are not sure about. Check the account occasionally. If it gets a lot of spam, close it and create a new one.
  • Never reply to spam. Unless you asked to be on a particular list in the first place, asking to be taken off will only make matters worse, because it confirms that you are actually reading mail at that address. This includes following unsubscribe links.

Detecting spam

Anti-spam software uses a number of principles to attempt to detect spam, and likewise, spammers use a number of different methods of concealing the content of their emails from anti-spam systems.

A classic spam of recent years has been for Viagra. A US study of spam emails found 79 ways of spelling Viagra, all recognisable by a human.

This same technique is applied to hide the sale of other items, such as OEM software and home loan refinancing. Some spams will just include a GIF or JPEG image file with a picture of text advertising which cannot be read by any server-based anti-spam software.

If you are you are unsure of the validity of an email you can contact the self-service Service Desk and ask them about it.  If it is offensive material then delete the email, but remember that you must not open any attachments or links on the email.

Back to top

Volume of spam

There are several reasons why the volume of spam you receive may increase.

Email addresses are frequently harvested off web pages, and once in a spammer's database, they are frequently sold to other spammers, who sell them to still more spammers, increasing the volume of spam you receive.

Spammer techniques also evolve to avoid our filters, but in general our statistics show the percentage of mail caught by our spam filters has remained constant over time.

UWA maintains subscription to a commercial anti-spam program that provides daily updates to our filters, and we continue to monitor advances in anti-spam software and techniques, and assist in prosecution of Australian based spammers.

Back to top

Messages from colleagues at another institution tagged as spam

The most likely reason real mail is tagged as SPAM is that the site the messages are coming from has been "blacklisted".

In January 2007, IS modified the central spam filter (Kaspersky) to use the RBL (Real-time Block List) capability and selected a reputable service known as Spamhaus. Untagged spam was immediately reduced by about 10 per cent. Unfortunately, there was also a slight increase in "false positives" - real mail tagged as spam.

You can tell if Blacklisting is the reason as it will be in the full header look for the following lines:

 X-SpamTest-Info: {banned by a highly reliable RBL service}
X-SpamTest-Method: RBL:premium
X-SpamTest-RBL: true
X-SpamTest-Status: SPAM

If you find those lines, please inform your colleague that their site has been blacklisted, and that they need to let their local helpdesk know that they have been blacklisted by Spamhaus. Information about being delisted is at Spamhaus.

We are using the sbl and xbl listings.

Back to top

Redirecting mail to another account

Your email will still have the subject tags and the extra headers added. You may be able to set up filtering at your other location to automatically filter spam. Information Services cannot provide support for filtering spam on non-IS servers.

Back to top

Message couldn't be delivered

These messages are the result of viruses on computers. An infected machine is sending out messages that claim to be coming from your email address (known as spoofing), and when those messages can't get through, an email is sent back to your address saying so.

This does not mean that your machine is infected (though you should always keep your virus checker up to date, and check your computer for viruses). It simply means someone, somewhere with your address in their computer (someone you have sent an email to, or who visited a website with your email address on it) has a virus.

At the moment there is not really anything that can be done to stop these messages, other than encouraging people to keep their virus checkers up to date, and be careful about opening emailed attachments, stopping the problem before it starts.

Once the machine that is using your address has the virus removed, you should stop receiving these messages, though there is nothing stopping the problem recurring. In general the number of messages should drop as machines with viruses are detected and the virus removed.

Back to top

Additional hints

By the time ITS or other computer staff know of the virus, it has probably already spread significantly. Therefore, do not rely on warnings in advance.

Keep your virus protection software up to date, although there can be short delays between the appearance of a new variant of a virus and protection against it being included in the software.

Develop sound practices to protect yourself from these viruses. Take extreme caution when receiving any unsolicited attachment, even if the email has come from someone you know; these viruses can mail themselves out to all addresses in the address book of an infected computer. Check with the sender if you didn't ask for the attachment and there is no personal message included, along the lines of: Something like the message on the Homepage worm:

Hi! You've got to see this page! It's really cool ;O)

Such emails are anonymous and could not be considered a personal message. Signatures are appended automatically, so don't rely on them either.

When sending unsolicited attachments, the reverse applies. Make sure you include a message that is clearly personal.

Those who use a Microsoft mail program on a Windows system have been the most vulnerable to date, but don't rely on the fact that you use something else. The Magistr worm used Netscape address books as well as Microsoft. Other mail programs or systems could also be affected.

Back to top