IS Spam Management

The first unsolicited commercial email, now called junk mail or spam, can be traced back to 1978 when a young engineer at DEC, Gary Thuerk, sent a mass-mail announcement about their new DECSystem20 computer to six hundred ARPAnet users. Little did he know then that, by 2010, over 95% of all messages sent over the Internet would be spam. At Northeastern, as at most other institutions, the problem of junk mail has steadily grown to become a serious one. Unimpeded, the ever-increasing amount of spam would clog inboxes and make it difficult to track valid communication pertaining to day-to-day business. Worse still, spam email frequently carries malicious content that could cause costly damage to recipients’ computers if not blocked.

Spam GraphNortheastern’s enterprise messaging system is protected at multiple levels through robust and redundant industry-standard technologies designed to accurately and dynamically block the influx of spam. This graph illustrates mail received on one of our spam firewalls. Only the top, darkest portion of the bar is valid mail.

At the incoming networks gateway servers that serve as our first line of defense, an incoming message is immediately rejected if not addressed to a valid Northeastern address or if known to be originating from known spammers through an automated blacklist lookup. Each message that is accepted is checked to ensure it is free of viruses, spyware, and attachments known to contain malicious software. The message is also evaluated for spam and phishing content based on various automated rules and heuristic information, and tagged if required. The base rules used to check email are automatically updated every two hours directly from the vendor, helping in quick response to zero-day virus and spam attacks. The message is then routed to the appropriate destination mail system.

A message tagged as spam by the mail gateways is automatically deposited into a recipient’s junk mail folder, where it is quarantined for up to 30 days. Through built-in technology, the Exchange system also provides an additional level of protection against the spread of viruses from a NUnet computer that may be compromised. The neu.edu domain is whitelisted, or is determined as a “safe sender”, for internal faculty/staff messaging.

Information Technology Services also provides an authenticated SMTP mail server (myneusmtp.neu.edu) for use by faculty/staff who are sending emails while off campus. Any message sent through this system is scanned by the enterprise anti-spam gateways. Further, each outgoing message from the Exchange system is similarly scanned for viruses and spam to ensure that Northeastern does not contribute to the global spam problem.

A small percentage of unwanted mail still gets through. Phishing mail is particularly difficult to catch as it spoofs valid messages from your bank, credit card company, or even the Northeastern Help Desk. You should never respond to any email request for personal information such as your name, email address, password, or Social Security Number, account number, or date of birth. No legitimate entity will ever request such information via email.

Posted in 2010 October IS Newsletter and tagged , , .