Where can I get help?

What is "spam"?

The term "spam" is computer slang for the electronic equivalent of junk mail. Spam floods message boards, newsgroups, mailing lists, and Rutgers e-mail accounts with unwanted, unsolicited, and often repugnant messages--usually advertisements, promotions, or deliberate disruptions. It is also a flagrant violation of membership agreements with most Internet Service Providers. While spam is often identified as "large numbers of messages", even just one unwanted message to someone can be considered spam. The term is attributed to a sketch, performed in the 1970s by the British comedy troupe Monty Python, about a repetitive breakfast menu in which each item has more Spam (the canned meat product) than the previous.

Spam is a problem for all e-mail users. It has been determined that 80 - 90% of all e-mail coming into the University's central e-mail servers is spam. For example, in July 2007, the New Brunswick faculty/staff e-mail server received 66,088,392 e-mail messages. Of those e-mail messages, 41,264,942 messages we detected as being spam or viruses and were blocked. This is not only a problem at Rutgers. Spamcop.net, a website dedicated to reporting spam worldwide, has estimated that 11.5 spam messages are sent out every second.

What is Rutgers doing to manage spam?

Starting the first week of April 2008, the Office of Information Technology (OIT) will be implementing more aggressive methods of combating spam on the RCI email service. Some of the enhancements will include more comprehensive scanning of messages for various characteristics of spam, as well as looking for email from known spam sources.

Currently, OIT offers an e-mail spam filter based on a popular program called SpamAssassin. With that program, all incoming messages are assigned a score according to complex formulas that determine the likelihood of a given message being spam. Individual account holders can then determine what to do with messages that exceed a particular score (e.g., delete them).

Setting up or disabling spam-filtering on OIT systems

• Login to Rutgers Webmail.
  • For Eden: https://webmail.eden.rutgers.edu/src/login.php
  • For RCI: https://webmail.rci.rutgers.edu/src/login.php
• Click on the Webtools option on the top of the webmail screen.
• Select the "spam filtering" option under Setup.
• Choose the "Setup spam filtering" or "Disable spam filtering" option, depending on what you want to do.

Determining what is spam

There are various ways that a message can be classified as spam. The webtool allows three methods of spam filtering: 1. user address, 2. domain name and 3. filter level. The spam filter can be set to work with those three types of filtering, depending upon needs and preferences.

1. Spam filtering by user address
Filtering spam by user address requires the e-mail address of spam senders be specified in the appropriate fields of Section 1 of the Webtool spam Filter (Note: use of this filter will catch all mail from an address, even legitimate messages.)




This is the least effective of the three options for general spam control, as the user must continually add new addresses to filter out new messages. However, if you are beset with messages from a particular correspondent which you no longer wish to see, this is the option to use.

2. Spam filtering by domain
The spam filter can also be set to detect spam by domain, which is the name of the organization in an e-mail address. For example, in an e-mail address of NetID@rci.rutgers.edu the domain is rci.rutgers.edu. Examples of some other well-known domains can include aol.com and Amazon.com, to name just two (Note: use of this filter will catch all mail from a domain, even legitimate messages.) Filtering messages based on domain, or e-mail address is called a Black List

Enter the domain names from which spam is to be detected into the fields in the middle portion of Section 1 of the Webtool spam Filter:



This is somewhat more effective than the previous option, as it catches all messages coming from a particular domain, rather than just those of a particular account at that domain. However, as a general spam-prevention method, it is not much of an improvement, as you continually need to add new domains.

Also, it must be noted that spammers frequently fake e-mail addresses, including entire domains. If you attempt to put in a domain that does not actually exist, a warning message will be shown and your changes will not be saved. Remove the invalid domain and resubmit the changes.

Exempting domains and e-mail addresses
If legitimate e-mail addresses or domains are consistently being filtered by the spam filtering software, exceptions can be made with the tool to allow these messages to go through. This method is referred to as setting up a White List

Enter the domain name or e-mail address on which the exceptions should be made by filling out the bottom half of Section 1 of the Webtool spam Filter.



NOTE: Black Lists take precedence over White Lists. This means that if the domain aol.com is listed in the Black List, and user@aol.com is listed in the White Lists, the user@aol.com e-mail's will still be treated as spam.

3. Spam filtering by a filter level
The filter level establishes a very important criterion: messages above a chosen value will trigger a response from the filter and route those messages accordingly. Messages labeled as spam can be handled in three different ways:

• Delete the spam
• Store the spam in a folder named AUTO-DELETED-SPAM
• Store the spam in a folder designated by the user

• Storing spam in the AUTO-DELETED-SPAM Folder
  OIT RECOMMENDS THIS SETTING. To set the filter to send mail into the AUTO-DELETED-SPAM folder, click the button next to the Store the spam in a folder named AUTO-DELETED-SPAM option:
  

If this setting is selected, messages designated as spam will be placed into a special folder called AUTO-DELETED-SPAM. It is wise to regularly review this folder in case any legitimate e-mail messages were accidentally placed inside of it. All messages placed in this folder will be deleted after 14 days, by default. OIT recommends a "filter level" of 5 or lower. However, if a large number of legitimate messages end up in the folder, increasing the filter level (making it more lenient) may be necessary. If you plan to review messages placed into this folder, you will want to make sure your e-mail software is subscribed to this folder.

You can control how frequently the messages in AUTO-DELETED-SPAM are deleted. Click on the pull down menu in the "Keep messages around in this folder" line and select the number of days, between 1 and 30, then click the "Submit" button.

NOTE: Those who use the POP server for incoming mail will be unable to view the contents of an AUTO-DELETED-SPAM folder, and risk missing legitimate messages that may be placed there. OIT recommends configuring Mozilla Thunderbird or Outlook Express to the IMAP protocol to send and receive mail.


• Store the spam in a user-designated folder
  Messages marked as spam can be placed into a designated folder in the Rutgers e-mail account. A new folder for that purpose will be created when the button is selected and a name entered into the "Supply the folder name:" text field. Messages stored in that folder will need to be deleted manually. OIT highly recommends the custom folder be monitored regularly. Deleting unwanted stored messages on a regular basis will help prevent exceeding the account disk quota, which is the maximum amount of space allowed to store files in Rutgers e-mail accounts.
  
  
  
• Deleting the spam
  With this setting, all messages below the set trigger level will be deleted immediately. This means that if, for some reason, a legitimate e-mail message is flagged as being spam, it will be deleted, and there will be no way to get the message back. For that reason, OIT strongly recommends using the filter cautiously, and to set the spam level to 10.
  
  

Entourage for Macintosh

Macintosh OS X

Netscape 7.x/Mozilla

Outlook 2000/2002

Outlook 2003

Outlook Express

Mozilla Thunderbird

Rutgers Webmail

There is no 100% fool proof way to stop spam entirely. There are ways to cut down on the amount of spam an account receives.

• Do not put a personal e-mail address on a publicly accessible web page
  Many times companies who send out spam get e-mail address by using programs that search web pages for e-mail addresses and use those addresses for their spam lists. So if an e-mail address is listed on a webpage it is more likely to get spam.

  A second solution is to write the e-mail address on the webpage in a format that is not easily detectable as being an e-mail address. For example the e-mail address fakeuser@rci.rutgers.edu can be rewritten as fakeuser at rci.rutgers.edu. While easier to implement, the second solution is not as effective in curtailing the amount of spam being delivered to an account.

  Another solution is to not include a personal work address on a public webpage, and instead use a departmental e-mail address as a contact. Departmental e-mail addresses are accounts on the central server system that multiple people can be given access to. These people can log into that account and read any e-mail that has been sent to that account. While the departmental account will still receive spam, because it is listed on a public website, the personal accounts will receive much less spam then if they were listed publicly.

  To request a departmental account please fill out the following form: https://www.nbcs.rutgers.edu/webtools/become/

• Do not use your e-mail address on online forms
  Many websites require that you register your e-mail address with them before using their service. Some of these sites sell their e-mail lists to other organizations. If a service requires an e-mail address to use their service, it is best to use a secondary account rather than a primary or work e-mail account. This secondary account should only be used for registration purposes, ensuring that, if the secondary account is sent spam, it will not interfere with legitimate e-mails on the primary account.

• Do not follow the removal instructions in unsolicited e-mails
  Spam messages often provide a link that users can click on to take themselves off of the mailing list. This is often a trick that spam companies use to see if they have reached a working e-mail account. Once a user clicks on this link, spammers know that they have a working address and can continue to send e-mail messages to that account, so the amount of spam increases.
• Enabling Junk Mail Controls
  Although Rutgers systems automatically filter spam, you may wish to set up additional filters in your desktop e-mail program. Instructions for enabling and setting junk mail controls on the e-mail programs we support are available by clicking on their respective links:
  

  • Mozilla Thunderbird
    
  • Mozilla 1.7.x/Netscape 7.x
    
  • Outlook 2000/XP
    

• Report the spam
  Another way to try to decrease the amount of spam going to an account is to report the spam. One company that is very good as a spam reporting site is spamcop.net. The spamCop website does require that a user register for their reporting service, but this will only need to be done the first time spam is reported by the user. When spam is reported to spamcop.net they determine where the spam is coming from and report it to the proper people.