Some Spam Solutions | This web page offers some ideas of how to deal with "spam" at Nevis. The main points are: |
The number of unsolicitied commercial e-mail messages ("spam") received at Nevis has increased dramatically in recent months. It fills our mail inboxes, slows down our mail server, uses up bandwidth, is often personally offensive or illegal, and wastes our most valuable commodity: time.
There are some things we can do to address this problem. However, any solution will not be 100% efficient. If we filter e-mail according to any criteria, there will always be:
With these limitations in mind, here are the tools we have available right now.
Mail server configuration |
The mail server at Nevis has been configured to reduce the amount of spam it receives, and to prevent its use by spammers to send mail to others.
This means that if an e-mail address comes from an IP name or address that cannot be found via DNS, the mail is bounced back to the sender. The logic is that a lot of spam comes from "fly-by-night" mailers on unused IP addresses.
This may have some impact on our work. Some legitimate sites may be located in countries with unreliable DNS servers; e.g., Russia and China. If a collaborator sent you e-mail from a site whose DNS had been unavailable for several days, their e-mail would bounce.
Note that if mail is rejected for this reason, it is bounced back to the sender with an explanatory error message. This means that if someone sends you legitimate e-mail and it's rejected, the sender will know why and be able to take corrective action.
The techical term for this is "SMTP Authentication". Most of us are familiar with the idea that we have to supply a name and password in order to read our mail. This requirement demands that we supply a name and password in order to send our mail.
Fortunately, most of the major mail programs now support SMTP Authentication: Pine, Thunderbird, and Microsoft Outlook all include this feature.
If you ever receive the message Relaying denied, this means that your mail program did not successfully authenticate itself with the Nevis mail server. If you get this message, check your mail account configuration carefully. However, there is a problem that can occur with the Nevis firewall that can cause authentication to fail; if you think this is what has happened, use ssh to connect to a system at Nevis and use Pine to send a message to postmaster@nevis.columbia.edu.
There are two possible spam-blocking techniques that we do not implement on the mail server.
This means using a list of known sources of spam; any mail from such a site would be bounced back. It would take too much time to develop a separate list at Nevis, so in practice we'd have to use a list developed by someone else.
I tested this briefly; however, I turned off this filter shortly after it was put into use. In addition to many sites which are clearly sources of junk mail, the blackhole list included servers such as travelocity.com and cc-inc.com (which is PC-Mall). Although these companies are sources of unwanted junk mail, they are also sites with which legitimate Nevis business might be conducted.
At the time, I used a very restrictive black-hole list. In the future, I might try this technique again using a less strict one.
This would involve examining the sender and text of the mail message, and taking some sort of action if the mail appeared to be spam. However, it's hard to come up with a set of criteria that would satisfy everyone. So instead of implementing this on the mail server, I leave it to each individual user to manage their own content filter, as described below.
Reducing your susceptiblity to spam |
There are many excellent web sites that discuss this topic; I find the CAUCE to be helpful.
In general, you should make it hard for spammers to acquire your e-mail address in the first place. They typically get your address from one of two places:
Actually, the standard warning page is a little weak for my tastes, but I didn't want to speak for everyone at Nevis. If you'd like to phrase the warning more strongly, feel free to copy and edit the warning page from my web site at https://www.nevis.columbia.edu/~seligman/ewarn.html.
In that case, I recommend that you "mask" your identity; many newsreaders (Thunderbird, for example) will allow you to specify a separate newsgroup identity with a separate return e-mail address. "Munge" the address somehow; I use seligman@nevis.columbia.edu.fake. Then, in my message signature, I include "Remove .fake to reply". It's trivial for a human being to correct the address in their mailer, but automated programs will pick up an invalid e-mail address.
If you want to use this trick, be sure to "munge" the domain part of your address (the part after the "@" sign). If you change your account name (e.g., seligman-fake@nevis.columbia.edu), then our mail server still has to process any spam and bounce it with a "no such user" message. If you use a fake domain, the mail message doesn't even leave the spammer's machine.
(The reason why this tip works is that spammers don't bother to examine each of the thousands of addresses they gather. The entire process of gathering and sending out bulk e-mail is automated.)
This won't prevent spam. But if you use different text after the "+" every time you give out your address, at least you'll know who leaked your e-mail address to spammers. If you start getting a lot of spam for a given plussed address, you can use that address in a mail filter, if your e-mail program has this feature.
Note: This trick works at Nevis. But not all mailers can handle the "+" notation; Lycos Mail can't, for example.
A tip for procmail users: In a procmailrc recipe, the value of the variable $1 is set to the string after the "+" sign in the address. Let's say you're Professor Jane Smith, and you tell all your students in C1401 to send e-mail to you at jsmith+c1401@nevis.columbia.edu. Then the following procmailrc recipe will automatically place all mail sent to that address in folder "course":
Configuring your mail reader |
All of the advice in this section applies to graphical mail readers such as Thunderbird, Mozilla, Outlook, Eudora, Mail.app, etc. If you use Pine, you can skip this section.
To start, there's the basic advice noted below: If the program you use to read your mail includes a spam filter, turn it on.
But there's another general piece of advice to consider: Don't send or receive HTML mail messages.
This means you won't see any fancy fonts, colored letters, and other formatting that people might use to send messages to you. But it also prevents spammers and hackers from using HTML "tricks" to fool your mail reader.
This will spare you from looking at all sort of abusive pictures that spammer might send you. It also will protect you from "web bugs". A web bug is a tiny picture embedded into a mail message as an invisible web graphic. You don't see it - but if your mail reader downloads it and displays it (unnoticeably) on your screen, the spammer's web server will have a message saying that you read the mail. The spammer then knows for certain that there's someone at that mail address, and the amount of spam you receive will increase dramatically.
This is actually the inverse of point (1). Spammers often use HTML to compose their ads, or use HTML coding tricks to mask various hacking attempts and other nastiness. If you use HTML, you increase the risk that your mail will be identified as spam by other mail readers.
Why? The reason is the inverse of point (2). Spammers use embedded pictures for ads, and for various hacker tricks.
Spam filters |
Many mail programs now come with "spam filters", that is, they analyze the content of a mail message to determine if it's spam. Among these programs are Microsoft Outlook and Apple's Mail.app. If you are using a program that includes built-in spam filtering, I highly recommend that you turn this feature on.
However, two frequently-used mail clients at Nevis, Pine and older versions of Mozilla, do not include content-based filters for spam. They have filters that allow you to automatically transfer messages to different folders based on key words or the sender's address, but it takes a long time to set up an effective spam filter by yourself.
There a spam filter, SpamAssassin, available on the Nevis mail server. A full description of what this filter is and how to use it is on this web page.
to the Nevis Computing Page.
to the Nevis Home Page.
Send any comments or questions to the
webmaster.