Spam Filtering

Internal Info:
Admin
Computing
Personnel
Safety
Stores
Teaching
Web email

Links:
Funding Bodies
Learned Societies
University of Oxford
World Wide

Spam Filtering

Introduction

Unsolicited email, or spam, is widespread and everyone receives it. Some of it is offensive and most of it is just annoying. Senders of spam do not care how many messages they send out or whether those addresses are targetted to potential customers. The marginal cost of sending to an extra address on their lists is zero.

"To:" addresses

Spammers get your address by various means:

From trawling websites looking for email addresses
From trawling internet newsgroups and forums for messages
By using a computer program to guess email addresses, for example by running through a whole dictionary of names and adding a known domain such as "@aol.com" at the end.

It is important never to reply to a spam mail, or to click on any "Unsubscribe me" link. This just verifies that your email address is real and is being read by someone. Your address will be likely to attract further spam emails.

The To: address is easily faked, so that spam to a list of people including yourself may appear to be sent to someone else (this is the way mailing lists work, by using a To: address which is the mailing list address).

"From:" addresses

The "From:" address of an email is not used by mail delivery software. It is trivial to fake the "From:" address and make it appear that the unsolicited email is coming from another company, a colleague, or even from your own address. Therefore replying to the "From:" address is not recommended and will do one of three things:

Send a message to a non-existent address. The message will bounce back to you.
Send a message to a real address whose owner had nothing to do with the original message. This will annoy that person and cause real problems with their mail server if many messages are sent.
Send a message to the real spammer who will be likely to flag you as a potential customer and a target of further junk emails.

What to do about it

Ignore it. Delete it. Don't waste your time.

However it is annoying to have to wade through lots of this stuff, so it would be a good thing to filter it out.

OUCS run filtering mechanisms which you can opt in to:

Blacklists. The mail comes from one of a list of known spamming mail servers.
SpamAssassin. Characteristics of the headers and contents of the mail are given a weighted score. If the score adds up to a particular threshold number, the mail has been characterised as spam.

If you look at the email "headers" (information at the top of any email message) you will find an extra line of text such as:

X-Oxmail-Spam-Level: ***

The number of asterixes after X-Oxmail-Spam-Level: show the likelyhood that the message is spam. (To look at the message headers, your email program will probably have options under the "view" menu such as "View Full Headers" or "View Source"). The line of text is inserted if the spam filtering mechanisms on the mail server think that a particular mail is spam. It is possible to filter mail that has this header line.

Caveats

The filtering mechanism normally works very well. However there is a real risk of characterising genuine email as spam and missing an important message, so for this reason it should not be deleted immediately. To avoid these false positives, mail characterised as spam should be delivered to a separate mail folder, "Junk". "Junk" should be reviewed periodically, after which the spam can be deleted.

Although there are filtering mechanisms in many email programs, it is better to filter on the mail server when messages get delivered. In this way the spam filter will be in place whatever email program is being used.

In Netscape 7 and Mozilla mail, message filter controls are on the Tools menu. These programs also have their own Junk mail filters. However, the technology is not as mature as the filtering done on the server, and again your email is not filtered if you use another program.

Setting up the filter

You can ask Computing to add spam filtering to your account. If your mail is not delivered to the Physiology mail server, and you read mail on Herald or another system, we cannot help you. For the record, this is how it is done.

In your email program, create a new Folder "Junk" on the mail.physiol.ox.ac.uk server (not a local folder).
Find your ".procmailrc" file in your home directory (drive P: on PCs). If it does not exist, create it with a text editor that can create unix format files with a dot at the front.
Make sure that .procmailrc starts with the line

SHELL=/bin/sh

Add the following lines to .procmailrc

# junk mail filtering using OUCS SpamAssassin header with score 5 or more
:0
* ^X-Oxmail-Spam-Level: \*\*\*\*\*
|/usr/local/bin/dmail +mail/Junk

To increase the threshold score for SpamAssassin, add further instances of \* to the ^X-Oxmail-Spam-Level: line. Reduce the score (i.e. make the filter stronger) by removing one or more \* (but you will be open to more false positives).

Other sources of information

SpamAssassin

Spamcop

MAPS

You may also like to visit the OUCS pages on junk mail

This page is maintained by .
It was last modified on: Thursday 03-Jun-2004