Jump to filtering instructions

What is Spam?
According to WikiPedia, "Spamming is the abuse of electronic messaging systems to send unsolicited bulk messages, which are universally undesired." See the full entries for spam and email spam for more detailed information.

Where Does it Come From?
Often, spam messages you receive come from a forged address. That means the email address or even the name of the sender of a spam message, as it appears in your mail client, is not necessarily the person who really sent it. Commonly, people who send spam will try to make it look like someone else in your organization is the sender of the spam, in order to trick you into thinking the message is a legitimate email. Spam messages are commonly trying to sell you something.

Why am I getting spam?
People and organizations that send spam use numerous methods to find addresses to which they send their spam. The first, and simplest, method for gathering addresses is to scrape them off web sites and Usenet Newsgroups. Next, various Windows viruses and malware started appearing that would try to harvest anything and everything on infected computers that looked like an address book or even a single email address, and send them to a spammer for later use. Recently, spammers have resorted to dictionary attacks on mail servers, hammering the servers with requests to send to every user name conceivable in hopes that even a few messages actually find real recipients.

By far the most successful methods for address harvesting have been from web site scraping and address-harvesting viruses on PCs, though as collections of addresses grow, the spammers are having more and more success with dictionary-style attacks when sending their spam.

What can I do about it?
One possibility is to be proactive and avoid giving out your email address to anyone on the web who you suspect might turn around and sell your name to others or use it for unsolicited mailings. In practice, this is not an easy thing to determine, and there are numerous times when you do need to give out your email address.

Some people keep a second mail account somewhere, either through their ISP or via one of the free email services. They use this address for anything questionable. Another option is a temporary, disposable address. www.spamgourmet.com is one site that hosts these.

When you do receive spam, we suggest that you do not reply, not even to complain. If the return address is even valid, all complaining will do is tell the spammer that they have sent their junk email to a valid email address and that someone on the other end took the time to read their email. If anything, this makes you an even more valuable target.

Department Spam Processing
The CSE Department has recently aquired and installed a Barracuda Spam Firewall appliance which scans for viruses and spam in all incoming email to the CSE Department for @cs.ucsd.edu and @cse.ucsd.edu email addresses. The Barracuda is updated hourly with new spam and virus definitions by Barracuda Networks in order to try to provide more effective spam and virus filtering for our email systems.

What is the Barracuda?
The Barracuda is a specially-designed email server that acts as the incoming mail server for the CSE Department and actively examines all incoming email to see if it is Spam or contains a virus, worm or trojan program. The Barracuda system is backed by a support service that provides hourly updates to both the virus definitions and the spam filtering technology, in order to keep up as best as possible with the ever changing nature of Spam and virus email messages. Additionally, users can elect to create an account for themselves on the Barracuda, which will give access to additional features such as Quarantine of spam messages and the ability to custom-tune the spam filter based on declaring held messages as spam or not spam.

How does the Barracuda work?
By default, the CSE Department's Barracuda system is configured to evaluate every incoming mail message and score each message based on how "spammy" it is. Messages end up falling into one of the following categories:

1. Not spam, and not a virus payload.
2. Looks a little like spam, but might not be spam.
3. Matches known spam profiles, or evaluates as "spammy" enough that there is very little chance that it is a legitimate email message.
4. Message contains URLs that have been determined to be illigitimate phishing sites or the message happens to match, exactly, known spam or phishing messages, or the message contains a virus or an attachment with a virus.

In cases 1 through 3, the messages are delivered to your mailbox. In the final case (4), the message is never accepted by CSE Department mail servers and is instead rejected, so you will never see it in your mailbox.

How do I make the Barracuda work for me?
The typical way to use the system is to set up a mail filter using a method of your choice (see below for instructions using various mail clients.)

We recommend you set up this filter to save aside any messages marked as "likely spam" to a separate folder. You then periodically go through this spam folder, quickly making sure no non-spam ("ham") was put there by mistake. Then delete the spam.

There are several ways to filter the spam so that it doesn't clutter up your mailbox. You can set up rules to file messages into a spam folder as they arrive to your Inbox using:

• procmail
• Outlook
• Thunderbird
• Apple Mail
• Zimbra

If your mail account is on the Zimbra server, we strongly recommend that you create your mail filters within Zimbra.

To create additional rules in mail clients to more aggressively filter spam, see these instructions.

Additionally, Outlook users can install a plugin from Barracuda to train the system on individual messages by marking them as spam or not-spam via two new toolbar buttons.

The Barracuda offers additional capabilities and features, and documentation on what those are and how to use them will be forthcoming.

The system is by no means perfect. It has the potential for both marking ham as spam, and vice-versa. As a result, we strongly recommend using the spam scores only to filter the potential spam to a separate folder for later skimming, and not to just delete the potential spam without any human review.

Since the advent of filtering options in mail clients and software packages that perform spam tagging, spammers have been working to constantly re-craft the messages they send out. Because of this, some spam may not be scored as highly as you think it should.

Isn't there someone I can complain to?
Generally, Internet Service Providers are supposed to have and monitor an email address called "abuse" for people to register complaints about problem users. Sending a complaint to this address with the complete raw source of the spam message in question might get a response, if the information is clear enough and you've managed to trace the spam to the correct ISP. Often, though, there is simply too much to deal with, and you may receive no reply.

If you receive email that is objectionable, abusive, or threatening beyond the bounds of "normal" spam, please save the email and forward it and all headers to csehelp@cs.ucsd.edu.