Central Anti-Spam Measures 

Email Icon

This page describes the measures taken by ISS to limit the damage done by Spam.

Back to Spam     Wrongly Identified Spam    


ISS Anti-Spam Measures

ISS is fighting Spam by doing the following:

  • SpamAssassin - ISS checks all incoming mail with the SpamAssissin program.
  • MAPS RBL list - subscribes to the mail blocking services recommended by UKERNA.
  • Using Spam Filters - recommending that use move marked Spam to Junk mail folders.
back to top

The MAPS RBL List 

The MAPS (Mail Abuse Prevention System) RBL (Realtime Blackhole List) is a list of known Spam mailers which subscribed to by UKERNA. For further information see:

back to top

SpamAssassin  

How Spam Assassin Works - ISS runs a program that checks all incoming mail. It creates a score for icoming messages using various criteria.

The success of ISS anti-Spam measures are tricky to calibrate exactly. A current estimate of the success of the various measures taken is as follows:

  • 30% of Spam is blocked by 'blocking Services' before it gets to the University.
  • 68% of Spam is detected by SpamAssassin on arrival on-campus and marked as *ISS-Detected SPAM*.
    • the highest scoring 10% of *ISS-Detected SPAM* is deleted by ISS before it gets to people's inboxes. The threshold will increase to 20% on 22/08/2007.
    • the rest of *ISS-Detected SPAM* is delivered to the user.
    • Outlook 2007 has a 'Junk-eMail' filter which can be turned on. The Outlook Junk-mail filter moves mail that it regards as Spam to Outlook's 'Junk-Mail' folder. This can result in false positives (see notes on this page).
  • 2% of Spam is delivered is undetected and unmarked.

Over the past twelve months the amount of Spam has varied, the current trend is for an increase in the amount of Spam received.

How the SpamAssassin Spam Filter Works 

Some of the things the filters look for are obvious. Words like "viagra" and "make money fast" in the message all add small positive amounts to the score. The text that comes as part of images, or is downloaded from the web only when you actually read the message, can't be scanned - but the filters do assess the message for how much text they contain as against how much web content; whether the web content contains a lot of ALL CAPS, bold text in large font sizes and so on.

More weighting is given to 'delivery' information that accompanies each message (you don't normally see this when you read your mail). The bulk mailing tools used by spammers tend to leave their signatures here, and the filters evaluate whether the information is consistent, realistic, or has known bulk-mailer characteristics.

Does this mean I'll never get spam again?

Unfortunately, no. Although the approach used by the filters is very successful, and can be tuned over time to recognise spam even better, tests show that just over 80% of the spam that comes in to the University can be detected. However, that's a very substantial reduction.

The filter system we are using has been widely adopted by UK universities and around the world. SpamAssassin is being constantly developed to improve its detection rate. Of course, spammers are at the same time adapting their techniques to beat it; it's a classic Darwinian struggle for survival, and the advantage will constantly swing from one side to the other.

What else is ISS doing to combat spam?

Besides the new spam filtering system, the central mail hubs will continue to use a so-called "real-time blocking list" or RBL that's provided by UKERNA, the organisation that manages the universities' JANET network(JANET (Joint Academic NETwork) provides the University's connection to the Internet). This is a list of computers that are known to be sources of spam, and the mail hubs will refuse any messages coming from machines named there.

We'll be looking at augmenting this centrally provided RBL with others to improve coverage. The mail hubs will also be set to use some other techniques to refuse acceptance of incoming mail where the reply address is invalid - a favourite trick of spammers to cover their tracks.

Will genuine messages get lost by mistake?

Tests indicate that with the filters' sensitivity set to detect about 80% of the incoming spam, there should be very few, or even no, cases where genuine mail is mis-identified as spam. However, the system will be monitored carefully, and if you believe that you're not getting mail that you expect, you should contact ISS.

It does sometimes happen that the mail hubs refuse a genuine message from a legitimate source that happens to be listed in an RBL. This means that the machine trying to send the message has been seen in the past to deliver spam, and its administrators need to take action to secure it. The error report that goes back to the sender explains this, and it's up to the sending side to fix their problem.

©Lancaster University   ISS Governance   Computer User Agreement   Privacy & Cookies Notice  

Lancaster University
Bailrigg
LancasterLA1 4YW United Kingdom
+44 (0) 1524 65201