• Students »
  • Computer Accounts
  • Email
  • Web Publishing
  • Computer Training
  • Student File Server
  • Policies
• Faculty & Staff »
  • Computer Accounts
  • Email
  • Web Publishing
  • Computer Training
  • Mercury File Server
  • Home Computing »
    • Anti-Virus Software
    • Connecting to Mercury
    • Connecting to UWB Computers
    • Webmail
  • Policies
• Laptop Support »
  • Wireless Networking
  • Protecting Your Laptop
  • Registering Your Laptop
• Computer Labs »
  • Computer Lab UW1-102
  • Printing in the Labs
  • Lab Hours
  • Yearly Breaks & Closures
  • Computer Class Labs
• Helpdesk
• Network Operations
• Web Services
• Knowledge Base
• Policies »
  • Knowing the Rules
  • Software Policies
  • Standard Supported Software
  • Attachment Blocking Guidelines
  • Access Request Guidelines
  • Hardware Support Policy
• Staff Directory
• Contact Us

Anti-Spam Policy

• Preventions: How to keep them from starting?
• Counter-Measures: They're already here, how do I protect myself now?
• Technology: Is there anything your IS staff can do?

Preventing receipt of unsolicited mail and trying to take action against those sending it can be difficult to impossible. That being said, there are quite a few ways to minimize its impact on your daily computing here at UWB, which I will outline in this e-mail as briefly as possible.

Preventions: How to keep them from starting?

Problem 1: I have to provide an e-mail address to access services on the internet. A major source for people seeking lists of e-mail addresses for interested consumers is purchasing them from other companies. Even if you make sure to clear all the "please send me" checkboxes when filling out an internet form or application, that does not always prohibit the company from selling blocks of addresses to people that are happy to send you ad's for their products as well.

Prevention: Do not use your work e-mail address when subscribing, purchasing, or signing up for anything, on the internet. Instead use a personal address for any on-line subscriptions you make or, if you don't have one you want to use for this, free mailboxes are available through many popular websites including hotmail, yahoo, and an host of others. Log on once a month and clean it out and your work life will be much more pleasant.

Problem 2: I have asked to be e-mailed ad info, but now I want it to stop. If you have been receiving ad's legitimately, the company is under no obligation to stop mailing you their info on a regular basis. The fact that you haven't been responding is no deterrent to them, and because e-mail ad's cost them virtually nothing, there is no impetus for them to "give up" on you.

Prevention: Take the time to notify them. Legitimate companies are forbidden, by law, from sending unsolicited e-mail. As a result, they are required to include directions or links to facilitate the removal of your address from their distribution list. The steps are usually simple and straightforward and will ultimately save you enough grief to make taking them worthwhile.

Problem 3: All I did was click on a link in an mail advertisement, now I can't stop them. This can be dangerous because these links can be tricky, unreliable, or even dangerous because they start out knowing your e-mail address. When you click these links they may not only take you to the site, but also let the advertiser know it was the e-mail they sent to your address that prompted you to come. Now they know that by sending to your address they stand a chance of getting a response, and this only encourages them to send more ads to you.

Prevention: If you see an ad or a site you'd like to explore in one of these messages, instead of clicking on the links included, open a browser, manually find the company on the web, and explore the website anonymously. In this way, you can decide if they are worthy of your knowing your e-mail address.

Back to top

Counter-Measures: They're already here, how do I protect myself now?

Case 1: I received a SPAM mailing, but there's no removal information or links. This type of illegal SPAM often arrives from addresses ending in @hotmail.com, @yahoo.com, or some other .com that advertises free e-mail boxes. There are two common instances for this, 1) the mailbox was illegally set up just for the purpose of SPAM'ing, or 2) they have altered the mail so it appears to have arrived from that fictional address (commonly referred to as "spoofing").

Case 2: I received a SPAM with some extremely objectionable content. This is another illegal practice that has become pervasive in the world. First off, if you receive one of these offensive offerings, try not to take it personally. You didn't do anything to deserve them; they are as much a part of the SPAM'ing community as the credit card SPAM, or debt consolidation SPAM. While some of these companies are legitimate organizations, plenty more are completely unscrupulous "evil-doers," even to the extent that often they provide links claiming to be for removal, that really put you on more "bad" lists.

Case 3: I received SPAM from a mailing, or distribution list I subscribe to. When a SPAM'er gets a hold of an address sends to a list of subscribed e-mail addresses, its open season for them. Everybody on that list gets a copy and they are guaranteed to get a large distribution with minimal effort. Depending on how many users in a given site are subscribed to the list, this can cause real havoc for the computing department of that institution, both in excessive information storage, and unhappy users.

Counter-Measure 1: Delete these messages unread. More often than not, the subject line alone will give you an indication that the content of a certain e-mail will be unsavory. By simply sending it to your deleted items folder, you can save yourself the hardship of having to view any objectionable content. If you are an outlook user, we recommend you turn off the "preview pane" for your inbox. (Highlighting the inbox, clicking on the "view" menu, and deselecting the "preview pane" option do this.) In this way, you can audit your unread messages without being exposed to their content.

Limitation: Blank subject lines won't help you identify SPAM in this way. This is no guarantee this will deter the SPAM'er.

Counter-Measure 2: Contact the e-mail provider and/or your local support provider. By contacting the e-mail abuse department of the SPAM'ers provider, you can have the offending mailbox shut down. In most cases you will receive a form letter from them explaining that they will investigate, but that their address may also have been "spoofed" (as above) onto the SPAM. "Spoofing" is an effective way around this counter-measure, but does not make it invalid. Bothell Exchange users can report malicious SPAM by mailing to abuse@uwb.edu.

Limitation: If an address is spoofed, this measure is not effective.

Counter-Measure 3: Use your e-mail program's built-in filtering functions. Many of the most popular e-mail programs come with built-in e-mail filtering services that will dispose of unwanted e-mails for you even as they arrive. On the Bothell campus, the Outlook 2000 program is our recommended platform for e-mail usage. Outlook contains a service called the "Rule's Wizard" under the "Tools" menu, that allows users to set automatic conditions for many aspects of mail handling. For this service, inbound mail can be audited by sender, subject, body or an assortment of fields to identify it as a certain type of mail, and then it can be directed to the appropriate folder in your mailbox...for SPAM, we recommend the deleted items folder. This is a powerful tool, but delicate, and as such we recommend beginning users avoid its use until they are more familiar with the Outlook program.
Filtering in Outlook: http://www.uwb.edu/computing/knowledgebase/filter.xhtml
Filtering in Pine: http://www.washington.edu/computing/faqs/html/pine.filter

Limitation: Effective even against spoofing, there is no guarantee that every SPAM will fit into the conditions of your rules.

Back to top

Technology: Is there anything your IS staff can do?

Bothell Exchange Servers: These local mail servers do have their own layer of filtering to assist us in keeping unwanted mail from reaching our users. This function however was not intended for SPAM mail, but rather to protect our users from entire sites that have repeatedly proven troublesome and show no signs of being able to resolve their challenges.

Limitation: This service can work to filter out unsavory advertisers at the source, but the practice of spoofing also limits its effectiveness. Additionally, free e-mail providers (who are frequently used to send SPAM) cannot be blocked in this way as this would also prevent legitimate mail transfers with these sites.

Bothell Exchange Anti-Virus Scanners: Users of the Bothell Exchange Servers are protected constantly by our server side anti-virus application, Antigen. Antigen checks incoming mail for known virus's, and cleans infected mail before it is delivered to our users. While this service is not technically a SPAM prevention service, it does prevent malicious payloads attached to seemingly benign mail from reaching you, and should therefore be mentioned among these services.

Note: In an effort to expand the capabilities of the virus scanning software, we are currently pursuing the development of an additional service that may allow us to do much more detailed filtering, specifically for SPAM e-mails. While this service is not currently available, we are hopeful to have this extra layer of support in place before Winter Quarter, 2002.

Seattle Mail Servers: UW Computing and Communications using the policies and practices they have developed over the years operate servers like Homer and Dante. C&C's policy for junk mail can be found at: http://www.washington.edu/computing/faqs/html/email.junk. We highly recommend you visit this FAQ if you wish to explore organizations that actively seek ways to put an end to the SPAM scourge.