How does CSE deal with spam email?
Spam emails (also known as unsolicited or bulk commercial emails) are an annoying problem for many users. Since spamsters use a variety of techniques combatting the spam is not simple and a multi-layered approach works best.There is a FAQ on dealing with Filtering out spam at the user level. Users can take advantage of the fact that both the CSE and UNSW mailservers have Spam Assassin installed and that CSE sends all email received from non-UNSW addresses to the UNSW mailserver for spam and virus checking. CSE's mailserver has Bayesian learning enabled and is regularly trained with examples of spam received by CSG members.
However, since the mailservers have to cope with many thousands of emails per day it is preferable to reduce the amount of spam email received in the first place. CSE has thus installed several tweaks to its email system to turn away spam right at the start of the SMTP transactions. Indeed these measures were introduced before the installation of Spam Assassin and proved very effective in reducing the amount of spam entering CSE. Observations of the characteristics of the spam received by users led to the following changes to the CSE mailserver:
- A dummy mailserver, blackhole.cse.unsw.edu.au, was setup in the DNS with a high MX value, since spam seemed to be attracted to that (whereas a correctly configured mailserver looks for the lowest MX value). You can see this by typing host -t mx cse.unsw.edu.au. Mail received by blackhole is dumped;
- emails without a valid Message-ID field are dumped. A correctly configured mailserver will insert a Message-ID field as recommended by RFC 822;
- emails where the domain name in the SMTP envelope does not match the domain name in the mail header (the Sent or From fields) are dumped, since this strongly indicates forged headers. Forged headers are common in viruses and spam, but not legitimate email.
- a small blacklist of addresses that have proved troublesome is manually maintained to capture at least some of the spamsters whose junk manages to bypass the above measures. Since spamsters like to change the address they use every so often, the blacklist is updated on a semi-regular basis and does not attempt to be comprehensive. There is little point adding the address of a spamster who spams a small number of CSE accounts once and then never returns, under that name anyway;
Dumped emails are saved for a short time, so that they can be checked if users complain of not receiving legitimate emails. Unfortunately even legitimate mailservers aren't always correctly configured. A whitelist of such servers is maintained.