Spam at CU-Boulder — Frequently Asked Questions

General Questions and Answers about Spam

What is spam?
The word spam is derived from a skit performed by the Monty Python comedy group. Its use today refers to unsolicited, commercial e-mail. ITS' mail servers process more than 1.5 million incoming e-mail messages on a typical day. It is estimated that as much as 75 percent of these messages are spam. Add to that a growing number of viruses and you begin to understand the scope of the problems that unchecked e-mail could pose to a network like CU-Boulder's.

Why is there so much spam?
The amount of unwanted commercial e-mail continues to increase at an exponential rate, since sending bulk e-mail is a cheap and easy way to market a product or promote a scam. Many internet service providers, especially those outside the U.S., take few precautions to ensure they are not aiding in the spam process.

How do they get my address?
A variety of ways, including reselling by other spammers, random guessing of addresses, and harvesting of e-mail addresses posted in usenet news forums, bulletin boards, and web pages.

Does CU sell e-mail addresses?
No, CU does not sell e-mail addresses. Recognized departments and affiliates are permitted access to the campus ememo and Buff Bulletin services when they have large numbers of e-mail to send to faculty, students, and staff.

Should I click unsubscribe when I get a spam message?
No, it's best to delete messages. Clicking an unsubscribe link may confirm to the spammer that your e-mail address is working and is being used actively. Such 'live' e-mail addresses are valuable and can be resold to other spammers, resulting in even more spam sent to you.

What should I do with the spam messages I receive?
We recommend you delete the message and empty your deleted items folder periodically to reclaim space consumed by deleted messages. For all faculty, staff, and students who use CULink or a different ITS e-mail server such as spot, ucsu or rintintin, you can create filters in your e-mail client.

Also, resist the temptation to respond to it or to visit a web site that claims you can be unsubscribed. Often those are decoys used to determine whether your address is valid. Once you acknowledge to a spammer that your account is active, the address becomes much more valuable and may be resold to other spammers. Spammers often falsely claim that you have requested to be on their list. Responding to such claims confirms the validity of your e-mail and makes it likely you will receive even more unwanted e-mail. Legitimate businesses will recognize and honor list removal requests, but it's not always easy to determine whether a business has such integrity.

If you feel a message is threatening, contact the appropriate law enforcement agency immediately. If a message appears to be fraudulent, contact the Federal Trade Commission.

If the message originated at CU-Boulder, it should be forwarded to abuse@colorado.edu for investigation. However, be aware that most return addresses are forged, and what appears to originate here may have come from somewhere else. Please verify through reading the full e-mail headers where the e-mail came from before forwarding to abuse. For information on deciphering e-mail headers, contact your departmental Tier 2 CSR. If you do not know who your Tier CSR is, you can find that information on the Tier 2 CSR look up web site tool at www.colorado.edu/its/tier2/lookup.html. For more information on headers visit www.stopspam.org/e-mail/headers/headers.html

Should I file a complaint about spam to ITS?
Very little spam actually originates at CU-Boulder, though it often appears otherwise. Unless you view full headers, you can't tell where it came from. Even with full headers, it can be difficult to track the actual path the message took to get here. If you are sure the spam originated at CU-Boulder, file a complaint by forwarding it with full headers to abuse@colorado.edu

What they're selling sounds too good to be true - how can I tell?
There are numerous web sites devoted to exposing scams and other fraudulent practices. See the section "All about frauds and scams on the Internet" at www.elsop.com/wrc/complain.htm

Are there laws governing spam?
Yes. The CAN-SPAM Act of 2003: Requirements for Commercial Emailers. More information can be found at : www.ftc.gov/bcp/conline/pubs/buspubs/canspam.htm

What are full headers?
All e-mail messages have heading information that indicates how they got from the sender to you. Typically, you see only a few header lines - To:, From:, and Subject:. These header lines are unreliable because they can easily be forged (a result of the open standards used for e-mail on the Internet). To track down the point of origin of a message, you need to view all of the headers - what we call "full headers." To learn more about ITS e-mail headers, and what the headers mean, visit www.colorado.edu/its/email/headers.html. For more information about full headers, see: http://www.stopspam.org/e-mail/headers/headers.html

ITS Spam/Virus Blocking and Spam Filtering

What is ITS doing about spam?
ITS recently began using new technology to process incoming e-mail for spam and viruses for the CU-Boulder campus. By implementing a technology that can be described as a spam and virus firewall the load on the university's servers has been significantly reduced which is translating to improved performance for mail users. Messages will be scored on a scale of 0-10. Any messages scored between 4 and 8 will be delivered to your e-mail account, but marked as "Potential Spam." Messages scored above 8 will be blocked, and therefore not delivered tor your e-mail account. To learn more about this go to www.colorado.edu/its/email/markingspam.html.

How does ITS determine what messages are blocked or tagged as spam?
ITS scans incoming messages and uses an extensive collection of rules to determine the likelihood that a message is spam. Based on this likelihood, messages are given a score. The higher the number, the more likely a message is spam. Messages with a score between 4 and 8 are marked as "Potential Spam," while messages with a score higher than 8 are blocked and never delievered to your e-mail account. If the message is flagged as "Potential Spam," and delivered to your e-mail account, the scoring information will appear in the message header. To learn more about this go to www.colorado.edu/its/email/markingspam.html.

What do I do if a legitimate message was blocked?
If you are certain that a legitimate message was blocked and not delivered to your e-mail account, contact the IT Service Center right away at 303-735-HELP (5-4357 from an on-campus phone). Please have the following information ready to provide the service agent:

• From (who the message is from)
• To (who the message is to)
• Date
• Time
• Subject

If you contact the IT Service Center within three days of missing a legitimate e-mail, there is a possibility that the message can be retrieved and delivered to you.

If legitimate message from that host continues to be blocked, call the IT Service Center 303-735-HELP (5-4357 from an on-campus phone) for further assistance.

What happens to messages that are infected with a virus?
The ITS technology recently deployed will block a great number of viruses. That means, that many virus infected e-mails will not be delivered to your e-mail account. However, the implementation of this new technology does not change the fact that all e-mail users must still be vigilant to limit the spread of spam and viruses. If you haven't already done so, you should install CUantivirus. CUantivirus is intended to provide antivirus coverage at no cost for each CU-Boulder faculty, staff, and student for both work and home/personal use.

Do I still need to use antivirus software?
Yes. The implementation of this new technology does not change the fact that all e-mail users must still be vigilant to limit the spread of spam and viruses. If you haven't already done so, you should install CUantivirus. CUantivirus is intended to provide antivirus coverage at no cost for each CU-Boulder faculty, staff, and student for both work and home/personal use.

What are 'false negatives'?
False negatives are messages that you consider to be spam but which were not flagged as such. This occurs when the spam score associated with the message falls below the threshold and so it was not categorized as spam. If you would like to report a "false negative" and have the host added to the blocklist, forward the message to spam@colorado.edu.

What are 'false positives'?
Messages incorrectly marked as spam are known as false positives. Some legitimate messages contain many of the characteristics of spam, such as common spam phrases or HTML tags. If enough of these spam-like attributes are found, the score for the message will have a score higher than 4. Messages scored between 4 and 8 will still be delivered to your e-mail account and flagged as "Potential Spam." Messages cored higher than 8 will be blocked and not delivered to your e-mail account. If a blocked message is found to be a "false postive," contact the IT Service Center within three days. ITS also recommends that you periodically review your e-mail marked as "Potentital Spam," for false positives.

How frequently do false positives occur?
Our testing shows fewer than 1% of messages are incorrectly flagged as spam. The risk of improperly flagging messages must be weighed against the loss of productivity, resources, and offensiveness of the flood of spam the campus experiences.

How do I filter messages marked as "Potential Spam," into a separate folder?
Filtering allows you to easily sort through incoming messages and separate them into other folders based on content, such as the sender and subject of the message. Most e-mail clients support the customizable filters. For help filtering spam, go to www.colorado.edu/its/email/filterspam.html.