Unsolicited Commercial Email (SPAM)


Returned Email Flooding (Backscatter)
Recent SPAM Statistics for PBRC
Worldwide SPAM Statistics

How Does SPAM Work?


For a more complete explanation of SPAM, see the Wikipedia entry for Spam (electronic).

Just about everyone receives unsolicited commercial email (SPAM). The amount of SPAM you receive depends on a number of factors, including the length of time your account has existed, whether you have ever posted a message on a public discussion board or Usenet newsgroup, the number of web page forms you've completed in which you entered your email address and whether you were in the addressbook of someone whose computer became infected with a computer virus. Once your email address enters the realm of SPAM mailing lists it is continually redistributed and combined on new lists, so the amount of SPAM you receive will tend to grow over time.

SPAM email is generated on dedicated servers that combine the advertising message content with forged email headers and send millions of such messages to a list of email address recipients. The messages are not directly delivered by the SPAM server, but relayed first through one or more computers to obscure the actual source of the message. SPAM relays are typically virus-infected computers belonging to unsuspecting home users. Because the header of each message is heavily forged, the To: and From: lines cannot be trusted to identify either the sender or intended recipient. Also, the use of email relay computers makes it nearly impossible to track the actual source of the message. SPAM servers are usually located in foreign countries so they are immune to the anti-SPAM laws that exist in the U.S.

Avoiding SPAM


If your account receives little or no SPAM email you can help to maintain this healthy situation. Use your PBRC or Hawaii.Edu only for "official" business or correspondence with close friends or relatives. For all other types of communication (e.g. registering on websites, ordering online, subscribing to email newsletters, registering software, etc.), use a "disposable" email address. Disposable addresses are easily obtained from sites such as hotmail.com, yahoo.com, google.com. These addresses can be used until they become overloaded with SPAM and then abandoned and a new account created.

SPAM Filtering


PBRC offers an automatic SPAM filter called SpamAssassin. When this tool is activated for your account it will scan all of your incoming email and give each message a score that indicates the likelihood that the message is SPAM. If the score for a particular messages is above a threshold value that you control, the message will be delivered to a mail folder called "SPAM". If the score is below the threshold, the email will be delivered to your INBOX.

To use this SpamAssassin, you must first contact the PBRC email administrator to activate filtering on your account. Then you can use the instructions below to use and control your SPAM filtering.

Managing The SPAM Folder


If SpamAssassin is active on your PBRC email account, all messages identified as likely SPAM will be deposited in a folder called SPAM in your mail folder collection. This folder will grow without limit as SPAM messages accumulate so it should be purged regularly. In addition, because SPAM filtering is inherently imperfect, you should scan the messages in your SPAM folder to see if non-SPAM message may have been mistakenly deposited there. If you find messages in your SPAM folder that should have been delivered to your INBOX, you should "whitelist" the sender of these messages to make sure they are not classified as SPAM in the future. See the next section for instructions on using the whitelist feature.

Typically the SPAM folder will have hundreds of unwanted messages and only one or two incorrectly classified ones. The method you use to purge this folder will depend on the email client you are using. Most graphical email clients (e.g. Thunderbird, Netscape, Outlook, Eudora, etc.) will allow you to easily select all messages in a folder. SquirrelMail has a "Toggle All" link at the top of the message list. In Pine, use the keystroke combination ;a (semi-colon A) to select all messages in the current folder. Once you have selected all the messages in the SPAM folder, scan the message list to identify potentially useful messages that were incorrectly marked as SPAM. As you find these, uncheck them so they are not part of the selected pool. To uncheck selected messages in Pine, use the : (colon) key. After you have scanned the messages and unchecked the ones that are not SPAM, you can delete all of the selected messages. In Pine, this is done by typing ad (apply, delete); also be sure to expunge the deleted messages when you close the folder. The messages remaining in your folder after the SPAM has been deleted are the ones that you determined to be non-SPAM. Save these to another folder or back to your INBOX.

Configuring SpamAssassin Options


SpamAssassin options are configured through SquirrelMail. Once you have logged into SquirrelMail, click on Options at the top of the browser window. Click the link for Spam Filter Configuration. The two things that you might want to change are the Spam Threshold and adding entries to the Whitelist.

The Spam Threshold determines how strict the filtering will be on your incoming messages. A lower threshold number will result in more messages being marked as SPAM, while a higher number will allow more SPAM messages to be delivered to your INBOX. The score that a given message receives from the SpamAssassin filter is shown in the headers section of the message. If, for example, your Spam Threshold is 2.0 and you notice that a number of messages are being delivered to your INBOX with scores between 1.6 and 2.0, you can lower the threshold to increase the filtering success on these marginal messages. If the threshold is set too low, non-SPAM email will be sent to your SPAM folder. Change the threshold in increments of .1 or .2 and see how the new threshold affects your email before changing the number again.

The Whitelist is used to make sure messages from certain people or sites are never marked as SPAM and always delivered to your INBOX even if they would have scored above the threshold for SPAM. Enter an email address in the blank form field and click the icon that looks like a floppy disk to save the address to your whitelist. Addresses can later be deleted by clicking the trash can icon next to the address. Addresses may be entered with * (asterisk) to indicate a wild-card. For example, to allow anyone from NSF to send you email that will never be marked as SPAM, you would enter *@nsf.gov in the whitelist. To disable SPAM filtering on any email originating at a government site, use *@*.gov.