Spam - FAQ

Tabs

Detailed help

1. What is spam?

Spamming (spam, bulk mail, junk mail, unsolicited bulk email...) is email or news communication sent to several recipients without their permission. Spam can be commercial, political, religious or ideological.

Primarily, it should be assumed that everything a spammer says is spam:

  • If a message offers an opportunity to exit a list with a remove command, it should not be used.
    • Spammers use remove requests to ensure the address is working, which will only increase the amount of spam.
  • The From: and To: fields of the message are always fake.
    • Do not answer to the address in the From: field, as a nonexistent or completely irrelevant address is usually marked as the sender
  • The start This is not a spam is a classic sign of spam.
  • A RE: or "As you requested" in the header, referring to an answer, is false.

The only common exception to the above is domestic direct marketing where the advertiser is completely oblivious of legislation. In Finland, the Act on the Protection of Privacy in Electronic Communications 516/2004) unequivocally forbids unordered direct marketing. Finnish spam should always be reported to the Data Protection Ombudsman. The contact information is on the front page of the Office of the Data Protection Ombudsman, and the site also has more detailed information on making a report.

2. Why is spam bad?

Spam not only pesters individual users by wasting their time, the most valuable resource of the university, but also threatens the operation of the entire mail delivery infrastructure of the net.

Spam is practically free for its users, so it can be sent in incredible numbers. The consumer of the advertised product or the recipient of the advertisements does not pay the expenses; instead, every Internet user does, indirectly. A comparison to spam is not free advertising mail, but a situation where an advertiser prints advertisements in the expense of Company PLC and drops them off in the name of Enterprise PLC to the lobby of a post office, blocking the way to the PO boxes.

Organisations, whose mail server has been hijacked to serve as a spam transmission server, especially suffer from spam. This is why mail servers should not allow transmission use for anyone besides their own users.

3. What can I do after receiving spam?

The easiest method is to destroy the spam without opening it.

However, it is also possible to influence the issue in small steps by issuing a complaint about received spam messages to the network service provider of the real sender.

You can report spam e-mail in accordance with these instructions.

4. I have received spam intended for someone else. Why?

Usually, the header fields of spam (To, Cc, From) are filled with junk and actual recipients are not written in the header information at all (compare Bcc, Blind Carbon Copy field in mail programs). Often, the sender and recipients displayed in the header information are either nonexistent addresses of victims randomly selected from a list of recipients.

Email is not delivered on the basis of the To fields displayed in the header information, but on the basis of the addresses in the message's "envelope", which usually are the same in normal email communications as the To and Cc fields.

Email works somewhat like official mail: the message is logged/diarized in the "record office" of the receiving end, the original envelope is disposed of, and the actual recipient only receives the recipient information in the paper itself, which is or is not the same as on the envelope.

5. Someone is using my name for spamming. What can I do?

As explained above, the To and From fields of an email can be defined by the sender and do not affect the delivery of mail. The sender's name and address are as easy to fake in an email as in a traditional envelope. It is equally difficult to find out the culprit.

If the error messages resulting from a hoax become an issue, hundreds or thousands of messages, you can ask the mail administration to investigate the matter. These cases may affect the operation of the entire mailing system.

If someone tells you they received spam from you, you can kindly try to explain what it is about. There is no need to grow anxious. This is a way to learn not to answer to the sender address of spam.

6. How can I protect myself from spam?

6.1. Prevention

Prevention is the most important method. Do not give your address to just any site. If a suspicious site requires your email address during registration, use a free, insignificant address. Never allow advertisement mail if it can be prohibited. Your information will be disclosed to third parties.

Never follow the spam messages' advice for unsubscription. These are almost always scams to ensure your address is working.

If your mail program automatically downloads images to display them, disable this function. Image links often have a coded information on the address from which the request came. This is another way for a spammer to make sure your address is working. Never click or follow any links in spam messages.

If you publish your address on a website, code it so that the address can be read by people but not by bots. Online sites are mechanically scanned for collecting addresses.

Email addresses are also collected from news groups and mailing lists if the messages are published somewhere.

Spammers have so many methods that the only guaranteed way of avoiding spam is to stop using the Internet. As this is not an option, it is good to have some methods for the prevention of spam.

6.2. Filtering spam in the mail program

Mail programs often have management tools which can be used to filter mail according to given conditions. The conditions are often based on the words in the message headers. Messages from a certain address can, for instance, be sorted to a mailbox, or destroyed as the messages arrive. These filters can also be used to filter spam at a user level.

E-mail clients also have filtering options supporting sorting rules. These filters also concern only the messages read with the programs in question. Filtering is only carried out after the mail retrieval event. Even if the user cannot see the spam, connection time and server disk space is spent on spam, as the mail is on the server until it is retrieved with the mail program and the program's filters have access to it.

6.3. Filtering spam on the mail server

In some cases, mail can also be sorted on the server. This is more efficient for both the user and the mail system. It is also possible to use one's own word or address lists, but the best result is achieved by utilising the centralised spam identification.

The same method can be used to sort messages from a certain address to a mailbox, or destroy them immediately as they arrive. This sorting is more suitable for sorting messages from a certain mailing list, for instance. However, it can also be used to filter spam.

Procmail

Those who read their mail in an unix system can use the very versatile Procmail program to filter their mail. All mail arriving for a user in unix is immediately processed with it. However, Procmail is quite complicated, and it is recommended to read its instructions carefully before implementation.

6.4. Problems with user-driven spam prevention

You can filter spam yourself. Server filter lists and databases are an even better way. It is difficult to draft conditions based on the words appearing in message headers in advance. Of course, the sender information or header row of a spam message is not known until they are read. The sender and recipient information of a header are usually fake and change from message to message. Words and character strings appearing in certain headers can, of course, be used as filter conditions (such as "Make money fast!") but this is quite desperate due to the large range of headers.

In addition, one should be cautious so that actual mail is not filtered as spam. This is why it is not recommended to automatically delete messages that look like spam, but to sort them in a separate folder which is reviewed more seldom than other mail.

User-driven spam filtering, even at its best, cannot reach as positive results as extensive prevention with servers. The university's mail systems reject tens of thousands of spam messages a day with the help of different black lists. This is carried out immediately as the mail arrives, and the messages are not saved in the users' mailboxes.

The university uses centralised spam identification which filters suspicious messages from all incoming mail and marks them with special header information. Based on this, the users can automatically sort spam in their preferred folders, if they wish. This already achieves quite positive results in spam prevention.

7. Spam prevention in the University of Helsinki

The IT department attempts to reduce the damage of spam on the resources of the university's mail system and on individual users by filtering spam as well as possible at a server level.

7.1. Filtering principles

Filtering is carried out automatically. A message is rejected on the basis of online addresses found on the black lists maintained by third parties. The origin of a message is removed from a black lists when it fixes its server settings so that spam cannot be sent through it. Automatic prevention uses a number of different black lists.

See instructions for exiting each black list on the list sites:

We avoid from address filtering, with the exception or some large, active attacks from relay computers, whereupon the from address used in the attack may be temporarily filtered, as well as disturbance cases, whereupon we filter an address on the request of a user.

7.2. Content analysis of messages

In addition to the aforementioned prevention methods, we are using mechanical spam identification. Mail is not rejected on the basis of the identification as the risk of error is too great. University's identification software conducts different tests on the messages based on general signs of spam and statistical analysis.

7.3. Prevention of relay attacks

In a relay attack, a spammer finds an unencrypted mail transmitter online and hijacks it, sending their spam through the transmitter. In this case, the counter-reactions are directed at the transmitter and the culprit can cover their tracks.