Unsolicited bulk email, commonly called "spam," is a problem for every electronic mail system on the Internet today. Drexel is no exception. This form of Internet abuse is known to virtually anyone who has ever had an email account. It is commonly estimated that spam on the Internet is doubling every three or four months, give or take as new measures of spam blockage are developed.
What IT does to Fight Spam
Our server-based spam defenses block and filter a vast majority of spam sent to Drexel email inboxes. Here are the mechanisms we currently have in place.
Our first line of defense is a set of remote blocking lists that are maintained by various spam-fighting organizations (for example, Spamhaus). These lists consist of computers and servers that are either known spam sources or known to be vulnerable to spam operations. These lists are generally updated every day.
Drexel also maintains its own additional blocking list, which is based on the largest-volume spammers that get through to our servers. We generally update this list each day based on the previous day's spam haul.
We also use an internally-developed utility that performs enhanced matching against blocking lists. (This utility alone blocks between 30,000 and 250,000 spam messages daily.)
Spam blocking should protect us from systems dedicated to generating spam. The chance of it rejecting a real piece of email is very small. We are conservative in the blocking lists we use; occasionally, we stop using a particular external list if its blocking criteria are too aggressive.
While it is not likely, a legitimate email source can sometimes get blocked. All blocked messages are returned with an appropriate error code that tells the sender that the message was not delivered. If you believe you have not received an expected message due to Drexel's spam blocking, please email IT's Help Desk at email@example.com.
Spam filtering (PureMessage)
Spam that is not blocked based on its source then hits our second line of defense, the Sophos PureMessage spam filter system. PureMessage compares each email message to a long list of possible spam indicators in both the email headers and the contents. The more clues that match, the higher the probability that the item is spam.
At Drexel, any message that PureMessage thinks has at least a 70% chance of being spam is tagged and moved to the recipient's individual Junk Mail folder.
You can see the spam-likelihood score that PureMessage has assigned to any particular piece of email -- as well as the factors behind that score -- by looking at the full email headers. (Although Cornell's implementation of PureMessage is a bit different from ours, their PureMessage Web page offers a good explanation of the principles.) Almost every day, PureMessage provides updates to their spam-detection rules that we then apply.
Any message with a score of 70 or greater (which, according to the SPAM utility and our own testing, is almost always spam) will have a prefix such as [SPAM:XXXXXXX] added to the subject line of the message.
The number of X's corresponds to the spam score the message received (e.g. 7 X's=70, 9 X's=90). Global filtering has been set up to file any message with this prefix in the subject line into the email client's Junk Mail folder for IMS inboxes. Therefore, SPAM will not be deleted by the system, but will be automatically filed in an email folder readily accessible to the user. Exchange mail users can create a run in Outlook or Exchangeweb to filter messages with the prefix '[SPAM:XX' to their Junk Mail folder.
Managing your Junk Mail folder
As with any folder, IMS Users must subscribe to the Junk Mail folder to view its contents. Since IMAP is the only protocol that uses Junk Mail filtering reliably, the folder will not be visible to POP3 users. However, POP3 users can use Webmail or an IMAP client to view the Junk Mail folder if necessary.
The mail server will delete the contents of the Junk Mail folder in 28 days.
IMPORTANT: Users are responsible for checking their Junk Mail folder for messages incorrectly identified as spam. Once per week, the Exchange server will also delete messages older than 28 days and will move the messages into the user's deleted items folder. It will also send a short mail message indicating how many messages have been moved.
However, as we all know from the regular offers we get for instant wealth from distant shores and unnatural enlargement of body parts, some spam still gets through despite all of these defenses. We estimate that PureMessage is detecting about 90% of the actual spam that gets past the spam blockers. We are currently evaluating alternatives to PureMessage to see if any of its competitors might do a better job.