 |
 |
|
|
||
|
 |
Department of Engineering |
|
|
|
|
| University of Cambridge > Engineering Department > Computing Help > Mail |
"Junk e-mail" (also known as Spam) is on the increase. It is a loose term which can cover unsolicited advertising material, offensive messages, chain letters and off topic messages on mailing lists.
Junk e-mail may not be sent from Engineering Department systems; any user of departmental systems who generates junk mail will be subject to the normal disciplinary rules.
If junk mail comes from other educational sites, especially those within the UK, action can normally be taken to prevent any recurrence of abuse. Commercial sites vary greatly in their response to junk mailers, ranging from those who will terminate accounts for such abuse to those set up specifically for junk mailing.
Yes. There are various ways in which junkmail can be dangerous:
Phishing is the name given to the practice of trying to trick you into giving away your login details, perhaps to a bank account or to something like paypal. The emails will often look official, and might tell you that your account will be cancelled unless you log in and verify your details. They usually give a link which looks like it goes to your bank, but which is really a fake. You should always be suspicious of any mail which asks you to click a link and fill in your details. If you think it might be a genuine request you should type in your bank's usual address into your web-browser, or use your usual bookmark, and log in as normal there, rather than following the link in the email.
More information on how to spot phishing emails can be found here: http://www.banksafeonline.org.uk/
Please note we will never ask you to tell us your username and password either by email or via a webpage. If you see mail which appears to do so please report it to Postmaster (postmaster)
The are various different sorts of advance free fraud. You will sometimes see them referred to as 419 scams, after the relevant section of the Criminal Code of Nigeria, or just as Nigerian scams since this is where they first originated. They usually all take a very similar form: you are asked to help someone recover a large sum of money from a foreign country, and in return you are offered a portion of the profits. At the heart of the scam is the advanced fee aspect: just when the money is about to be transferred some unforeseen difficulty suddenly occurs and fees from the victim are necessary to overcome the problem. There are similar scams telling you that you have won a large sum on a lottery, and asking for a fee in order to claim in. Remember: "If it sounds too good to be true, then it is!"
More information on this type of scam can be found here: http://www.met.police.uk/fraudalert/419.htm
Just as you should never run un-solicited attachments, even if they appear to from from someone you know, you should also be wary of clicking on links in emails. Some of the advice on phishing may help you to identify which links are more likely to be fake. In general you should make sure that both your mail client and your web browser are kept up to date with any security patches, and that you are running anti-virus software which is also kept updated, on at least a weekly basis.
There is very little that can be done about one-off incidents, and many of the perpetrators move their operations from site to site, making it hard to block mail in any reasonable way. The addresses in the headers are often faked, and while it is sometimes possible for postmaster to track down the source, they are often "throw-away" accounts which are no longer in existence.
As staff time permits, the departmental e-mail system is being enhanced to provide some defence against junk mailers, but in general it is hard for the mail system to tell the difference between junk e-mail and legitimate conversations, so any such improvements are likely to be imperfect, and may also make it difficult for some legitimate e-mail to get through.
The departmental system has some simple mail filters in place. These will reject mail that appears to come from sources which have previously tried to send junk e-mail to the department. In addition, we are using the following lists to reject mail from suspect sources:
If you believe that the blocks are preventing legitimate mail from reaching you, please contact postmaster@eng.cam.ac.uk giving the details of the errors and of the correspondents involved.
In general junk mail is best ignored, unless it becomes a serious problem.
If you feel you must do something then, in brief:
You should not reply directly to junk mail, unless it has come from someone you know and you believe you can educate them. Here are a few reasons why replying to junk mail is inadvisable:
With most junk mail, the most sensible thing to do is simply to stay calm and delete it. Postmaster does not have time to investigate all the junk mail coming into the department from outside, but if you are being overwhelmed by the volume of messages, or if you see a large number of very similar ones, or feel you really must let off steam, send a report to postmaster-spam@eng.cam.ac.uk rather than direct to the apparent sender; we may be able to improve our filters to block that source. You should include the full headers of the message - see Forwarding Messages With Full Headers. Do not send junk mail on to anyone else.
If there are images in the mail which are disturbing you then you can set up your mail client not to display images automatically. Please contact postmaster-mua@eng.cam.ac.uk if you need advice on how to do this.
Some junk mailers claim to offer a "REMOVE" service to allow you to remove yourself from their lists. These are of dubious value: some may work (but if you didn't subscribe you shouldn't need to unsubscribe), but many others have the opposite effect - by replying you have confirmed to them that they have reached a valid address of someone who reads their e-mail! Try this if you like, but do not be surprised if it does not work.
Never encourage a bulk e-mail advertiser by buying anything from them!
Do not let a junk mailer provoke you into abusing the net yourself. It may be tempting to put a fake e-mail address on your mail or news postings, or to send a "mailbomb" of many large messages to a particularly irritating junk mailer, but doing so is both against the rules, and is likely to cause more problems to innocent users and administrators of the network than to the target of your wrath.
At least some junk mail appears to be "well-intentioned" chain letters telling the recipients about Computer Viruses, sick children and the like. These should be ignored as for other junk mail, unless you have personal direct expert knowledge of the subject and can personally vouch for its authenticity (and even so you should only spread the word by e-mail to small groups of people who are personally known to you and who you know will be interested in the information: see below for appropriate ways of spreading information). There are a large number of common hoaxes, and examples of the sort of thing you should ignore may be found at McAfee/Network Associates Virus Hoax Listings, HoaxBusters, Snopes Urban Legends Reference Pages: Computers and Don't Spread that Hoax!.
Various campaigns against junk e-mail and other abuses of the Internet are being set up: e.g. Fight Spam on the Internet! and The SPAM FAQ.
As explained below one of the ways email addresses get onto spam lists is by appearing on web pages, whether they appear as a "mailto" link or just as text. In order to avoid this you can consider obscuring the email address in some fashion which makes it easy for human beings to work out what it is but hard for a computer to collect it automatically. See E-mail addresses on web pages for details of some ways to do this.
Hermes has some reasonably sophisticated spam filtering available. It has reasonable defaults which remove a lot of junk email, but you can also tune it to your own requirements.
The Computing Service provide other useful pages on junk mail: Types of junk email, What to do with junk email.
In summary, the best way to keep off junk e-mail lists is not to participate in newsgroups or mailing lists or the Web, and even this may not be good enough. Until the junk mailers finally work out that junk e-mail is a waste of their time as well as that of the recipients, getting junk mail is likely to remain one of the hazards of being "on the net".
Users of systems in the Engineering Department should only be "advertising" things of relevance to the department, in accordance with our local rules.
In general the best way to advertise on the Internet is via a Web page, or via an an advertisement to an appropriate Usenet newsgroup (but make sure the newsgroup is both appropriate to the topic, and is one where advertisements are acceptable). Basically bulk e-mail is seldom an appropriate means of advertising things.
There are other sites that discuss this in more detail, such as The Net Abuse FAQ.
If you have received unwanted e-mail which appears to have been sent from an address within the Cambridge University Engineering Department (eng.cam.ac.uk), please see our policy on network misuse for information on what you can do.
Users within the Engineering Department should be aware that the University discourages unsolicited or inappropriate bulk e-mail and has guidelines on approriate use of lists.
|
|
| | Mail | Help | |