How We Handle Spam

Network Operations Center -- updated 3/27/2006

The spam problem is way out of hand: at Dowling, 90% of all incoming email is spam. Dowling has taken measures to reduce the impact of spam on our users, described below.

First, some definitions:

  • SURBLs or Spam URI Realtime Block Lists are lists of servers to which spam messages have been pointing users. If you get a message about Viagra that has a link in it, that link is probably on the SURBL list that we use.
  • RBLs or Realtime Block Lists are lists of IP addresses, updated minute-by-minute, that have been observed sending spam. These lists are kept and updated by third-parties on external servers. We use several of these lists to tag messages as "(spam)".
  • False positive: an email tagged as spam that should not be tagged. False positives tend to occur on subscription lists, which closely resemble run-of-the-mill spam but which you have ASKED to receive - so it's not spam. False positives in any large percentage are a serious problem for spam blocking technology, because you may never receive certain emails and you may never know about it.

There are four primary servers involved in mail handling:

  • GWIA receives Internet email, and sends email bound for Internet sites. It delivers mail to the appropriate "Post Office" server.
  • GWADMIN and GWSTU are the Post Office servers for Administration/Faculty/Staff and for Students, respectively. Your mailbox is on one of these servers.
  • GWWEBACC provides the web interface that you use to send and receive mail. It gets your email from the Post Office servers.

We use a program called GWAVA on our Groupwise mail servers to intercept viruses, spam, oversize messages and executable files. We have the ability to block or tag spam; we can also archive the various types of problem messages, in case the reason for intercept is incorrect.

  • Viruses are discarded. No-one is notified, and none are archived. We can see statistics that tell us how many messages are blocked.
  • Oversized messages and executable files are blocked and archived. The email admins and the recipient are notified.
  • Spam falls into three categories:
    1. If a message refers to a SURBL website, the message is discarded, no-one is notified, and the message is not archived.
    2. If a message comes from an RBL site, the message is discarded, no-one is notified, and the message is not archived.
    3. GWAVA's SmartBlocker examines the remaining messages for content characteristic of spam. The more characteristics are found, the higher score the message gets. SmartBlocker quarantines the message instead of sending it to the recipient. You receive a list of blocked message every morning in an email with the subject, "GWAVA message restriction digest," and you can retrieve incorrectly-quarantined messages by clicking the "Release" button next to a message.

A few spam messages will always get through, a few will be incorrectly blocked, and the war between the spammers and the anti-spammers will continue.

Incremental change

We recently moved all of our spam handling off the firewall. The new rules-based processing in GWAVA promises to be more accurate, but it depends on having a good sample of spam (bad) mail and ham (good) mail. You can help us collect samples if you are an administrator, faculty or staff member using the GroupWise Windows client. Contact the Help Desk at x3445 for further information.

Please continue to use Groupwise rules to delete or sequester spam. If you have any questions or concerns please contact Pat Petersen at x3460. You may also reach us through the Help Desk at x3445. We appreciate your cooperation and assistance in improving our email environment.