www.dowling.edu
 Groupwise Email
 Faculty Documents
 Banner Web
 Blackboard
 Forms & Policies
 Bookstore
    - Grades & Schedules        - Rosters
 Search Employee Directory
 
 
Admin I.S. Newsletter
4/13/2005
For the latest Dowling technology news visit http://www.dowling.edu/mydowling/tech.
 

Feature Article:
Spam Handling at Dowling

If you're like most of us, your inbox is cluttered with junk email for various medications, for porn and gambling, for dubious get-rich-quick schemes and who knows what else. You're not alone: currently about 75% of all email is spam, and there are reports that the situation may be about to get worse.

Our firewall has been the sole arbiter of spam vs. legitimate mail coming into our mail servers. It examines every email message and gives it a score; if the score is above a certain level, it inserts "[spam]" at the front of the "Subject:" of the message. Then, when it arrives in your inbox with the "[spam]" tag, your GroupWise Rules toss it in the trash.

Errors occur. Some spam gets through untagged, because the spammers are clever enough to evade the firewall's scoring methods; we call these "false negatives". A more serious problem is that some legitimate messages get tagged and trashed ("false positives"). Because of this, you must dig through your trash to ensure you haven't lost messages. Dumpster-diving through the trash on your computer can be nearly as unpleasant as it would be in real life.

We strive to improve. When you find a false positive, you send it to nospam(at)dowling.edu and we make an "exception rule" on the firewall. We add rules, we change scores. But because the spammers study their craft, they increasingly evade our detection methods.

The fundamental problem is that the firewall, because it has other things to do, cannot look very deeply into messages for clearer indications of spam. With its less-sophisticated rules, the firewall had been catching only about 80% of spam. But GWAVA, a component of our mail system, can do much better because it can examine the contents of messages in addition to the headers. We are in the process of adjusting things so that we utilize GWAVA to detect spam.

Our research has revealed something else useful. If we use two particular RBL Servers to categorize mail, we'll catch 75% of all incoming spam with nearly zero false positives. So the first step we took with GWAVA was to make it use these RBL servers; not only that, it has been configured to BLOCK RBL spam rather than just tagging it. Thanks to RBL blocking, your trash folder is only 1/4 as full of spam as it was before. Meanwhile, the firewall's rules only need to examine the remaining 25% of mail that gets through.

Soon we'll "teach" GWAVA to recognize the kind of spam that arrives at Dowling. We will collect a day's worth of messages and put them into two piles, good and bad; then we'll tell GWAVA to examine them and adjust its rules. We'll stop when we get the best balance between false positives and false negatives (the lower the better in each case). Then we will tell the firewall to stop looking for spam, and tell GWAVA to start. We believe GWAVA can tag as spam, at least 80% of the incoming spam, with nearly zero false positives. Combined with RBL blocking, this means GWAVA should catch 95% of incoming spam.

There is another benefit: GWAVA is able to categorize email as clean, suspicious, probable spam, and definite spam. Your existing filter, which is looking for the word "spam," will trash only the "probable" and "definite" spam - and you can choose more or less protection by changing your rule.

As you can see by the complexity of this project, it's taking some time to make progress. We'll still need your help - false positives should still be sent to NOSPAM(at)dowling.edu, and we'd still like to get your untagged spam at SPAM(at)dowling.edu. The war against spam is rather like the war on terrorism in that it is ongoing, and may never truly end. And similarly, we hope to improve our success by continued diligence.



What you can do to fight spam:
  • Setup a spam rule. See gw-spam-rule.html.
  • Use your Dowling account for Dowling business ONLY - use another acct on websites and for business transactions
  • NEVER buy ANYTHING advertised via spam! "Spam most often advertises fraudulent or low-quality services or merchandise, and you pay (with your fees to your service provider) to receive it; anyone who would use "spam" advertising to promote a business by making the customer pay to get the ad is either completely out of touch with his customers or, by definition, underhanded." - Randy Cassingham, http://www.spamprimer.com
  • Don't use vacation rules, or setup with great caution - if you automatically reply to spam while you're away, then when you get back you'll have even more spam in your inbox.
  • Don't follow those "unsubscribe" links in spam messages. They only confirm to the spammer that he has hit an active mailbox, which he can sell to other spammers for a higher premium.

  • Organizations leading the war on spam:
  • SpamCon Foundation: http://spamcon.org/
  • Volunteer organization fighting spam: http://www.cauce.org/

  • Tips for fighting spam
  • Getting Rid of "Spam"...and Other E-mail Pests: http://www.spamprimer.com
  • 7 Tips to Help You Reduce or Stop Spam: http://www.scambusters.org/stopspam

  • Why is it called spam?
  • Most people blame a Monty Python skit, part of which you can hear here

  • What does Hormel think of all this?
  • SPAM and the Internet
  • Collector's Edition SPAM Product



  • Scheduled Down Time
    • GroupWise email: 6am-10am Sunday, 4/24
    • Banner: 6pm Monday, 5/9 or earlier, depending on FinAid updates
      

    Change Your Banner Password!

    Until we figure out how to use thumbprints or iris scans for authentication (but see this link - is that even secure enough?), your password is the best security we have for the mission-critical data stored in Banner. In case you don't know how to change it, here is a reminder:

    • Login to Banner with your current password.
    • From the DIRECT ACCESS field in the Banner system type GUAPSWD to bring you to the Password Change Form.
    • Type your current password in the Oracle Password field. Do not type anything in the Database field.
    • Tab down to New Oracle Password and type the new password that you wish to use. Passwords must begin with a letter, but they can include upper- or lower-case letters and numbers. Sorry, no punctuation!
    • Tab down to Verify Password and type the same password that you just entered above.
    • Click OK or press Enter.

    A little more detail is at this link. Information about choosing a good password is at good-passwords.html .



    Student Address Book for Faculty and Staff

    We are working on sharing student email addresses with faculty and staff. We cannot just add them to the normal GroupWise address book, because it would create too much clutter. Soon, you'll see an email asking you to "Accept" a shared address book named Students - once you accept it, you can use it just like other GroupWise address books. We'll update it weekly. Please call the Help Desk at x3445 if you have any questions.



    SpyWare News:
    1. SpySweeper deployment: automatic deployment was successful on over 300 PCs; some which were missed are receiving manual installs. We initiated automatic scanning for spyware, beginning April 6. We'll keep posting the latest information at http://www.dowling.edu/mydowling/tech/spysw-help.html.
    2. Link between spyware and viruses: according to this article, "More than 70 percent of virus writers are now writing spyware under contract." "We analyzed all the viruses we received during the past six months, and found that 70 percent contained some sort of spyware module or component."
    3. Are we allowed to protect your PC from spyware? Much to our surprise, there seems to be some doubt.


    Phishing News
    • Would you give up enough information to open a bank account in your name, in exchange for a chocolate Easter egg? How about tickets for a show?
    • Did you know that there is an activist site dedicated to combatting phishing?
    • Reminder: if you have the slightest doubt about the legitimacy of an email asking you to supply personal or financial information, please forward the email to NOC(at)dowling.edu FIRST. We can usually look inside the message and advise you what to do.


    Problems with WeatherBug?

    Some versions of WeatherBug are packaged with spyware that provides you with both banner and pop-up ads. SpySweeper might have disabled Weatherbug when it removed the spyware. Try uninstalling WeatherBug from Control Panel >> Add/Remove Programs. Then try WeatherPulse, which is free of spyware. Note: AdminIS does not support either WeatherBug or WeatherPulse - we are just providing this information for your convenience. We prefer Channel 61, "Metro Traffic and Weather" ourselves. Or the radio.



    Voicemail Limits from Ron Rosso

    Like any other system, our voicemail system has capacity limits. You may keep saved messages, essentially forever, except that you must not exceed 25 messages stored. If you reach that limit, no-one will be able to leave you voicemail. So if you will be away on vacation please talk to Ron Rosso (x3407) about setting up your voicemail correctly - you should have an "away" message and an alternate phone number for people to call.



    MS Office Upgrades from Tom Franza

    Information Services, for the Fall 2005 semester, will be upgrading the computer labs and smart classrooms from Microsoft Office XP Professional to Microsoft Office Professional Enterprise Edition 2003 and Microsoft FrontPage 2003. All of the core applications (Word, Excel, PowerPoint, Publisher, Access, and FrontPage) are included in this upgrade.

    In order to help smooth the transition, Academic I.S. has made several copies of the software available at the Library for faculty members to sign out and install on their home computers - our campus license permits this. Please speak to the Help Desk (x3445) if you would like to have the 2003 version installed on your office PC, and to Tim Kelly (x3157) for training. Tom Franza is also at your disposal (x3230) if you have other concerns or needs.



    Web Site Redesign from Art Flanagan

    We appreciate all the creative and practical ideas presented at our two Web Site Redesign meetings on 4/10 and 4/11. Other group and individual meetings are planned - watch for further news as we move forward in the process.