Rutgers, The State University of New Jersey http://www.rutgers.edu http://www.camden.rutgers.edu/ http://www.newark.rutgers.edu/ http://nb.rutgers.edu/ http://search.rutgers.edu/
Computing Services:University | Camden | Newark | New Brunswick/Piscataway | Instr & Res Tech
Telecommunications | Admin Computing Svcs | Security | Report and Plans

 

Spam

What is Spam?

Spam is any excessive, unwanted news group message or email message.

Why is Spam a Problem?

Spam is a problem for two reasons:

1) Spam sent by Rutgers users can cause trouble for users elsewhere on the Internet. This creates a bad public image for Rutgers, and could eventually lead to actions being taken by Internet sites to limit the ability of Rutgers to communicate with them.

2) Spam sent to Rutgers is annoying for our users, and can also cause excessive use of resources such as disk space.

Policies Regarding Spam

The following rules apply to any mail sent from a Rutgers computer system, or involving a Rutgers computer system (including the network) in any way, including using a Rutgers system as intermediary, or listing an address on a Rutgers system as a contact address in the message.

1) It is a violation of acceptable use to use Rutgers facilities for commercial use. This subject is dealt with in the Acceptable Use Guidelines, and clarified for OIT facilities in the OIT Supplement to the acceptable use policy.

The policies referred to prohibit any email doing advertising, even if that mail complies with the rest of the guidelines in this document.

2) You should be aware that there are a number of laws currently in force, and more proposed, that could result in legal problems in connection with any unsolicited commercial email, even for Rutgers itself. Thus unsolicited commercial email is covered not only by the commercial use provision of the Acceptable Use Policy, but also by the provision requiring all use of Rutgers facilities to be in accordance with the law. Even if there were not any other policy problems with it (and in many cases there are) anyone contemplating emailed advertising is responsible for doing whatever investigation is necessary to make certain that the contemplated actions are legal in all jurisdictions whose mail servers or users might be involved. Specific guidelines will not be given here, because the laws on this are changing.

3) It is a violation of acceptable use to send substantially the same message to more than 50 users, except via a mechanism such as listserv or netnews, where users can control their participation. There are exceptions for official University business, covered in a separate policy on official use of email.

4) It is a violation to send email that a reasonable person would consider harassment, including email to any person that has requested you not to send them email, or repeated email to someone you don't have a pre-existing relationship with.

5) All email must contain a valid From: field, identifying an email address to which questions and complaints may be directed.

System Administrator Responsibilities Regarding Spam

1) System administrators are expected to respond to complaints from users about spam sent from their system, or transmitted through their system.

2) If the system administrator determines that spam was actually sent, they are expected to pursue administrative or disciplinary measures that can reasonably be expected to prevent further occurrences.

A number of spammers "bounce" messages off of systems other than their own, in an attempt to hide their identity. Most Internet system administrators expect systems to take action to prevent that. Thus:

3) System administrators are expected to configure their systems so that they cannot be used as intermediaries to forward spam. The simplest way to do this is to configure your mail software so that it will not accept email from other systems unless it is directed to users on your system. Where you must relay messages from other systems, you should only relay mail from systems in your department. In no case should you relay mail from systems outside Rutgers except to your own users.

What Can You Do About Spam Sent to You?

Unfortunately it is not always practical for support staff to follow up on all complaints of spam received by their users. Thus this section is intended to provide some help for users who want to follow up on spam themselves.

Usenet Spam

There are rules on Usenet regarding the posting of multiple copies of the same article. When the thresholds are exceeded, the posting is termed "spam". The spam determination is not determined by content: only by article count. In general, for postings in ru.* newsgroups and for postings in outside newsgroups by Rutgers people, Rutgers will follow the Usenet rule of thumb that twenty or more copies of essentially the same article are subject to cancellation. There are a number of adjusments to that rule of thumb to deal with excessive cross postings, and to deal with multiple postings spread out in time. For further details, see the Net Abuse FAQ.

Some groups outside Rutgers run software that automatically cancels spam postings. Rutgers will do cancellation only by request, and normally only for postings generated by Rutgers users. Requests should be sent to news_support@email.rutgers.edu.

Email Spam

Avoiding unsolicited email is difficult. An industry association has developed guidelines for unsolicited email, but they are strictly voluntary. Included in the standards is a recommendation that unsolicited email include three asterisks (***) at the start of the subject field of such messages to enable users to readily recognize them as solicitations. This convention will allow consumers who use email software that enables message sorting to be able to sort these messages. Not all email software supports this feature, however and since this solution is voluntary, it's only of limited value.

You can also try writing to the sender's internet service provider. First you'll need to figure out what machine the message came from. You can't trust the "From" line of the email message, because that's too easily forged. To learn more about how to find out what machine the message came from, go to the alt.spam FAQ or Figuring Out Fake Email & Posts

Once you know what machine the message came from, you're ready to use traceroute and/or whois to find out who the internet service provider is. Traceroute will show the route that packets take when they are routed to the target machine (the machine that sent you the email spam). If you look at the site just "upstream" from the target site, typically that will be the site's internet service provider, who may have some leverage over their behavior. Using "whois", you can sometimes get contact information for the ISP. Also, writing to "postmaster" or "abuse" at the ISP domain name will sometimes get through.

You can find information on how to use those two services at: Get That Spammer.

If you do send email to the Internet Service Provider, you're more likely to get a helpful response if you send a polite complaint.

What Not to Do About Spam?

Email bombing the sender or the ISP is not helpful - the return address is probably forged/phony. Also, email bombing can backfire on your own systems, and is a violation of Acceptable Use.

Also, don't be fooled by scams which solicit your email address in order to block future spam. One scam currently circulating is called the "REMOVE" list and promises to block many internet mass mailings. Instead, subscribers report receiving 10 - 15 junk mail messages a day.

Some Details for Unix Systems Administrators:

Wietse Venema, author of tcp-wrappers, portmap, and other security tools, has developed an access control patch for sendmail. This allows the sysadmin to designate hostnames from which mail will not be accepted. This can be effective against spam: after the first round of spam, simply type in the name/address of the spammer's email host. However, a few caveats:

  • This is only as good as the ip address/domain name. Be aware that ip addresses/domain names can easily be spoofed. Also, persistent spammers change their mail hosts to foil this kind of solution. Still, it may give you some relief if your users are getting bombarded with spam.
  • This can lead to a denial of service attack, depending on who you rely on for your list of spam sites. If you maintain the list of blocked hosts yourself based on first-hand experience with spammers, this is probably not a problem. If, however, www sites spring up with lists of email spam sites, and you accept these lists unquestioningly, you might wind up blocking email service to sites that your users wish to receive bona-fide email from.
  • Finally, you have to be use version 8.7.5 sendmail (or you have to be prepared for a little customization). Download the patch here
  • Also, you may want to take a look at the experimental anti-spam rules in Sendmail 8.8.

Acknowledgement

This document is based on a document written at the University of Pennsylvania. However enough changes have been made that they are not responsible for the content.

BACK TO TOP

For questions or comments about this site, contact webmaster@nbcs.rutgers.edu.
© 2007 Rutgers, The State University of New Jersey. All rights reserved. Last Updated: 5/10/2007