Help Search SiteMap Directories MyMHC Home Alumnae Academics Admission Athletics Campus Life Offices & Services Library & Technology News & Events About the College Navigation Bar
MHC Home Library & Technology

Email virus, spam, and phishing prevention

Traditionally, email administrators have been loathe to interrupt or modify the transmission of email in any way whatsoever. Doing so was considered a violation of people's private correspondence, in much the same way we would consider it a violation for the US postal service to pass judgement on what letters they would deliver.

Times have changed. The sheer volume of nefarious email, coupled with the potential disruption it can cause, has forced email administrators to find ways of automating the identification and filtering of maleficent messages. However, a reluctance to avoid tampering with email transmission still holds.

Spam, viruses, and phishing are a pervasive problem for all users of Mount Holyoke College's email system. This abuse of our email system drains system resources, wastes people's time, and presents potentially serious security problems. We take these problems seriously. Here are a few things to know about how our email system works with regard to combating this problem.

An email addressed to a Mount Holyoke College recipient goes through several filtering mechanisms en-route to its ultimate destination: your inbox.

  1. First, our email gateway does several things to verify that the email is being transmitted from a bona-fide standards compliant email server. Messages that fail this test are rejected. By far the majority of maleficent email originates from bot networks of infected computers or other types of programs that fail this test. Approximately one third of all email delivery attempts are blocked by these tests alone, which amounts to more than 25,000 messages daily.

  2. Email is then checked to see whether it contains viruses, or matches the signature pattern of known phishing attempts. These messages are also rejected. Our anti-virus software updates its signature database every two hours. Executable attachments which pass the virus check are renamed with a '-VirusRisk' extension, to discourage people from engaging in the dubious practice of simply clicking on email attachments to run them. We typically reject 1000+ messages this way every 24 hours.

  3. Virtually all email that makes it this far ends up being delivered to the end user. However, we run it through a battery of tests to ascertain the probability of it being spam. Email headers are inserted into each message header which indicates this calculated probability, which we call its 'spam score'. If you view the full message headers of your email, you can see these headers, which are labelled 'X-Spam-Score', and 'X-Spam-Status'.

    You can tell our mail server's delivery agent to take action on messages who's spam score exceeds a certain threshold. We highly recommend that you file these messages into a special folder, rather than deleting them outright, to prevent the possibility of inadvertently discarding email incorrectly labelled as spam.

    You can also configure your email client to use the information in these headers to filter your email. Some clients, such as Thunderbird, provide sophisticated bayesian learning filters which you can personalize to accomodate your particular sensitivities. In conjunction with the server side filters mentioned above, you have some powerful tools with which to reclaim control of your inbox.

    Of the approximately 100,000 email messages we deliver daily, approximately 50,000 messages have a spam score of 4.0 or above, which is the threshold we use to set the value of the X-Spam-Status header to 'yes'. Note: these counts do not include the huge number of messages previously discarded.

Other steps we take include slowing down the rate at which we accept email from senders who are attempting to deliver email to large numbers of invalid recipient addresses, and manually inserting access blocks on problem senders.

We will always have to deal with a certain level of imperfection in our email filtering efforts. Mount Holyoke College is a large, diverse, and multicultural institution. Filtering solutions that might work at home, like rejecting all mail from Korea or Japan, are simply unacceptable here. Subject filters are also a tricky issue. The language of pornographers resembles that of gynecologists, for example. We would much rather accept a certain threshold of annoying email than filter important medical correspondence.

TSR has created some documentation about how to implement client side spam filters in Netscape/Mozilla. Pine users can can use 'spine' to accomplish client side mail filtering. Type 'see pinefilter' at your mhc login shell for more information. You can read more about some of the particular applications we use to handle email here.

----------------------------------------

Home | MyMHC | Web Email | Directories | SiteMap | Search | Help

Admission | Academics | Campus Life | Athletics
Library & Technology | About the College | Alumnae | News & Events | Offices & Services

Copyright © 2006 Mount Holyoke College. This page created and maintained by Ron Peterson. Last modified on February 3, 2006.