Spam at the University of Hawaii

Spam on the Google@UH email service is managed by Google. Email messages that Google deems highly likely to be spam will not be delivered to your mailbox and are instead placed in the folder labeled "Spam" (or "Gmail/Spam" if using a mail client). Messages in the spam folder are held for 30 days then automatically deleted.

What is spam?

Spam is unsolicited email messages sent to your account. Spam is also referred to as "unsolicited commercial email" and "unsolicited bulk email". They range from harmless advertising to potentially offensive (complete with pictures). Spam is very similar to "junk mail" that you receive in your regular postal mailbox.


Why am I getting all this spam?

Spammers (the people who send spam) "harvest" email addresses from various places. If you have done anything on the Internet at all (register a software product, participated in a online discussion board), your address could potentially be harvested by spammers.

Even if you hardly do anything on the Internet, as long as you have some kind of presence (even just an email address), your address could still be the target of spam messages. Spammers have been known to launch attacks similar to "cold calling"; they'll keep trying email addresses until they find a valid one. For example, a spammer could send a message to addresses and just use all known common first names before the @ sign. The invalid ones will bounce, but the valid ones will get delivered.


What is ITS doing about spam?

Google uses a combination of algorithms and reporting tools to protect against spam, viruses, and phishing attacks. Using the same advanced computing infrastructure as its search engine, along with a vast community of users, Google touts having one of the best spam blockers in the business.

For more information on Google and spam, click on


What can I do about spam?
  • Look over your Inbox and manually delete messages that seem suspicious before you begin reading your new messages. Examples of suspicious messages include:
    • messages with missing or strange subject lines
    • messages with attachments that you were not expecting

  • Minimize any unnecessary public display of your email address in order to limit your exposure to spammers who "harvest" email addresses off the Web. This is an unfortunate trade-off that each person needs to make for themselves, but addresses that are never seen are less susceptible to spam.

  • Most current email client software have some form of spam blocking built in. You can setup your email client so that it either marks suspicious messages as spam or moves these messages to a separate folder. Please be sure to test these settings very carefully to ensure that you do not create false positives and lose emails that are important to you.

  • Do not reply to spam messages asking the spammers to stop; this will confirm that your email address is valid.

  • Disable remote image or HTML image loading in your email client.

  • It is critical that you turn off the message preview pane if you are using an email client such as Thunderbird or Outlook. This will help prevent you from inadvertently opening a spam message.

  • Report spam sent from a address to Please include a copy of the message with full mail headers.

    Note that the address is just for reporting spam. Any questions should be sent to the ITS Help Desk at


Is there anything I can do about messages that are incorrectly marked as spam?


Even with all this, I still receive spam!

Spammers are very aggressive in finding new ways to get their spam through any protective measures. ITS is making a concerted effort to isolate spam email before you receive it. But given differences in perception, there will never be a way to automatically identify 100% of spam without also blocking some amount of email that would be considered legitimate. It is very important that spam blocking is not overly aggressive such that legitimate email is also blocked. There are other emerging approaches to dealing with spam. Some involve the use of specialized or single-use email addresses and many of which require some amount of manual intervention at least once on the part of the sender or receiver to identify legitimate messages. ITS will continue to monitor the tools available to do our best for our email users.


Reporting a suspicious email regarding University of Hawaii

To report a suspicious email saying it's from the University of Hawaii and asking for confidential information:

FIRST: Check to see if the phishing attempt has already been reported by looking at the Security Alerts listing on

  • If the suspicious email is claiming to be another organization, e.g., credit union, bank, etc., forward it to the abuse team of that company.  There is no need to forward other company's phishing scams to
  • forward a copy of the message with full mail headers displayed to

    To display the full email header in Google@UH Gmail (webmail):

    1. Log in to Gmail using a web browser.
    2. Open the message you'd like to view headers for.
    3. Click the down arrow (says More) next to Reply, at the top of the message pane.
    4. Select Show Original.

    The full email headers will appear in a new window. Copy and paste full email header into the forwarded message.

    [to get full mail headers for other email clients, please see ]

    If you would like to receive phishing notices by email, go to and subscribe to our phishing-alert email list.

To prevent  compromises:

  • NEVER send your password or other confidential personal information in an email message, even in reply to a message that appears 100% genuine. No responsible entity requests information this way.
  • DO NOT REPLY to suspicious or spam mail. It just tells the spammers/hackers that they've hit a valid email address.
  • if you receive a message asking you to "reactivate your account", "validate your account", or "get more email quota", DO NOT click on the weblink and enter your username and password
  • make sure you're up-to-date with all operating systems (e.g. Windows) updates
  • make sure you're up-to-date with any anti-virus and anti-spyware updates
  • don't save passwords to your email account on your system, it might take a few more seconds to login manually, but it might save you hours of time cleaning up after a compromise

 If you suspect that you are compromised...



Please rate the quality of this answer: Poor Fair Okay Good Excellent
Not the answer you were looking for? Try different keyword combinations and if you still can’t find your answer, please contact us.
Article ID: 571
Created: Tue, 21 Feb 2006 11:38am
Modified: Sun, 30 Sep 2012 11:05pm