Spam is unsolicited email messages sent to your account. Spam is also referred to as "unsolicited commercial email" and "unsolicited bulk email". They range from harmless advertising to potentially offensive (complete with pictures). Spam is very similar to "junk mail" that you receive in your regular postal mailbox.

ref: http://www.hawaii.edu/infotech/spam/spam.html#what

Spammers (the people who send spam) "harvest" email addresses from various places. If you have done anything on the Internet at all (register a software product, participated in a online discussion board), your address could potentially be harvested by spammers.

Even if you hardly do anything on the Internet, as long as you have some kind of presence (even just an email address), your address could still be the target of spam messages. Spammers have been known to launch attacks similar to "cold calling"; they'll keep trying email addresses until they find a valid one. For example, a spammer could send a message to hawaii.edu addresses and just use all known common first names before the @ sign. The invalid ones will bounce but the valid ones will get delivered.

ref: http://www.hawaii.edu/infotech/spam/spam.html#why

UH email is received by two banks of servers filtering incoming viruses or spam.  As our first line of defense, spam is filtered by our front-end servers by comparing the originating server of incoming email messages to Real-time Blackhole Lists (RBLs).  Our next line of defense is spam filtered by our PureMessage servers.  Another portion of email is silently dropped because of the presence of banned attachments, most of which come from spam or viruses. As of October 2007, nearly 4.3 million email messages are blocked every day.

Block Lists

RBLs investigate and publish the IPs or hostnames of known spam servers.  Spammers send mail through spam relay servers in order to obscure the source of the spam. As spam relays gain notoriety, they are logged by organizations dedicated to fighting email abuse.  Email messages sent from known spam relay sites are automatically blocked and silently dropped by ITS due to its sheer volume.

ITS subscribes to the Spamhaus, Distributed Server Boycott List (DSBL), Composite Blocking List (CBL), Not Just Another Bogus List (NJABL), RFC-Ignorant, and SpamCop services. These provide access to lists of known mail servers that support spamming, and other Internet sites or open proxies that leave themselves open to abuse by spammers. If an email message originates from a site on one of these lists, the message will not be allowed to go through.

• Spamhaus: http://www.spamhaus.org
• DSBL: http://www.dsbl.org
• CBL: http://cbl.abuseat.org
• NJABL: http://njabl.org
• RFC-Ignorant: http://rfc-ignorant.org
• SpamCop: http://www.spamcop.net/bl.shtml

PureMessage

ITS is running the Sophos PureMessage software, which analyzes each email message before it reaches the mail server. PureMessage uses a variety of spam-detection methods to analyze mail message contents. Some of the items PureMessage looks for are missing subject lines, or questionable phrases in the subject line or body of the message.

All incoming email messages are analyzed by PureMessage before being delivered to your mailbox. PureMessage assigns a spam probability percentage between 0-100% to each message it analyzes. A message that has a percentage greater than or equal to a certain threshold will be designated as spam and placed in the recipient's quarantine area on the spammail server. ITS has decided to set the threshold to the default setting of 50%. This ensures that the rate of false positives is kept as close to 0% as possible while still allowing us to tag mail as spam fairly aggressively. Any message that receives a spam probability percentage from PureMessage of 50% or higher will be tagged as spam and sent to your personal quarantine rather than delivered to your mailbox. If the message's percentage is less than 50%, it will not be quarantined.

A digest of quarantined messages is emailed daily to all @hawaii.edu addresses, and customers can peruse this digest and release the ones that are legitimate (click on the leftmost link to release a message). Email in your personal quarantine will be automatically deleted after 14 days. If you will be away from your email longer than 14 days, you can change your settings to specify a "hold" date. Messages will be held for 14 days after this "hold" date, regardless of when they were received.

All outgoing email messages are also analyzed:

1. If you send a message to an @hawaii.edu address and PureMessage determines the spam probability is equal to or greater than 50%, the message will be quarantined. The recipient of your message will be notified via their daily digest, that a message from you is in their quarantine. If it is a legitimate message and not the result of a virus infection, the recipient can release the message from their quarantine area by logging into http://www.hawaii.edu/spammail
2. If you send a message to a non @hawaii.edu address and PureMessage determines the spam probability is greater than 99%, the message will not be delivered or quarantined; it will be deleted.
3. All messages with encrypted or corrupt attachments are now allowed to be delivered without being quarantined. The recipients of these messages will see the tag [Possible Virus: Unscannable Attachment] in the message's "Subject" line. During times of high infection with an unknown virus, ITS reserves the right to delete these messages, if necessary.
4. All messages with virus infected attachments will be deleted. This includes messages with zip attachments that have at least one of its files infected.
5. If you send a message to either an @hawaii.edu or non @hawaii.edu address containing an attachment with any of the banned extensions listed at Email Practices: Filtering Attachments webpage, the message will not be delivered or quarantined; it will be deleted. A daily digest which is similar to the quarantine digest is sent to @hawaii.edu  customers to inform them of any incoming or outgoing email messages that were deleted due to these banned extensions.  This digest is informative only; no messages can be released via this digest.
   

ref: http://www.hawaii.edu/infotech/spam/spam.html#whatisits

• Look over your Inbox and manually delete messages that seem suspicious before you begin reading your new messages. Examples of suspicious messages include:
  • messages with missing or strange subject lines
  • messages with attachments that you were not expecting
• Minimize any unnecessary public display of your email address in order to limit your exposure to spammers who "harvest" email addresses off the Web. This is an unfortunate trade-off that each person needs to make for themselves, but addresses that are never seen are less susceptible to spam.
• Most current email client software have some form of spam blocking built in. You can create your own personal spam email filters using features of your email client software. Please be sure to test any personal spam filters you introduce very carefully to ensure that you do not have false positives and lose email that is important to you.
• Do not reply to spam messages asking the spammers to stop; this will confirm that yours is a valid email address.
• Disable remote image or HTML image loading in your email client.
• It is critical that you turn off the message preview pane if you are using an email client such as Eudora or Outlook Express. This will help prevent you from inadvertently opening a spam message.
• Report spam sent from a hawaii.edu address to abuse@hawaii.edu. Please include a copy of the message with full mail headers.

  Note that the abuse@hawaii.edu address is just for reporting spam. Any questions should be sent to the ITS Help Desk at help@hawaii.edu.

ref: http://www.hawaii.edu/infotech/spam/spam.html#whati

• Contact the sender of the message and let them know their messages are being quarantined as spam. There could be some misconfiguration on their mail server that is causing their messages to be tagged.
• Add the sender or domain to your list of approved senders. Once you've done this, all future email from the sender or domain will be delivered to your mailbox and never quarantined. For more information about adding to your approved senders list, please refer to the PureMessage Spam filter document.

ref: http://www.hawaii.edu/infotech/spam/spam.html

While perceptions vary, ITS estimates that our use of blacklists and the use of PureMessage will eliminate as much as 75% of what most people consider to be "spam".

Spammers are very aggressive in finding new ways to get their spam through any protective measures. ITS is making a concerted effort to isolate spam email before you receive it. But given differences in perception, there will never be a way to automatically identify 100% of spam without also blocking some amount of email that would be considered legitimate. It is very important that spam blocking is not overly aggressive such that legitimate email is also blocked. There are other emerging approaches to dealing with spam. Some involve the use of specialized or single-use email addresses and many of which require some amount of manual intervention at least once on the part of the sender or receiver to identify legitimate messages. ITS will continue to monitor the tools available to do our best for our email customers.

ref: http://www.hawaii.edu/infotech/spam/spam.html#buti

To report a suspicious email saying it's from the University of Hawaii and asking for confidential information:

 

FIRST: Check to see if the phishing attempt has already been reported by looking at the Security Alerts listing on http://www.hawaii.edu/its/
 

• If the suspicious email is claiming to be another organization, e.g., credit union, bank, etc., forward it to the abuse team of that company.  There is no need to forward other company's phishing scams to phishing@hawaii.edu
• forward a copy of the message with full mail headers to phishing@hawaii.edu
  [to get full mail headers, please see http://www.hawaii.edu/askus/895 ]
• if the email is general spam you can set your account to filter it out as spam.  See http://www.hawaii.edu/askus/571 for details on how to manage your spam. 

To prevent  compromises:

• NEVER send your password or other confidential personal information in response to email. No responsible entity requests information this way.
• DO NOT REPLY to suspect mail. It just demonstrates that you're a live target.
• make sure you're up-to-date with all operating systems (e.g. Windows) updates
• make sure you're up-to-date in any anti-virus and anti-spyware updates
• review document Securing your Desktop Computer
• don't save passwords to your email account on your system, it might take a few more seconds to login manually, but it might save you hours of time cleaning up after a compromise

 If you suspect that you are compromised...

• Please review our article: http://www.hawaii.edu/askus/892