What does IU do to protect users from spam and virus-infected email?

On this page:

Attachment blocking

To protect against viruses, worms, and other malicious programs spread by email, UITS blocks certain attachments, filtering them from the Indiana University email system. For more information, see At IU, what types of attachments are blocked from my email account?

Spam quarantine

UITS offers a spam quarantine service that analyzes all mail delivered to IU Cyrus/Webmail and Exchange accounts. Any spam messages you receive are quarantined for five days in a Spam (Cyrus/Webmail) or Junk E-mail (Exchange) folder in your account. After five days, the spam service deletes these messages automatically. For more information, see At IU, what is the spam quarantine service?

The Spamhaus Block List

The overload of network traffic due to excessive spam can interfere with the normal functioning of systems. By March 2003, spam had caused incoming IU mail delivery to be delayed by as much as two days. In response to this situation, UITS began filtering incoming mail using the Spamhaus Block List (SBL). The SBL is a realtime DNS-based database of IP addresses of verified spammers, spam gangs, and spam support services, which, according to the company, are responsible for about 50% of spam volume; the other 50% comes through open mail relays or proxies, which the SBL does not block. To learn how Spamhaus determines what IP addresses to block, see the SBL Policy and Listing Criteria.

The SBL should not noticeably affect the delivery of legitimate email. For a statement from SBL concerning this issue, see Spamhaus's FAQ.

Bandwidth limits

One of the ways IU protects its email system from huge volumes of spam is by limiting each host to sending only several hundred messages per minute. If someone is trying to send email to you from a non-IU host that has exceeded its message limit, then that email may very likely not get through to you.

As the high volume of spam on the Internet continues to increase, servers belonging to some popular email hosts are sending IU thousands of messages per minute, and the vast majority of those messages are undeliverable (i.e., from domains that don't exist). These hosts are very quickly and repeatedly exceeding their bandwidth thresholds with illegitimate mail, much to the detriment of their customers who are trying to send legitimate mail to IU users.

IU email system architecture separates its internal university mail flow from the rest of the Internet. This provides a layer of protection that allows IU email to flow reliably between its students, faculty, and staff members. For this reason, it is expected that all official university email is sent via the IU system, and not through external, non-IU hosts. For more information, see At IU, what is the policy about official communications from the university to students?

Other steps

UITS is continuing to explore other systems that can block spam and email harvesting without disrupting legitimate use of IU systems. The following are some current ways that IU helps reduce the amount of spam you receive:

On the central Exchange email system, UITS limits the number of visible addresses (i.e., those on the "To:" and "Cc:" lines) and the number of individual recipients for each email message.
Users of the IU central Exchange system also benefit from the implementation of a virus tool called Microsoft Forefront. This tool stops known viruses from being delivered to users.
UITS enables mail relay filtering for common virus subject lines when it determines that words in the subject line are unique to a virus.
To search the online IU Address Book, the searcher must enter at least two characters of the last name, and search results are limited to 50.

IU computer users commonly wonder why an email address on a web page is spam-inducing, while an email address in the online IU Address Book is not. This is true because it is relatively simple to create a program that harvests email addresses from static web pages and then program it to browse sites for hours or even days, gathering email addresses. To harvest addresses from form-based address books, such as the IU Address Book, the programmer would have to create something smart enough to interact with different search engines on each address book.

For example, you cannot do a search on the IU Address Book unless you enter at least two letters of the last name, and each search returns only a maximum of 50 results. Therefore, spammers can get small lists of IU email addresses from each individual search they do, but in general they don't because it's relatively difficult to write such a program. Plus, there are plenty of addresses to get with much less effort from the millions of static pages on the Internet.

For tips on protecting your web pages from email address harvesting, see How can I protect my web pages from email address harvesting?

Policies for IU internal mail

Note: At Indiana University, if you are considering mass mailing, be aware that the University Information Policy Office (UIPO) distinguishes between administrative mailings and mail that is for interpersonal communication, and treats the two differently. For details, see What is IU's policy concerning mass mailing via email?

For information about what you can do to help reduce the amount of spam email you receive, see What can I do to avoid receiving spam email?

Also see:

This is document aele in domain all.
Last modified on January 17, 2008.

Please tell us, did you find the answer to your question?