Personal tools
University Computing Service

Email

Dealing with spam and junk email

What is spam filtering?

The general idea of spam filtering is that you try to identify messages which are likely to be junk mail, and put them in a separate folder to be checked less frequently than your main inbox.

The Computing Service mail switch provides a scheme to help with spam filtering in general. This scheme does not filter out spam centrally; instead, it annotates every message with a "spam score". You can then choose, by selecting an "acceptable" score level, how much of your incoming mail to filter out. By default, nothing will happen; you have to choose to use filtering.

You can also install more detailed filters if you wish. Remember that any filter may let through some junk and may misclassify some non-junk mail.

The spam score is based on a number of tests that detect typical features of spam and non-spam email, and add positively or negatively (respectively) to the email's score. The scores are tuned so that messages that score 5 or above are almost certainly spam.

For more details of how the spam filtering works, and why it cannot be 100% successful, see the page on the central email scanner

Filtering on the spam score on Hermes

To set up a spam filter on Hermes you need to use Hermes Webmail. You only need to do this once, unless you want to change the score level; after you have set up filtering you can just revert to using your normal mail program).

Go to Hermes Webmail:-

  • login in the usual way and select Manage
  • select Junk Email and specify the filter threshold above which you wish to have mail filtered.
  • enable the filtering by selecting Enable filtering with this threshold.
  • if you have filtering enabled and want to turn it off, select Disable Filtering.

We recommend setting the threshold to 5 at first and adjusting it based on how well it works for you. If you set your threshold to less than 5 you should expect legitimate email to be classified as spam. Higher thresholds will let more spam through, and thresholds of 10 or more let everything through. Note that the filter is most accurate for English email so if you exchange a lot of foreign-language email you will probably have to use a higher threshold.

Your filtered mail will automatically be put in a special folder (mailbox) called "spam". You should check this folder regularly, especially to begin with, to make sure it does not contain any genuine mail. This folder needs to be emptied regularly; if you do not tidy your mail folders often enough and you reach your filespace quota, it will not be possible to deliver mail to you. By default, messages in your spam folder will be thrown away automatically after 60 days; you can change this time limit on the same page that you used to set up and enable filtering.

Note that if you are a POP user (that is, your mail is normally stored in folders on your own system rather than on the mail server), you will not be able to see the spam folder on the mail server, so you may need to use Webmail to check and clear the folder from time to time. Most Cambridge users, including users of Pine, Mulberry or Hermes Webmail, will be using IMAP rather than POP, and do not have this problem. Outlook, Outlook Express and Eudora, among others, use POP by default, though all offer IMAP as an alternative.

It is also possible for POP users to make their own mail program (e.g. Eudora) look at the spam score and filter as appropriate, instead of using the Hermes facility described above.

Filtering on the spam score on other systems

Users of systems other than Hermes will need to know that the numerical spam score, if it is positive, is shown in the message's full headers as a string of s's, for example: 

    X-Cam-SpamScore: ssssssssssssssssssssssss

This header can then be tested by any mail program which can handle testing for text strings in headers. For example, on Unix systems using Exim, you need to create a file called .forward in your home directory, containing the text below. (If you already have a .forward file, then the "if" clause can be added before or after your other existing filters.) 

    # Exim filter
    if $h_X-Cam-SpamScore contains ssssssss then
        save mail/spam
        seen finish
    endif

This clause sets the threshold value at 8; to change it, change the length of the ssssssss string. To discard the mail altogether, omit the "save mail/spam" line.

As noted above for Hermes, you should check the spam folder regularly, especially to begin with, to make sure you are not filtering out real mail, and also empty it at regular intervals so that your filespace doesn't fill up.

On systems not using Exim, you will need to find out how to test specific headers in order to filter on the spam score.

Further filtering options

Many mail programs have their own spam and junk email filtering. See FAQ: What is junk mail and what can I do about it? for references for some popular mail clients.

You can also install more specific filters, in addition to the general spam filtering scheme described above, on the server on which you receive your mail. For instance, you can arrange to send mail from a particular sender, or on a particular subject, to a specified folder, or to reject it, even if its spam score is not high, and you can combine this with the spam score filtering. General filtering is often used to send messages from mailing lists, for instance, to a separate folder from other mail.

For general filtering on Hermes, see How can I automatically filter incoming mail using Hermes?

Note that the blocking facility on Hermes, also available from the Manage screen, is not generally very effective for dealing with spam, because most spam these days comes from one-off email addresses or is forged so that it appears to come from an innocent third party.

If you are using a Unix system running Exim you can build more elaborate filter files if you wish. You will need to consult the :Exim filtering documentation to learn more about this.

I've still been sent some junk email, what do I do now?

If you receive junk email,

  • delete the message from your mailbox.
  • do not reply
  • do not ask to be removed from a mailing list, even if you are asked to (commonly this just confirms to the spammers that yours is a real address).
  • do not forward the junk email to your friends and acquaintances.
  • if the mail offers you large sums of money, you might be interested in the Metropolitan Police's Fraud Alert pages
  • if the mail concerns online banking, you might be interested in the UK banks' site Bank Safe Online
  • if the mail is offensive or tells you about a virus report, please look in message of the day to see If there is any information about it; it is likely that you are not the only person in the University to have received the message, if there is nothing there, please email postmaster@cam.ac.uk with a copy of the message and include full headers. Note that the majority of virus reports circulating by email are hoaxes; please do not forward them to friends etc.
  • do not be tempted to retaliate. Most spam email addresses are fake and so the mail will not reach the person who sent spam to you. In extreme cases, your action will be interpreted as spamming in its own right and will cause your address or even the whole of the sending domain to be blocked. Any such action on your part may be subject to action under the Information Strategy and Services Syndicate rules.
  • Note that much junk email, particularly that generated by viruses, has forged From: addresses. If this is the case, there is no point in reporting individual messages. At other times, if you receive junk mail that genuinely appears to come from an address in the Cambridge domain (cam.ac.uk), then please send the message, with full headers displayed to the UCS Service Desk, service-desk@ucs.cam.ac.uk