Protecting the City U Email Systems by Reducing Spam and Phishing
by Joseph Leung
According to our past experience, more than 50% of incoming emails are possibly spam in nature. These emails not only waste our system resources, but also cause delay of normal email delivery. Users would be annoyed, and even worse, they have to take security risk when opening the message or the attached files. At the beginning of 2007, we adopted a world-class spam detection system which tags each incoming email with a possibility of “spam level” (“threshold”). If the spam level of an email reached 99% or higher, it would be discarded immediately.
In December 2010, we started to implement the compulsory spam filtering of emails with spam level up to 90% for the email systems of our staff, students and alumni. After studying the statistics, we found that it was necessary to tighten the level to 80%, which would then further decrease the number of highly suspected spam and phishing emails by 5%. In fact, this has already been implemented since February 2012. Each email is now tagged with a “spam level/threshold” and these tailor-made filters can be adjusted by the users if they want to. Those suspected emails would be moved to the AUTO-PURGE (Java Sun Messaging System) or Junk E-mail (Microsoft Exchange) folder where users have the choice to inspect before being deleted after 30 days. In addition, users can further refine their anti-spam preferences by adding email senders to the “Personal Whitelist” or “Personal Blacklist” to accept or reject emails accordingly.
There is an effective technology called “IP reputation”, in which any emails identified with suspected spam source would be rejected at the server level. Thus, a lot of spam emails have already been rejected before entering the email queue at the gateway for calculation of “spam level”. In light of its effectiveness, this new technology was adopted two years ago and, in consequence, more system resources have been saved. Our observation shows that the delay for delivering external incoming emails to our users has been significantly reduced from one hour to one minute.
Besides taking the above measures, we also restrict the delivery of unsafe attachments. According to the recommendations by Microsoft, attachments with unsafe file extensions (e.g. “.exe”, “.bat”) should be dropped in order to avoid malicious attacks (especially from those brand-new spam/phishing/viruses that might not be detected by anti-virus/spam software just yet.).
Advice to Users
Although the Computing Services Centre (CSC) is trying its best effort to protect users from intruders and malicious emails, some “improved” spam / phishing emails still reach our users occasionally. We therefore rely on users to stay alert and notify the CSC immediately of any suspicious spam email. Upon investigating the report, if found genuine, the CSC will block the unauthorized connections, stop further delivery of that email and alert all users who may also have received the same email.
The CAP (CityU Announcement Portal) is a channel for the CSC to post spam alerts, in addition, the Email Frequency Asked Questions at http:/email.cityu.edu.hk is a good source for learning more about good email usage practices, anti-spam and anti-virus techniques. In fact, the best way to safeguard your CityU email accounts from spam is to use it solely for work and study related purposes; meaning that you should not use your CityU email accounts in social networking sites or as personal correspondence.
References
1. What are email spam filtering, spam level, whitelist and blacklist?
2. [For users who have not yet migrated to Microsoft Exchange]. How can I adjust spam filtering level and set up whitelist and blacklist?
3. [For users who have not yet migrated to Microsoft Exchange]. Where can I find the messages filtered by spam filtering?
4. [For users who have migrated and using Microsoft Exchange]. How to set up Spam Auto-filtering on MS Exchange?