Computer News No. 119  Jan.-Feb. 2006

From the Help Desk ... the Battle Against Spam

    1. Lawsuits against spam are coming
    2. What Computer Centre does to filter spam
    3. What to do about email falsely labeled as spam or infected with virus

1. Lawsuits against spam are coming

Every email user knows the frustration of seeing spam in their mailbox.  The spam containing advertisements for products seem to be harmless, but they use up our limited disk quota for storage and also costs us valuable time and effort in deleting them.  The dangerous spam even tries to trick us into giving away important information on our bank accounts or passwords at some bogus web site, or installing a malicious software in our computer by opening an attachment.

 

We seem to be fighting a loosing battle against spam.  While Computer Centre , like all commercial and non-commercial organizations in the world, is trying hard to filter spam from entering the users' mailboxes, the ultimate solution would be legislature which would punish the spammers and bring mass emailing into proper channels.

 

Although there is no legislature for punishing spammers in Hong Kong yet, we are glad to see that justice is done elsewhere in the world.  For example, the owner of an Iowa-based Internet services company has been awarded a US$11.2 billion judgment against a spammer who is also prohibited from accessing the Internet for three years.  This is the largest spam judgment ever recorded so far.  See http://www.computerworld.com/printthis/2006/0,4814,107598,00.html for details.  

 

The Hong Hong SAR Government has also recently issued a consultation paper on legislative proposals to contain the problem of unsolicited electronic messages and citizens are welcome to raise comments on the legislation proposal.  The public consultation will be closed on March 20, 2006.


2. What Computer Centre does to filter spam

  1. When an email comes into our central email server (the HKUCC, HKUSUA or GRADUATE system), the Sophos anti-virus software running on the server first scans it for computer virus.  If a virus is found in the attachment, it is deleted from the email queue.
     
  2. Then the email is checked for spam with the SpamAssassin software using some filter rules and against the databases of spam sites black-listed by Open Relay DataBase (ORDB), Spamhaus and SpamCop.  The system then assigns the email a spam likelihood score.
     
  3. Email with spam scores greater than or equal to the spam threshold value is thrown into the recipient's spam folder of the month called "spam-of-YYYYDD".  Emails with spam scores less than the spam threshold value get put into the recipient's INBOX (incoming mailbox).  The default spam threshold value is 5 and you can change its value (at HKU Portal => "MyFavourites" tab => "Set Spam Filter" link or at webmail.hku.hk => "Set Spam Filter" link at the top of the page).
     
    • NOTE: A low spam threshold value filters more email into the spam-folder while a higher value filters less email; e.g. the value '9' filters less email and thus more SPAM will come in the INBOX.
       
  4. Sometimes, the email server is too busy with virus and spam filtering that a long email queue is built up. When that happens, our server administrator has to disable the spam filter temporarily to allow the queued up mail to be delivered first, and then enable the spam filters afterwards.  That is why sometimes you see more spam in your INBOX than on other days.

3. What to do about email falsely labeled as spam or infected with virus

Sometimes an email can be falsely labeled as spam and end up in the spam folder ("false positives").  Emails with a lot of hyperlinks or email addresses in the message body or bearing attachments with unfamiliar file types often get labeled as spam. It is better to have a more stringent filter than to introduce a virus to your computer.

For files labeled as spam, you can always find it in your spam folder.  Thus, always check your spam folder first if you are expecting an email but haven't seen it in your INBOX. If you wish to know the reason why a legitimate email is labeled as spam, you can send the FULL header of the email to ithelp@hku.hk for analysis by our server administrator.    

Attachments labeled as a computer virus are put in a quarantine area of the server.  If you wish to check whether an attachment file you are waiting for is treated as virus, you must send enquiry to ithelp@hku.hk within a week, otherwise it is likely to be purged. 

See our FAQ on spam management at http://www.its.hku.hk/faq/stopspam.htm