30 March 2004

SPAM Update

The increased level of spam (‘junk’ email messages) and worm activity in the Division has got to a point where something must be done to restrict it.

Unfortunately, any measure that seeks to restrict the passage of email will, inevitably, result in legitimate messages being blocked. Recent changes to the University's central mail server (through which some of the Division's email from outside addresses passes) has indeed blocked legitimate email to some staff in the Division.

Staff who believe that legitimate email is being blocked by the system should send any evidence they have to the cehelpdesk. Senders whose email is bounced will now receive a message from the University with instructions for having their service provider unblocked from the block list. See http://www.canberra.edu.au/cc/rbl.html for further information.

We will investigate the following measures:

  • Configuring the email server to stop messages from outside the Division going to any Divisional email list, such as staff@comedu.
  • Installing software on the email server that allows us to ‘black list' emails by username or the domain they are from. Any email received from a blacklisted address would be returned to the sender (usually a forged address anyway).
  • Investigate a system where only email from people in the receiver's address book or a qualified list on the server would be accepted. Email from other sources would be returned to the sender asking them to fill out a form requesting their address be accepted. The receiver could then decide whether to accept the email.

Even these measures won't help block email with forged return addresses where the forged address is on the list of accepted addresses.  Any measures introduced to stop this type of activity will lead to legitimate email being blocked, and reduce the flexibility of using email from off-campus locations like home and conferences.

We know it is an issue and will try to introduce measures to deal with at least some of the unwanted email. Until the email standard is changed, there is little that can be done to eliminate the spam entirely while at the same time allowing all legitimate messages to get through.