Skip to content | Change text size

ITS home
 

Frequently asked questions: spam

General Questions

Spam filtering in my email account

What is Monash University doing to reduce spam?

Monash University is undertaking several measures to reduce spam. Gateway spam filtering has been enabled for all student email accounts. Emails with an extremely high spam probability will be discarded prior to delivery or forwarding. This happens before email is delivered to your account. (This will not affect student email accounts that forward email to external accounts). Emails that are discarded are not retrievable and this setting cannot be changed.

In addition, spam filters have been enabled by default on all email accounts. Once delivered, any emails which are determined to be spam by the ITS mail servers will be filtered into a separate 'spam' folder rather than being delivered . Spam messages are still able to viewed, and the contents of the folder is deleted every 30 days. Students can change or disable the spam filtering settings if they choose by visiting the spam filtering web pages

How does Monash identitfy spam?

All emails comprise of two parts; email 'headers' which describe the email (TO: address, FROM: address etc.) and the email body which is the content of the email which you see. Much of the contents of email headers is transparent to the user (it is hidden by the software you use to view the email).

The software which Monash uses to identify Spam is known as SpamAssassin. This software has been configured to add in email header fields to tell the email client or email server software (e.g. Netscape Messenger) whether the email sould be considered as Spam. This process is know as Spam markup. The original contents (body) of the email message is left intact.

The following headers will be added to all emails which are being checked to see if they are Spam. In this case the email has been given a 'low' Spam score of 2 (2 stars).

X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

The X-Spam-Level field provides an indication on how likely the email is to be Spam. More stars '*' implies a greater likelihood that the email is 'Spam'. When an email has a rating at or over 5 stars, the email is considered to be Spam. In this case an extra header has been added known as the X-Spam-Flag.

X-Spam-Level: ******* X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) X-Spam-Flag: YES

Emails which are found to have an extremely high probability of spam are to be discarded at the Monash University email gateway. These are represented by spam emails which have obtained a SpamAssassin score of 20 or more. Further information on SpamAssassin scoring can be found at http://au.spamassassin.org/

How does Monash spam scoring work?

Monash University a software package called SpamAssassin to scan emails for Spam content. SpamAssassin operates on the principle that Spam emails usually contain certain patterns of body text, body formatting, email header information and internet links.

An email containing the phrase "Free Investment" for example has high probability of being Spam; therefore an extra 1.7 points is added to the overall "Spam Score" for the email if this phrase is found in the email.. SpamAssassin adds up the scores for every Spam pattern/phrase that it matches and this score is reflected as the X-Spam-Level. The higher the score, the greater the probability that the email is Spam. A score of 5 or above is generally considered to be the 'threshold' at which an email is Spam.

What spam score should I set as my threshold?

ITS recommends setting a Spam threshold of 5 (*****). Some people may receive Spam that has scored less than 5 and will want to set a lower threshold to filter out these messages (e.g. 3). Please be aware that setting filters with a Spam score of less than 5 may cause mail to be incorrectly filtered as Spam. An email incorrectly identified as Spam is also known as a "false positive".

If you find that email from a particular user or external email source continues to be marked as Spam even with the threshold set to 5, then you should create a 'white-list' for this Email address. This will stop future emails from the specified Email address from being filtered into your Spam folder. Instructions for setting up email address whitelists can be found at:

Server-side whitelist

It is also important to remember that emails sent within the Monash computer network (e.g. to/from a Monash Lecturer) are never scanned for Spam content. This prevent such emails from ever being accidently filtered into your Spam folder.

What is a email address 'white-list'?

A 'whitelist' is a list of email addresses (such as my.friend@hotmail.com) or email domains (such as virginblue.com.au) that you implicitely trust. If you wish to avoid emails from these addresses/domains being accidently filtered for having 'Spam like' content then adding the email addresses/domains to your 'whitelist' achieve this.

What emails are checked/not checked for spam?

All emails which are sent from Monash internal staff systems and servers (systems with IP addresses in the range of 130.194.*.* (Australia), 168.210.50.* (South Africa), 172.19.*.*, 172.16.*.* and 172.18.*.* (internal Monash networks)) are NOT scanned for Spam content. Emails which come from these systems which ARE Spam should be reported to abuse@monash.edu.au for investigation.

NOTE: Staff that use their computers with the Monash VPN enabled are considered to also be on the Monash network and therefore email sent from Monash VPN connected systems will also not be scanned for Spam.

Emails which have been digitally signed will also NOT be scanned. This includes emails which come from systems outside of Monash. Therefore if you send an email from a home computer connected to the internet via a Non-Monash modem, and you are not using the Monash VPN software, then the email MUST be digitally signed for the email not to be scanned for Spam.

All other email which doesn't fall into these categories are scanned for Spam content.

If I forward my email to another account, will spam email still be filtered?

No. Only Email that is delivered into the Monash staff or student email account will be filtered into your designated Spam folder if you have enabled server-side Spam filtering.

If you forward your Email to your external Internet Service Provider's email account (e.g. your Bigpond account) or an external email provider (e.g. hotmail.com) then ALL email will be forwarded to these accounts (regardless of whether they were detected as Spam or not).

How do spammers get people's email addresses?

Email addresses are obtained from many sources for Spamming purposes, including but not limited to:

  • From posts to UseNet with your email address.
  • From mailing lists.
  • From web pages.
  • From various web and paper forms.
  • From a web browser.
  • From IRC and other chat rooms.
  • From domain contact points.
  • By guessing email addresses.
  • By having access to the persons computer through trojan viruses.
  • From a previous owner of the email address.
  • Using social engineering.

Refer to http://www.private.org.il/harvest.html for more information.

How do I report email that wasn't matched as 'spam'?

The following web-site provides information on how to report email that wasn't marked as Spam.

Report Spam

How do I stop specific emails being filtered into my spam folder?

If you are finding that emails from a certain sender or organisation is consistently being marked as Spam or there are emails which you receive from somebody outside of Monash which you want to guarantee are not 'accidently' filtered to your Spam folder, then you can add the users FROM address to the email address white-lists. Steps on how to white-list email addresses can be found here:

Email address white-listing - server-side

Does email in my spam folder count towards my quota usage?

Yes. All emails stored in your Monash email account count towards your email quota including those stored in your Spam folder. To prevent your Spam folder building up with hundreds of emails or more, the special Spam Folders which you can select when activating Spam filtering 'auto' clean. Emails which have been in these special Spam folders will be removed after a certain period of time. The folders are cleaned up after 30 days for the Spam-30 and Trash folder, 7 days for the Spam-7 folder and 60 days for the Spam-60 folder.

Further information regarding email quotas.

Who do I contact if I have a problem with spam filtering?

If you have a problem enabling Spam filtering, following the steps provided, etc, please contact your local IT support representative first and then the ITS Service Desk for assistance.