BU Today

Science & Tech

Want to Stop Spammers? Ask the Pros

The Office of Information Technology is trying, and (mostly) winning

Spam makes up about 75 percent of all messages BU e-mail servers receive.

How much spam does BU get? On a typical day, University servers block 2.3 million attempts to deliver mail from known spam sources, and, IT administrators say, each of those attempts was probably aimed at multiple recipients. Of the 1.4 million messages that are not blocked, about 40 percent are rated by a secondary filter as likely to be spam, and three quarters of that can be deleted automatically if individual users have chosen that option. You get the message.

“When you look at the high percentage of mail that’s spam, we are pretty successful at blocking it,” says Richard Sharp, associate director of consulting services for the Office of Information Technology. “If we weren’t successful, you’d open up your mailbox and it would be 80 percent spam and you wouldn’t be able to go about your business.”

Despite the success of Sharp and his colleagues in blocking well over 60 percent of all messages sent to the University, many students complain about spam.

“It’s very frustrating,” says Emily Lieb (GSM’09). “I use Horde with SpamAssassin, and I still get about 10 to 20 spam e-mails a day. And when I use Outlook at home, I get twice the spam because I don’t have the spam blocker set up on my Outlook.”

The Office of Information Technology has taken steps to decrease the amount of spam received, but, says Sharp, their ammunition is limited.

“As an educational and research institution with a legitimate need to correspond with almost anyone,” he says, “our filtering policies cannot be as restrictive as they might be in a corporation.”

SpamAssassin, one tool used in the battle against spam, is a program that assigns each e-mail a score — the higher the score, the more likely it is that the e-mail is spam. Since 2006, all new BU e-mail accounts have a setting that automatically blocks mail with a SpamAssassin score greater than 5.0. The Personal Computing Support Center (PCSC) Web site has instructions on how to set up and use SpamAssassin. For e-mail accounts created before 2006, a simple click of a button on the site will set up this automatic blocking on an e-mail account.

One problem, says Sharp, is that fewer than 40 percent of the eligible BU community members have signed up for the automatic blocking. Those who are using SpamAssassin can also adjust the threshold at which messages are assigned as spam. If work-related e-mails are being sent to the junk folder, says James Stone, director of consulting services for the Office of Information Technology, the normal SpamAssassin setting of 5.0 can be shifted to 5.5 to allow more messages to an inbox. Stone and Sharp recommend adjusting the threshold in small increments, whether up or down, to reduce the number of legitimate e-mails tracked as spam, while still keeping out unwanted e-mail. 
For e-mail users on the go, the PCSC recommends the Web-based e-mail system Horde because it offers spam filtering. However, in addition to setting up spam filtering, Horde requires an extra step to filter the unwanted mail — each time users log on they need to click on the funnel icon to the right of the word “Inbox” at the top of the message index to filter out spam. Otherwise, says Sharp, “people may think that they’ve set up spam filtering, but by missing one step they’re actually not filtering any spam.”

If these steps have been taken, and spam still plagues an account, the reason may be spammers’ latest weapon in their ongoing battle with the creators of spam-detection software: Penny stock tips and Viagra sales pitches may now come as an image within the body of the e-mail, which slips past the current text-based spam detection software.

Aside from applying spam filters, avoiding spam is difficult. There are very few preventive measures people can take to keep their e-mail address out of spammers’ databases. One tactic is minimizing the number of places an e-mail address is posted, such as a blog, and to be cautious when giving out an e-mail address online. Responses to such things as posts on Craigslist can be an invitation to spammers.

“If you can Google your e-mail address,” says Stone, “it’s already too late — it’s already in a database somewhere.” 

For more information on spam and other e-mail issues, visit the PCSC Web site.

Catherine Santore can be reached at csantore@bu.edu.