SPAM Blocking
and
Quarantine Management Policy
Summary
SVSU uses dynamic SPAM filtering software to block and remove incoming e-mail detected as SPAM. For additional SPAM filtering, users may activate a personal quarantine filter which blocks and holds suspicious e-mail, and then removes it after seven days.
Detail
- SVSU treats incoming SPAM just like an incoming e-mail with a virus; we block it before it gets on campus. Blocked messages are automatically deleted by the SPAM filter. The SPAM filter software is dynamically updated by the vendor, just like our anti-virus software.
- SVSU records a log of the sender ("to"), the recipient ("from"), and the subject line. We do NOT record the message itself.
- SVSU allows faculty, staff, and students to request a daily log of blocked messages. To register, click start or stop the daily log.
- SVSU allows members of the campus community to set their personal SPAM filter settings:
a) Faculty, staff, and students may choose SPAM settings that block even more e-mail.
b) Faculty, staff, and students may create a personal exception list. E-mail from these select senders will pass through the SPAM filter; this is called "white listing."
c) Faculty and staff may justify globally white listing an e-mail source. Please e-mail your justification to support(at)svsu.edu. The ITS staff will work with you to ensure the narrowest white listing possible.
d) Faculty, staff, and students may elect to activate a personal quarantine which holds e-mail that are suspicious, but not obviously SPAM. After seven days, e-mail in the quarantine are deleted.
- Faculty and Staff: To adjust your SPAM controls, contact the ITD lab for a training session.
- Students: To adjust your SPAM controls, contact the STC for a training session.
- Learn how to configure your own SPAM settings.
- Note that it is SVSU's policy to use the following SPAM settings:
- Tag = 10
- Quarantine - 2.5
- Block= 5
- Note that it is SVSU's policy to use the following SPAM settings:
Background
| Fiscal Year | 2005-2006 |
| Daily Incoming E-mail From External Source (does not include internal or SVSU to SVSU e-mail) | 180,000 |
| Incoming E-mail Blocked as SPAM | 75% (consistent with national average) |
| Fiscal Year | 2006-2007 |
| Daily Incoming E-mail From External Source | 1,400,000 |
| Incoming E-mail Blocked as SPAM | 92-95% (SVSU expanded SPAM filter to include Bayesian inference logic) |
|
| |
| Fiscal Year | 2007-2008 |
| Many members of the SVSU campus community received a number of "phishing" e-mails. Such messages requested users to "validate" or "verify" their account information by replying with an e-mail containing their User ID, password, date of birth, and country. Despite multiple attempts to educate and warn SVSU users, several members of the campus community replied to those messages with the requested information. In addition to providing personal data (leading to potential identity theft), those user's accounts were used to send more SPAM. As a result of the influx of SPAM sent from SVSU e-mail accounts, many outgoing SVSU e-mail were blocked and discarded by many ISP's. The Internet effectively "blacklisted" SVSU accounts. | |
| Fiscal Year | 2007-2008 |
| Daily Incoming E-mail From External Source | 2,500,000 |
| Incoming E-mail Blocked as SPAM | 97.50% |
History
- August 12, 2006 - SVSU began blocking and discarding "verified" SPAM.
- September 1, 2006 - SVSU began blocking "probable" SPAM.
- June 18, 2007 - SVSU adopted a policy to mask faculty and staff e-mail addresses from off-campus queries. This stops SPAM bots and individuals from harvesting e-mail addresses for SPAM usage. This policy affects both departmental web pages and the web-based directory lookup. The masking allows an off-campus user to send an e-mail to an employee without viewing the employees e-mail address.
- May 29, 2008 - SVSU adopted a policy to block the auto-forwarding of e-mail from SVSU accounts to outside accounts. This significantly reduces the chance of SVSU e-mail becoming blacklisted by the Internet.
- May 29, 2008 - SVSU adopted a policy to quarantine any e-mail with the word "password" in the body of the message. This significantly reduces the chance of an SVSU e-mail account being hacked by a customer responding to a phishing e-mail.
- May 29, 2008 - SVSU adopted a policy to block any external e-mail with one of a number of User IDs from the "@svsu.edu" domain. This significantly reduces the chance of an SVSU e-mail account being hacked by a customer responding to a phishing e-mail.
- November 5, 2009 - SVSU adopted a policy to quarantine any e-mail with the words "mailbox" or "webmail" in the body of the message. This significantly reduces the chance of an SVSU e-mail account being hacked by a customer responding to a phishing e-mail.