ITS steps up spam war

Information Technology Services will soon deploy its latest weapon in the ongoing battle against spam.

ITS administrators said they plan to change the settings on Yale’s central spam filter by December and are optimistic that this will reduce the number of unsolicited e-mail messages received by University community members. But they cautioned that the volume of spam worldwide is only increasing, and the new changes will not end the problem.

John Coleman, Yale’s e-mail systems administrator, said ITS will adjust the detection system used by the central spam filtering program, called Spam Assassin. He said ITS predicts a 20 percent increase — the equivalent of about 20,000 more messages a day — in the amount of spam the program will catch. Chief Information Officer Philip Long said that while the new adjustments are only the latest in a series of changes, they will likely have the most impact of any improvement since July.

Coleman said the changes are part of an incremental process and will not provide an instantaneous solution.

“People should not expect a silver bullet,” he said.

ITS administrators said the major concern with making spam filters more stringent is the danger of increasing the number of false positives, or legitimate e-mails that are wrongly marked as spam.

Filtered and deleted spam accounted for 53 percent of all e-mails Yale’s servers handled in October, the most recent month for which data is available, up from 48 percent in September. Most of the spam the servers receive — an average of 716,000 messages a day — is filtered out before it reaches individual inboxes. Nine out of every 10 e-mails worldwide is now spam, according to one Internet security company, Reuters reported Monday.

Spam Assassin is a program that scans a message for signs that it is spam, which Coleman said include forged headers and links to Web sites that appear on block lists. Each sign increases the score the program assigns to the message. Contrary to popular belief, Coleman said, the filter does not rely heavily on searching for specific words more likely to appear in spam than in desired e-mails. The default setting for Spam Assassin at Yale is to tag any message with a score of five or more as spam and direct it to a separate folder.

E-mail users on the medical campus, but not on central campus, can currently change their Spam Assassin settings to filter more or less aggressively. Coleman said he expects that central campus users will eventually receive a similar capability. ITS and ITS-Med — its counterpart for the medical campus — merged last year, but the e-mail systems remain different.

Long said ITS plans to move 30,000 e-mail clients from both campuses to a new e-mail system by next fall. The ability to adjust Spam Assassin settings could be added as a new option, he said, but may not be introduced if the migration proves more difficult than anticipated.

Local e-mail spam filters can be trained to eliminate much of the spam problem, Long said. He said his Eudora junk filter usually traps 80 of the approximately 100 spam e-mails he receives a day. It also identifies between zero and three legitimate e-mails as spam a day, Long said. Webmail does not include a spam filter like those found in Eudora, Thunderbird or Outlook.

But false positives keep some e-mail users from using their local spam filters. Phil Burkhard ’08 said he uses Thunderbird, but no longer utilizes the attached spam filter.

“I find that a lot of important things get filtered,” he said.

The amount of spam passing through the University fell 66 percent last August after a late July change that eliminated “fuzzy matching,” when e-mails sent to addresses similar to official Yale e-mail addresses would be delivered to the official accounts. But the amount of spam has started to climb as the amount of spam worldwide has also increased.

ITS made two changes earlier in the semester: a modification in spam software in September and the addition of image scanning in e-mails in October. Long said both were small changes compared to the predicted effect of the new scoring adjustments.

Spam sent to Yale e-mail addresses is first removed at the central level by rejecting e-mails sent from known spammers. The University subscribes to Spamhaus, which updates hourly a list of Internet addresses that generate spam.

In addition to the technical changes, ITS is also hosting two spam management workshops open to the University community in December.

Comments