ITS battles Yale spam-bots

One afternoon last month, Yale College Dean Mary Miller sent an e-mail to the University of Michigan. To her dismay, the e-mail bounced back.

After a spamming attack on a “yale.edu” e-mail address that month, the University of Michigan had blocked all incoming messages from Yale addresses. Miller used a colleague’s Gmail account to resend the message. Miller said Tuesday that she still does not know if University of Michigan can receive her e-mails — but Yale Information Technology Services staff said a new filter on outgoing mail has already proven effective at preventing spam-related problems.

ITS is now using a new automated, open-source filter from Cloudmark to mark and block the “spam, junk and other viruses” coming out of Yale e-mails, said Chuck Powell, senior director for academic media and technology. Cloudmark also records what spam e-mails look like and uses algorithms to match, tag and eliminate future e-mails, Powell added.

“It’s not just about this machine,” Powell said of a “spam-bot” computer on Yale’s campus. “The reputation of the institution is questioned.”

ITS Director Philip Long told the News last week that Yale e-mails have not been blocked since the filter was installed Jan. 3. As of Tuesday night, the ITS System Status page reported no incidents since Jan. 4.

Phishing e-mails, which Powell said have hacked into other institutions such as the New Haven Register, bait community members into revealing account information and can hijack Yale e-mail addresses, turning users’ computers into “spam-bots” that send as many as 100,000 pieces of spam daily, Powell said. This activity catches the attention of e-mail providers such as AOL, Comcast or the University of Michigan, which in turn block mail from all “yale.edu” addresses.

“They were killing us,” Powell said of the spam. “It would take us hours, sometimes days, to go through all the hoops, find the machines and fix it.

According to the ITS System Status page, ITS addressed mail blocks from Comcast, Yahoo, AOL, Verizon, Microsoft and the University of Michigan in December. Powell said Comcast, which serves the majority of southern Connecticut, inconvenienced thousands of users when it blocked all e-mail from Yale addresses last month.

Even if students do not give up information but follow a link in a phishing e-mail — for example, an e-mail from a person claiming to be a Nigerian who needs to transfer funds to the recipient’s bank account, he said — their computers can become “spam-bots” which spread spam messages. The new filter will block this e-mail when sent from a Yale account, he said.

Powell said ITS already blocks incoming spam e-mails and tags others as potential spam.

“Yale throws away about a million pieces of mail every day before it ever gets to your computer,” he said.

Long referred to a message he sent to the Yale community Jan. 5, in which he said the filter may also “inadvertently result in the loss of some genuine outbound e-mail which SHARE the characteristics of spam.” Long’s message directs community members to confirm reception of any critical or time sensitive e-mails, but Powell said he has not noticed that the system — which he described as “99 percent reliable or better” — is blocking genuine e-mails.

“Was that [message] spam or was that really you?” Powell joked.

Comcast also uses Cloudmark to filter e-mails.

Comments