Skip navigation
Department of Ecology & Evolutionary Biology HomeUniversity of Arizona Home
SPAM!

This page covers handling spam that comes to your UA email account, and also has a note on the topic of spam that results from posting your email address on a web page.

Jump to:
Report spam to the UA spam/abuse authorities
Enable the "Spam Assassin" spam filter
Modify the existing spam filter to suit your specific needs
About posting your email address on a web page

  • Three key words in the battle: evolutionary arms race. As new techniques for thwarting spam are developed, the spammers develop ways to get around those techniques. You, the email user, will have to expend a little effort from time to time to stem the flood.
    		•
    The best way to prevent spam from landing in your UA mailbox is to use the Spam Assassin tool that the University employs to filter out spam (see below for instructions)
    .
    1-- First, report spam to the UA authorities

    It is useful to report spam as this will allow the UA spam-fighters to:
    • maintain the filters that reject spam messages based on content in the header or the body before messages are even sent to spamassassin.
    • maintain a "black hole" list of hosts (and zombies) which have sent spam to our site. It's currently stops over 1,000,000 Internet addresses. One of the main sources for this list is reports from UA users.

    How to Report Spam: the short version (CCIT)
    Reporting Spam: the details(from an email from the CCIT Postmaster)

    The UA spam filter (Spam Assassin) is disabled by default. You will have to access your email account through WebMail to do enable the spam filter. There are two alternatives:

  • Easy, but not totally effective: simply enable the Spam Assassin. Direct mail flagged as SPAM to a folder other than your INBOX, or have it deleted by default. Instructions below.

  • More effective, but requires more effort: modify your spam filter to do a better job at catching spam (reduce false negatives), while allowing through the messages that you want (reduce false positives). Instructions below.

    2--Enable "Spam Assassin" in Webmail.

    After you have logged in to UA WebMail using your NetID and password, click on "Mail Rules" on the top toolbar.

    If the Stop [SPAM?] rule is labeled [DISABLED], you need to enable it. Click on the red circle with a line through it over on the right side of the screen, under the Enable column heading. The red circle with a line through it will change to a green check mark. Your SPAM filter is now enabled.

    By default, spam messages will be automatically deleted -- you will never see them. If you want to see them, to make sure it isn't deleting things you really want from people you know, click the "edit" icon (looks like a sheet of paper) to the left of Stop [SPAM?], and change "Do this: Discard this message" by selecting another option (you can have the spam go to another folder, or to your inbox). Note that you can't send it to a Eudora or Outlook Express folder--you have to create a new folder, in WebMail, and then log on to WebMail to look at the contents of the folder.

    If messages that you want to receive are winding up as SPAM, you may be able to create a mail rule to handle those messages, especially if they have a lot in common (e.g., they all come from a mailing list you belong to). See CCIT's page about Spam Assassin and how to use it for detailed instructions
    .

    3--Modify the existing spam filter.

    Recently I had been getting frustrated with more and more spam landing in my inbox even though I had the default spam filter enabled. So I played around with the filter and found out a few useful things.

    Spam Assassin assign every message a X-Spam-Level -- a rating from zero to seven. If you expand the headers on your email, you will see something like this:

    X-Spam-Level: xxx

    This means the message has an X-Spam-Level of "three" (3 x's). The existing spam filter (if you have it enabled) is set to seven or above (xxxxxxx), the highest level (the most likely to be spam). You can lower the bar by changing the existing filter, or you can set up new mail rules to do the same thing. Both will catch more spam, but will also falsely catch more of the email you really want.

    To see how this works, I set up seven folders, one for each spam level, and then set up seven rules, one for each spam level. So, for example, all messages labeled "X-Spam-Level: xxx" go to a folder called "Spam Level 3," etc.

    Over a period of several days, "spam level 1" netted 10 messages, only one of which was actually spam (the rest were mostly from mailing lists I belong to). As the level goes up, the proportion of actual spam also goes up. It's up to you to decide what level you wish to set the filter at, and to create the mail rules that will allow in "good" email.

    CCIT has good instructions on how to use Mail Rules to set up your own customized spam filter based on Spam Assassin, so I won't go into the details here.

    Theory tells us that you can't reduce false negatives while simultaneously reducing false positives -- there is always a tradeoff. (However, this does not explain how the spam filter on my Hotmail account successfully pulls out all spam, while only very occasionally--like once a month--yanking a legit message.)

    4-- About email addresses on web pages

    There is no doubt that posting your email address on a web page will enable "spam bots" to harvest your email address and start sending spam to it. Unfortunately, there is no easy way to prevent this, other than never posting your email address to a web page.

    If you change what's on the web page from, e.g., "engelsen@email.arizona.edu" to "memcinto at email dot arizona dot edu," current spambots are just as capable of translating that into a real email address as you are.

    There are more sophisticated techniques, such as using a program – either a script like PHP or a compiled language like Perl — to encode your email address into each character's numerical equivalent, and then wrapping the encoded address with the "mailto:" link in a block of JavaScript.

    The consensus on my favorite tech website, "A List Apart," is that if a browser can render the "coded" address properly a spambot harvester can be made to do the same thing.

    The Wise Ones say, "The best way to combat spam is at the email server level--either your company, ISP, or your own home email box--by using such things as Spam Assassin, procmail filters, or other products."

    Resources:

    CCIT's page about Spam Assassin and how to use it

    CCIT: general info on spam and scams

    UA WebMail

    		•
    EEB Help Search EEB About EEB

    email EEB tech support
    email the webmaster

    All contents copyright © 2003-2005 Arizona Board of Regents. All rights reserved.