UITS Implements New Email System to Reduce Spam
If you've noticed less spam in your inbox, it's likely thanks to a new filtration system implemented by University Information Technology Services.
The UA typically takes in between 5 million and 8 million messages each day, approximately 85 percent of which are considered undesirable spam messages, viruses or phishing attempts, said Derek Masseth, UITS senior director of infrastructure and client services.
Since the new system was implemented on Nov. 8, it is blocking approximately 4 million to 7 million spam emails on a typical day, which is 5 percent more than the old system was blocking.
Masseth said feedback has been extremely positive.
"A lot of folks in the last several days have come out and expressed their gratitude and they've indicated they've seen a difference," he said.
Tom Fleming, Steward Observatory astronomer and senior lecturer, is one of the people already seeing an improvement.
"I have noticed a significant decrease in the amount of email spam I've received," he says. "I am no longer subjected to requests to purchase private jets or luxury yachts or to find a Russian bride. This is greatly appreciated."
Previously, the University used a collection of open-source tools to filter emails. In May, after experiencing an influx of spam messages during the previous months, UITS began to look for a new solution.
The new system uses an email security filtering system provided by Cisco Systems Inc.
"They end up being generally a little bit ahead of other filtering capabilities," Masseth said. "This is a product that is deployed in many of the largest companies and enterprises worldwide."
Masseth explained the new system works on three levels.
- When the system is "extremely confident" that an email is undesirable, the system does not allow it to reach the recipient. These messages do not ever appear in the user's inbox or junk folder and are unrecoverable. "You might say it deletes it, but it goes so far as to not even accept it," Masseth says.
- When the system has a "high confidence" that an email is unsolicited or unwanted, the email is sent to a system-level quarantine in the data center managed by UITS.
- If the system believes a message could be spam but does not have a high level of confidence, it is marked as spam and is sent to the recipient's inbox or junk folder – depending on the user's email software settings.
If a user knows of a legitimate email that was sent to the user but not received, and believes it may be getting improperly marked as spam, Masseth said the user should call the 24/7 IT Support Center.
"If we put it in quarantine and you've called us soon enough, we can pull it out of quarantine and deliver it to your inbox," he said. "Otherwise, if we've deleted it from quarantine – because we can only keep quarantine for so long, it fills up – then the sender will have to retransmit it. But when it's retransmitted, we can ensure that it's delivered to you."
In order to mark senders as "safe" to avoid being flagged as spam, add the email address or domain to your Safe Senders list. For assistance, call the 24/7 IT Support Center.
Masseth said there are multiple theories of why the University receives so much spam, including its public directories.
"The UA phonebook is tremendously useful when people are trying to get in touch with us," he says. "As it turns out, it ends up being useful for people who want to send us unsolicited things as well."
Additionally, some accounts receive more spam than others depending on how long they have been in use. The longer an email address has been around and the more it is used, the better the chances that it has been discovered by spammers, Masseth said.
In the future, UITS is planning to specifically target phishing emails, Masseth said.
In addition to spam messages, the new filtering system also is helping block phishing emails, Masseth said. But because many phishing emails are designed to look legitimate, some may still get past the filters.
Phishing messages typically are disguised as legitimate-looking emails that ask users to click on a link to reset passwords or provide other personal information. Masseth said that emails that ask you to reply back with your password are always a scam. If you receive a message that you are unsure about, call the 24/7 IT Support Center immediately to verify its authenticity.
He says he hopes that the new system will lessen the amount of time employees have to spend culling their email inboxes.
"I'm hopeful that people will gain the luxury of spending dramatically less time pressing delete on undesirable emails," he said. "Early evidence indicates that's already occurring."