DFM Email and Spam

Contributors: 
Eric Schoville BA

How many emails does the Department of Family Medicine receive on a daily basis?

We receive anywhere from 5,000 on Sunday, the slow day, to over 20,000
per day on peak days. These totals do not reflect the intra-Groupwise
emails, just emails from outside our network.


What is spam? How much spam does the DFM receive on a daily basis?

Spam is unsolicited e-mail. The amount of spam we receive is relative to
the number of emails, but it is usually about 20% of our total email
traffic.


What are we doing to prevent spam?

There is little that can be done to prevent spam, it can only be
blocked once it is received. Every email that we receive is parsed
by our mail filter that analyzes the email to see if it is spam.
Any email that it thinks is spam is blocked.


What types of checks are done to see if a message is spam?

Our mail filter performs a wide variety of checks to make sure a
message is not spam, including RBL (real time blacklists) checking,
checksumming (DCC, Razor, and Pyzor), Baysian analysis (a learning
filter), and filtering for specific text strings.


With all of these filters in place, why am I still receiving spam?
Why aren't our SPAM filters perfect?

Handling spam is a very difficult process that requires a lot of
balance. If the filters are too restrictive, then they will catch a
lot of legitimate email. If the filters are not restrictive enough,
too much spam will come through. This process also requires manual
maintenance, because spammers adapt and change their tactics, which
allows more spam to come through until the filters can be adapted.


I never get SPAM on my personal email account. Why do I get SPAM on my DFM email?

The amount of spam sent to an email account is usually a factor of how
long you have had an email account and how publicized the email
address is. DFM employees who have been here for a long
time and whose email addresses are well known receive much more spam
than someone who has only been here a short time. Your personal email
account is probably not as publicized as your DFM account, and you may
have had it for less time, so you probably won't get as much spam to
that account.


How much SPAM can I expect to receive on a daily basis?

While we aim for our users to receive no spam at all, it is possible
for some spam to make it through the filters. More than a couple of
spam messages a day is unreasonable.


I think I have received a SPAM message. What should I do?

Please forward it to spamtrap@fammed.wisc.edu, so we can adjust
our filters and make them better. At your discretion, you can also
hit the "delete" key.


I think a legitimate email has been blocked by the SPAM filter. What
should I do?

If you think that a legitimate email has been trapped by the mail
filter, please contact the Helpdesk. You will need to provide them with the email address of the sender, and then they can get back to you with more information.


A correspondent of mine sent me an email and it didn't go through. Why not?

It is likely that due to the content of the message, it was either
blocked as spam, the email had a virus, or it had an attachment that
we do not allow. In this case, the sender will not be notified that
the message did not go through. Please contact the Helpdesk
with the email address of your correspondent, and they can get back to
you with more information.


Why don't you notify the sender if their message doesn't go through?

The simple answer to this question is that most of the messages
that don't go through aren't valid. If we tried to notify
the sender, mail server performance would be affected, and we would
tie up a lot of network bandwidth with invalid emails.


What attachments do you block?

Currently, files with the following extensions are blocked:
exe,vbs,pif,scr,bat,cmd,com,dll,hta,cpl, and rar.


Why are you blocking these files?

The files with these extensions are being blocked because they are
often viruses. These files wouldn't normally be sent by one of your
correspondents.


Do you block attachments based on size?

Attachments over 20 MB are blocked. If you need to send or receive
attachments that are larger, you should zip the attachments, or find
another way of sharing these files, like using the shared drive.


Are you scanning for viruses?

Every email that comes into the DFM is scanned for viruses. Currently,
our email server scans for over 30,000 viruses, and this list is updated nightly. Emails with viruses are blocked by our server.


I received an email with a link, and I clicked on the link but nothing
happened? Do I have a virus?

You should never follow a link in an email unless you are certain that
it is a valid link. Following suspicious links is a great way to get
a virus or a spy bot on your computer. No legitimate email will ask
you to confirm personal information.


Where can I find the email address for someone in the DFM?

  1. The online directory at http://www.fammed.wisc.edu/directory
  2. In Groupwise, install and use the LDAP address books
  3. In Groupwise webaccess, use the LDAP address books

If you have not installed the LDAP address books for Groupwise, please
see https://inside.fammed.wisc.edu/its/ldap.html or send an email to helpdesk@fammed.wisc.edu for instructions.