Protect Yourself Against Spam
Some general tips for protecting yourself against spam:
- NEVER open an attachment to an email that appears to be spam or that is sent from an unknown source. Email attachments can contain trojan viruses or install malware that can steal your personal information or reduce computer functionality.
- Even messages from a known source (such as @drexel.edu) can be a scam. Scammers can spoof legitimate addresses to make messages appear to come from someone you know, which is why all emails should be read with a healthy dose of caution. Basic rule of thumb: if you weren’t expecting to receive the message, or it’s from someone or some organization you don’t know, don’t click any links, open any attachments, and in all instances NEVER provide sensitive personal information or logins.
- Even worse, the scammer can tailor the scam message to YOU personally, especially if you post public or easily obtainable details about yourself and your activities online (i.e. via social networking). Make your personal information/social statuses/contacts etc. private or friends-only, or refrain altogether from posting information such as location, home addresses, email addresses, phone numbers, and…
- NEVER EVER give out your passwords to anyone—not friends, not relatives, and not even members of the IRT staff. And remember that legitimate organizations will never ask for your login credentials over the phone, through email, or any other method. That information is for you to know, and you alone.
- Don’t blindly click on hyperlinks, particularly in emails of unknown origin. A common scam is to redirect a legitimate link to a Web page that installs a trojan or other malware. Always check URLs by hovering over the link to see if the underlying URL matches the one displayed in the body of the email.
- As viruses change, so does the software needed to protect you from them. Keep your anti-virus software up-to-date with the latest updates and virus definitions by installing Sophos Endpoint Protection, which is available for PC and Mac at https://software.drexel.edu.
- Be wary of suspicious-looking Web sites. If the site doesn’t appear trustworthy or is poorly maintained, avoid clicking links or downloading content from that site. Also, avoid downloading content from peer-to-peer (P2P) programs such as LimeWire, Soulseek, BitTorrent, and others, as illegally-downloaded songs/software/videos etc. often come packaged with trojans and malware.
- Delete spam immediately. If it sounds too good to be true, it probably is. Don’t respond to it, and never, ever give out personal information. Even if it’s from “Drexel University Technical Support” or “Drexel University Web Support” and says “this is not spam”—it almost certainly IS a scam!
If you are ever unsure whether or not a message is legitimate or a scam, please contact the IRT Help Desk over the phone at 215-895-2020, or email email@example.com.
You can also view examples of scam emails in IRT's Spam Gallery.
Keep your email address off the spam radar
- Don't post your email address on a publicly searchable Web page if you can avoid it. (It's good practice for departments and organizations to use functional rather than personal addresses, such as IRT’s address, firstname.lastname@example.org.)
- Only give out your email address to reputable organizations if they have good privacy policies (yes, you should read the privacy policies).
- For all other sites, if you must provide an email address, use one you don't care about maintaining (for example, use a free one from a service such as Hotmail or Gmail).
- Don't ever reply to spam or use the "option" to unsubscribe – doing so only tells spammers that they have found a real person willing to read their messages. (See http://www.spamhaus.org/removeisformugs.html.)
Protect your PC from viruses and malware
Spammers seek to infect your PC so they can steal all of the email addresses in your address book, and so they can use your PC as a "zombie" to send out more spam. By following good security practices, you are protecting your friends and your community as well as yourself. Install anti-virus software, and scan your computer regularly.
Report untagged spam
Sophos encourages its customers to send any missed spam back to them; this helps them improve the PureMessage filtering rules. Send the offending email with full mail headers to email@example.com. This address will automatically forward your message on to Sophos.
About full mail headers: Most email clients only display the To:, From:, Date:, and Subject: lines of the header. However, in emails we receive, we don't normally see the path that the email followed from its original SMTP outbound server to reach our inbound mail server. This header information is critical for the spam detection effort. (SpamCop is a public site dedicated to helping rid the Internet of the spam nuisance. Use the link above to get the scoop on where to find this header info for your particular mail client.) Send the header information to firstname.lastname@example.org.
NOTE: To report other types of network abuse, such as Denial-of-Service attacks, compromised computer connections from outside Drexel, or other unauthorized use of network resources, send an email to Abuse@drexel.edu.
Block automatic display of images
Unwanted, disturbing images are a particularly upsetting aspect of spam. Automatically loading "images" can also trigger malicious software. For Web-based email clients such as DrexelOne and Webmail, your main defense is to only open email from recognized sources.
If, however, you need to open emails from people you don't know, then you need the additional capabilities that desktop email programs offer. IRT supports Outlook and Outlook Express (for Windows), and Entourage and Apple Mail (for Mac). These programs all offer the ability to turn off automatic display of images and/or automatic loading of remote images. Contact the IRT helpdesk for assistance with this.
Using spam-filtering software on your own computer
If spam in your inbox is causing you frustration, then you might want to invest some time in setting up and training spam-filtering software on your computer. Outlook, Entourage, and Apple Mail all have built-in spam filtering capabilities that you can turn on. There are also add-on spam filtering products you can install.
Frequently Asked Questions
Q1. The email I sent to my colleague at Hotmail (Comcast, Yahoo, etc.) was rejected as spam!
Occasionally, outside companies -- even some of the major ones that should know better -- get too aggressive in their spam blocking lists and reject mail from perfectly safe servers such as ours. If your messages are incorrectly rejected as spam, please send the email with the bounce message to us email@example.com. Our email administrators will work with the outside service to get the problem fixed. You can also ask your colleague to notify his or her service of the problem.
NOTE: If you are using a departmental email server, you should notify that server's administrator.
Q2. Why is there tagged spam in my inbox?
Tagged spam (subject starting with [SPAM:XXXXXXX) should always go straight to the Junk Mail folder. We've seen some cases in Outlook where this process does not take place automatically. To solve this problem, please follow our instructions for creating a rule.
These instructions are especially important for people who use a hand-held device (such as a Blackberry, iPhone, or a Treo) to receive email directly. No one wants to be notified of each incoming piece of spam.
Q3. A real piece of email was sent to my Junk Mail!
Case 1: The server-side filter made a mistake. In this case, you'll see the tell-tale [SPAM:XXXXXXX tag in the message subject. While the rate of "false positives" is very, very low at the 70% setting, every once in a while a non-spam item is falsely tagged and filtered into the Junk Mail folder. For this reason, we strongly recommend that you check this folder at least once every 28 days in order to catch and rescue any such errors. Also, please send the incorrectly tagged email (with full mail headers) to firstname.lastname@example.org so that we can try to prevent the problem in the future.
Case 2: Your local filter is at work. If the wrongly-filtered item is not tagged (that is, the subject does not start with [SPAM:XXXXXXX), then server-side filtering is not the cause. Rather, such emails indicate that some additional spam filtering is happening within your email program, even if you didn't realize it. We recommend that you turn off your local filtering, or spend the necessary time training it and checking the results.