Spammers continue to vary their tactics with passing years or even resurrect old tricks, says Mark Borrie, information security manager at Otago University. The Sophos PureMessage spam filter the university adopted in 2004 is still giving excellent service, but recently a problem with spurious bounce messages has re-emerged. It appears spammers, after a period of using fictitious ‘From:’ addresses, have turned again to picking up real addresses. The result is a swarm of fictitious “non-delivery” messages that implies the recipient has been sending spam, and are a major annoyance in themselves. If the bounced message includes the text of the original spam the Sophos filter will stop it, though the university has had to develop a strategy to deal with the rest, says Borrie. It is inadvisable to stop all bounced messages, as some may be due to a typing mistake by the sender of a genuine message. Users now receive a digest of such bounced messages, so they might get two such digests a day rather than 200 individual messages.
The filter is on the university’s main mail gateway to deal with all spam, no matter what platform or mail clients it is destined for.
A strong feature of PureMessage is its regular scoring of mail sources, derived from spam traps that Sophos runs throughout the world. If a site is blacklisted as a source of spam, messages from that site will be rejected at the university’s gateway.
Otago University receives about 1.7 million email messages a day, with about half of them rejected by the filter. A large proportion of the rest are quarantined for more detailed evaluation and only 80,000 to 100,000 genuine messages are passed through each day.
There was a surge in spam earlier this year — a 40 per cent increase in volume in 40 days, says Borrie. It was the successful experience with Sophos’s anti-virus software that encouraged the university to adopt that company’s anti-spam filter. When spam does get through and a user complains, Borrie tests it and the filter will usually have already been updated so the spam will be blocked if sent again.
Fairfax Business Media
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.