About Spam

This section discusses the unsolicited e-mail messages commonly known as spam.

On this page

Why does spam exist?

Everyone finds it annoying, so why does it keep happening? Spam persists because:

  • regular e-mail is inherently insecure, which means that e-mail messages are easily forged, enabling spammers to avoid detection.
  • spamming is a business with a very low barrier to entry. In other words, the startup costs to become a spammer are very small, so every day new people are trying it.
  • sending spam is inexpensive. Do you have 100, 1,000, or 1,000,000 messages to send? Each costs about the same amount of money.
  • some people open spam. Even if a very small percentage of people open a particular message and buy something, that's still enough for spammers to turn a profit. People continue to spam because they continue to profit from it.
  • e-mail works internationally, so if it's illegal to send in one country, spammers can simply move their operations to another country.
  • zombie computers are sending it, enabling spammers to avoid detection.

There are a number of other reasons, but in any case spam is currently a very difficult problem to solve completely. At UCSF, we're doing the best we can to keep the problem to a minimum.

How e-mail reaches you (or not)

To better understand how to deal with spam, it's helpful to understand the path an e-mail message takes to reach you at your UCSF e-mail account. This enables you to understand how spam can be deleted as well as what might be happening to legitimate messages that seem to disappear.

1.

A message is created and sent to your e-mail address.

If this message is spam, it might originate with a human spammer running a script or other program which automates the process for him or her, or it might be a zombie computer—a computer that has been compromised by a hacker and used to send spam, usually without the knowledge of that computer's owner.

2.

A computer at UCSF reviews and acts upon the message in order to weed out spam.

This computer is a spam filter, sometimes referred to as a spam firewall, which removes spam and potential spam before the message reaches your e-mail application.

First, we check whitelists and blacklists...

 

If the message is from a sender on your whitelist

it is delivered to your e-mail application (go to step #3 below). You can specify that messages from certain e-mail addresses or e-mail domains will always be delivered to you by adding them to your whitelist, which you can edit in Spam Firewall preferences.

If the message is from a sender on your blacklist

it is deleted. You can block e-mail addresses or e-mail domains by adding them to your blacklist, which you can edit in Spam Firewall preferences.

If neither whitelist nor blacklist,

the message is assigned a spam score. The spam filter makes a calculated guess as to how similar the message is to previous messages known to be spam. A spam score value between 0 and 10 is assigned to the message: 0 = least likely to be spam, 10 = most likely to be spam. You can control what happens to these messages in Spam Firewall preferences. (Go to the next line below.)

 

Next, one of four things happens to the message based on its spam score:

 

The message is delivered untagged

if it has a spam score lower than your Tag setting in Spam Firewall. "Delivered untagged" means that the message is delivered to your e-mail application and the subject line is not modified in any way. Next: Go to step #3 below.

The message is delivered tagged

if it has a spam score higher than your Tag setting but lower than your Quarantine setting in Spam Firewall. "Delivered tagged" means that the subject line is modified to include [Spam?] at the beginning, then the message is delivered to your e-mail application. Next: Go to step #3 below.

The message is quarantined

if it has a spam score higher than your Quarantine setting but lower than your Block setting. These messages are held for 30 days and are available for you to retrieve by examining your quarantine list in Spam Firewall. These messages never reach your inbox unless you explicitly request their delivery.

The message is blocked

if it has a spam score higher than your Block setting. These blocked messages are deleted at the server, and you will never see them. The default Block setting is 7. Messages scoring above 7 are most likely to be spam.

 

For more details on adjusting server-side spam filtering settings, see Spam Firewall.

3.

Your e-mail application reviews and acts upon the message in order to weed out spam.

Messages may be delivered to your inbox, deleted, or quarantined based on spam filtering settings in your e-mail application. The details of this filtering differ based on the e-mail application you use. Consult the online help or vendor of the e-mail application for help with its spam filtering features.

If a message is not quarantined or deleted by your e-mail application, it is delivered to your inbox.

4.

A message appears in your inbox.

Messages that reach your inbox have had an arduous journey, having gotten past both the UCSF spam filter and your e-mail application's spam filtering.

Resolve spam problems

Do both of the following:

  1. Review and adjust server-side spam filtering settings: Spam Filter Settings.
  2. Review and adjust client-side spam filtering settings. How to do this depends on the application or device you use. For help, call the IT Service Desk at 415-514-4100 (available 24x7x365).

More info

Go to: E-mail