Spam at the University of Hawaii
Spam on the Google@UH email service is managed by Google. Email messages that Google deems highly likely to be spam will not be delivered to your mailbox and are instead placed in the folder labeled "Spam" (or "Gmail/Spam" if using a mail client). Messages in the spam folder are held for 30 days then automatically deleted.
- What is spam?
- Why am I getting all this spam?
- What is ITS doing about spam?
- What can I do about spam?
- Is there anything I can do about messages that are incorrectly marked as spam?
- Even with all this, I still receive spam!
- Reporting a suspicious email regarding University of Hawaii
Spam is unsolicited email messages sent to your account. Spam is also referred to as "unsolicited commercial email" and "unsolicited bulk email". They range from harmless advertising to potentially offensive (complete with pictures). Spam is very similar to "junk mail" that you receive in your regular postal mailbox.
Spammers (the people who send spam) "harvest" email addresses from various places. If you have done anything on the Internet at all (register a software product, participated in a online discussion board), your address could potentially be harvested by spammers.
Even if you hardly do anything on the Internet, as long as you have some kind of presence (even just an email address), your address could still be the target of spam messages. Spammers have been known to launch attacks similar to "cold calling"; they'll keep trying email addresses until they find a valid one. For example, a spammer could send a message to hawaii.edu addresses and just use all known common first names before the @ sign. The invalid ones will bounce, but the valid ones will get delivered.
Google uses a combination of algorithms and reporting tools to protect against spam, viruses, and phishing attacks. Using the same advanced computing infrastructure as its search engine, along with a vast community of users, Google touts having one of the best spam blockers in the business.
For more information on Google and spam, click on http://www.google.com/mail/help/fightspam/spamexplained.html.
- Look over your Inbox and manually delete messages that seem suspicious before you begin reading your new messages. Examples of suspicious messages include:
- messages with missing or strange subject lines
- messages with attachments that you were not expecting
- Minimize any unnecessary public display of your email address in order to limit your exposure to spammers who "harvest" email addresses off the Web. This is an unfortunate trade-off that each person needs to make for themselves, but addresses that are never seen are less susceptible to spam.
- Most current email client software have some form of spam blocking built in. You can setup your email client so that it either marks suspicious messages as spam or moves these messages to a separate folder. Please be sure to test these settings very carefully to ensure that you do not create false positives and lose emails that are important to you.
- Do not reply to spam messages asking the spammers to stop; this will confirm that your email address is valid.
- Disable remote image or HTML image loading in your email client.
- It is critical that you turn off the message preview pane if you are using an email client such as Thunderbird or Outlook. This will help prevent you from inadvertently opening a spam message.
- Report spam sent from a hawaii.edu address to email@example.com. Please include a copy of the message with full mail headers.
Note that the firstname.lastname@example.org address is just for reporting spam. Any questions should be sent to the ITS Help Desk at email@example.com.
- Contact the sender of the message and let them know their messages are being quarantined as spam. There could be some misconfiguration on their mail server that is causing their messages to be tagged.
- Add the person to your contacts and/or create a filter so messages from a particular sender do not go to the spam folder. http://support.google.com/mail/bin/answer.py?hl=en&answer=9008
Spammers are very aggressive in finding new ways to get their spam through any protective measures. ITS is making a concerted effort to isolate spam email before you receive it. But given differences in perception, there will never be a way to automatically identify 100% of spam without also blocking some amount of email that would be considered legitimate. It is very important that spam blocking is not overly aggressive such that legitimate email is also blocked. There are other emerging approaches to dealing with spam. Some involve the use of specialized or single-use email addresses and many of which require some amount of manual intervention at least once on the part of the sender or receiver to identify legitimate messages. ITS will continue to monitor the tools available to do our best for our email users.
To report a suspicious email saying it's from the University of Hawaii and asking for confidential information:
FIRST: Check to see if the phishing attempt has already been reported by looking at the Security Alerts listing on http://www.hawaii.edu/its/
- If the suspicious email is claiming to be another organization, e.g., credit union, bank, etc., forward it to the abuse team of that company. There is no need to forward other company's phishing scams to firstname.lastname@example.org
- forward a copy of the message with full mail headers displayed to email@example.com
To display the full email header in Google@UH Gmail (webmail):
- Log in to Gmail using a web browser.
- Open the message you'd like to view headers for.
- Click the down arrow (says More) next to Reply, at the top of the message pane.
- Select Show Original.
The full email headers will appear in a new window. Copy and paste full email header into the forwarded message.[to get full mail headers for other email clients, please see http://www.hawaii.edu/askus/895 ]
If you would like to receive phishing notices by email, go to http://www.hawaii.edu/its/notices/index.php and subscribe to our phishing-alert email list.
To prevent compromises:
- NEVER send your password or other confidential personal information in an email message, even in reply to a message that appears 100% genuine. No responsible entity requests information this way.
DO NOT REPLY to suspicious or spam mail. It just tells the spammers/hackers that they've hit a valid email address.
if you receive a message asking you to "reactivate your account", "validate your account", or "get more email quota", DO NOT click on the weblink and enter your username and password
make sure you're up-to-date with all operating systems (e.g. Windows) updates
make sure you're up-to-date with any anti-virus and anti-spyware updates
review document Securing your Desktop Computer
don't save passwords to your email account on your system, it might take a few more seconds to login manually, but it might save you hours of time cleaning up after a compromise
If you suspect that you are compromised...
- Please review our article: http://www.hawaii.edu/askus/892