ISD and Spam
- Why can't ISD prevent Spam from reaching my account?
- Why doesn't ISD contact Internet Service Providers?
- What is the legal position?
- Can nothing be done?
- How can I help?
Why can't ISD prevent it from reaching my account?
Our email hubs currently route 1 million email messages a day. In order to make a judgement on whether an email is junk or legitimate we would need to inspect every email. Clearly impossible. And while we are confident that all email generated from within UCL is for academic purposes, much of it is private and confidential. Of course when we are being spammed we could set up automatic system filters to filter out email from a particular site. We tried to do this when a lot of junk mail was coming from an Internet service provider called hotmail.com. Within hours we were receiving complaints from UCL users that they could not receive legitimate mail from that Internet service provider.
Why doesn't ISD contact the Internet Service Providers?
We do. But no password or authentication is necessary to send email. It is easy to disguise the true origin of email by putting in a false sender address. Try replying to the email and you will simply get it back with `address unknown'. To further disguise the origin junk email is often sent via an unknowing third party. Many email servers are configured so that if they receive mail, and there is no recipient for the mail on that machine, they will send back onto the Internet i.e. like putting `wrong address' an envelope and reposting it. This is called email relay. If a single email has 200 names in the recipient field, the server will decode this and send out 200 individual messages. Thus miscreants with even fairly low grade Internet connected PCs can steal the processing power of powerful email server/relays to send out thousands of messages. We have identified 127 departmental machines at UCL that can be used for unauthorised relaying. In fact there is clear evidence that some of these have been used to relay spam email.
What is the legal position?
We have contacted the lawyers who work for the SuperJANET networking authority, UKERNA, and the Computer Crime Unit at New Scotland Yard. We have been told there is no UK legislation to deal with this problem.
Can nothing be done?
More sophisticated filtering software can be put for our hubs. This will incur hardware expenditure as we do not have a test hub. However several departments have their own servers, and therefore College-wide filtering policies would need to be agreed.
We can refuse to accept or relay mail from external sites whose intended recipients are also external. To do this we have to be able to distinguish between local machines and external machines, using a technical mechanism known as `reverse DNS lookup'. This can only be done if all network connected machines at UCL have a name registered in the Domain Name Service. This is a mechanism that maps a name, such as lib.ucl.ac.uk to an IP number, such as 18.104.22.168. All machines managed by ISD have valid DNS names. Many Departmental unmanaged network connected machines have IP numbers, but not DNS entries. All of these machines will have to be properly DNS registered. A document is available on how to do this.
Individuals can set up their own filters in their email programs, at the risk of losing some legitimate mail.
See: Using filters
How can I help?
Unless you believe that the email is really personally targeted, and has originated from an UCL machine, the UKERNA advice and our advice is 'just junk it'.
This note is a summary, a more detailed exposition of the problem written by Adrian Barker is available at: http://www.ucl.ac.uk/UCL-Info/Docs/junk.email.html
Page last modified on 23 mar 10 15:39