Rutgers, The State University of New Jersey
OFFICE OF INFORMATION TECHNOLOGY | RULINK HOME

Spam processing for RULink

Spam is an increasing headache for all of us. For some people, it's a bad enough problem to make mail almost unusable. RULink has several features to control spam. This document will cover the following items:

In addition there is a section at the end on Technical Details.

Spam control for people who use addresses @rutgers.edu, but don't read mail on RULink

RULink provides support for addresses ending in @rutgers.edu. Many people use this without realizing that they are using RULink at all. E.g. if you have a netid of jsmith, and read mail at RCI, you can have people send mail to jsmith@rutgers.edu. As long as you have registered your RCI email address, RULink will forward mail sent to jsmith@rutgers.edu to your real email address, which is jsmith@rci.rutgers.edu.

It is also possible to register "friendly addresses", such as john.smith@rutgers.edu. Again, RULink handles those addresses, but forwards mail to RCI, Gmail, or any other system where you actually read your mail.

When RULink forwards mail to another system, it automatically provides spam control. RULink uses a system called "Spamassassin". Our copy is configured to check a variety of databases of known spammers. It also checks mail for words and phrases that are commonly used in spam. If there are enough signs that the message is spam, it will be discarded or saved in the user's mailbox on rulink.

The user can control how sensitive the test is. If you go to http://rulink.rutgers.edu/admin, and choose "Spam Control", you'll see a screen that lets you choose a value from 5 to 10. We recommend 5. However it will sometimes reject real mail as spam. 10 should be safe, but it will be less effective at catching spam. The default, which applies if you don't do anything, is 10.

If you are forwarding to an address within Rutgers, you can also disable spam processing. We recommend this if you are happy with spam processing on the system where you read mail. We don't allow you to disable spam checking for addresses outside Rutgers, because many ISPs blame Rutgers for all spam they get from us, even if we're just forwarding mail from another system.

We normally keep a copy of spam in your rulink inbox. That lets you go back and look at the mail that we thought was spam, to see how well filtering is working. It normally goes into your inbox. After all, users who forward their mail aren't normally using their rulink inbox for anything else. However if there is a folder called "spam", and that folder has been set to receive mail (which is not normally the case), then spam is put into that folder rather than the inbox. It is automatically deleted after 14 days.

A few users are set so that one copy of mail is forwarded and another is delivered on rulink. In this rather unusual case, we simply discard the forwarded mail that is classified as spam. It doesn't make sense to put it into the inbox, since the user is already getting copies of mail in their inbox.

There is one feature that you can control for messages forwarded to another system: "Greylisting." This is a feature that will significantly reduce the amount of spam you get, but has some disadvantages. Please see the Greylisting section for details.

Spam control for people who read mail on rulink

For most people, RULink simply forwards mail to the system where they actually read mail. However RULink is a full-featured mail system, so you can actually read mail directly on RULink. To do this, you connect to http://rulink.rutgers.edu/admin, select "Manage Mail Delivery", and then select "I will read mail on this system".

Some departments use RULink as a departmental mail system. Users in those departments normally read mail on RULink, so they are covered by this section.

If you read mail on RULink, you control what type of spam processing is done. By default, there is no spam checking.

To enable spam processing, connect to http://rulink.rutgers.edu/admin, and select "Spam Control." If you have not set up spam processing there will be a link, "Turn on spam filtering." Once you have done that, you'll see a menu that lets you control details of how spam processing is done, if you want to.

At this point I recommend clicking the box "Use LCSR's Spamassassin", and setting the score to 5 (instead of the default 7). The options are explained later on that page.

There is special feature that you can control: "Greylisting." This is a feature that will significantly reduce the amount of spam you get, but has some disadvantages. Please see the Greylisting section for details.

Greylisting

Greylisting is a technique intended to fight spam. It uses a database containing entries for everyone who has sent you mail in the past. The first time you get mail from someone who hasn't sent it to you before, the message is rejected with an error message requesting the sender to try again later. Most spammers use software that doesn't retry. So this will reduce the amount of spam you get by 1/2 to 2/3. In addition, by delaying the email, it gives time for the spam "black lists" to discover this particular spammer. So even if they do retry, there's a good chance that they will now be listed in a black list.

While Greylisting is a fairly effective precaution, it has one serious problem: it causes the first email from a given person to be delayed up to an hour. This can be a problem in some situations. E.g. if you register with a site, they often confirm your registration by email. This will probably be the first email you get from the site, so it will be delayed.

For this reason, we recommend that you set greylisting only if other types of filtering aren't good enough.

Note that greylisting works for forwarded mail as well as mail delivered on rulink.

To enable or disable greylisting, connect to http://rulink.rutgers.edu/admin, and select "Spam Control." Down the page, under "Advanced Options" you will find a link to "Set greylisting" (or remove it if it's currently set).

How to avoid getting spam

Spammers make some attempt to guess email addresses. However in most cases, we believe that you get spam because your email address appears in public. The most common place is web pages. Spammers often search web pages for email addresses. Other web-based services are also possible targets.

We don't think simply having an email address at Rutgers leads to spam. I have a test user on both rulink and RCI, set up to look exactly like a faculty member. It gets no spam.

We recommend against having departmental directories with email addresses. It is probably OK to have a web page that says at the top "all addresses on this page are at RCI" and then list just the part before the @. Some people have tried to make addresses harder to recognize by writing out the @, e.g. "user at rci.rutgers.edu". We believe spammers are onto this trick.

Technical details

Rutgers has recently gotten in trouble in the past with various ISPs because they believe we are the source of spam.

This doesn't mean that our systems were actually the source of spam. However spam is increasing, and ISPs are getting progressively more hair-trigger in the things they do to cope with spam. Some of their efforts affect innocent third parties more than the spammers, in my opinion.

For example, if a user at Rutgers forwards their email to an ISP, the ISP sees any spam received by the user as being due to Rutgers, because the mail arrives at the ISP from Rutgers. Thus if the user complains about getting spam, Rutgers may get blacklisted.

For this reason, a number of ISPs are demanding that Rutgers not forward email. We've gotten requests not to let anyone forward, to prohibit vacation messages, and even not to send error messages.

This has affected the way email is processed by RULink:

 

BACK TO TOP

For more information, contact rulink-support@rutgers.edu
© 2007 Rutgers, The State University of New Jersey. All rights reserved.

 

Search Rutgers