Dealing with spam at the University of Delaware

The rapid growth in the amount of unsolicited bulk email (i.e., spam) is a major problem for all email users. Not only is spam an annoyance, but it can sometimes be a vehicle for perpetrating fraud, spreading "malware" (viruses, Trojan horses, worms, etc.), and harvesting information about you.

Unfortunately, there is no way to eliminate all spam. Since spammers continually change their messages in an attempt to make them appear legitimate, some spam usually gets through to email inboxes. Legitimate email, perhaps received from a legitimate mailing list or a vendor doing business with the University, can also be misidentified as spam. Each email user needs to develop his or her own way of identifying spam and deciding how to deal with it.

The following information will provide you with some guidelines about how spam is identified, spead, and reported to authorities.

What is spam?

There are many definitions of spam. Most agree that email can be classified as spam if it is unsolicited, sent out as a "mass mailing," and of a commercial or a malicious nature.

It is difficult to be sure which messages are spam; however, anti-spam software and filters use a variety of attributes to help figure out the probability that an email message might be spam.

The following is a non-inclusive list of some of the attributes that can contribute to an email message being classified as possible spam:

  • embedded images
  • erroneous HTML coding
  • "garbage text" at the end of a message's subject line
  • an HTML message without plain text alternative
  • invalid or missing recipient address
  • lines of text in all capital letters
  • missing "To:" field
  • no recipient listed
  • originating address not a "real name"
  • originating address previously identified as one used by spammers
  • recipient address not listed in "To:" or "Cc:" fields
  • unusual font colors
  • "key phrases" in the subject or body of the message—for example, free, limited offer, click here, act now, risk free, lose weight, earn money, get rich, work at home, 100% guarantee, and the names of different parts of the male or female anatomy.

Most anti-spam software tallies the number and severity of spam-like attributes for each message to assign each message a spam score. The software can use that score to determine what happens to that message.

How can I reduce the amount of spam I receive?

You can filter most of the spam out of your inbox using filters in your favorite email client. But the best way of avoiding spam is to use your udel.edu email address wisely.

Once your email address is in circulation, it's hard to stop getting spam. Your best bet, then, is to keep your email address out of the hands of spammers:

  • Do not list your udel.edu email address in clear text on any Web page. If you need to place contact information on a Web page, make a link that appears on your page like that shown in the example below:
    Source Code Resulting Text
    <a href="mailto:traina@udel.edu">Contact Me</a> Contact Me

    Making this change will make it one step harder for spammers to harvest your email address. 

  • Don't make personal purchases using your udel.edu email address. Instead, conduct "personal business" using a free email account at places like yahoo or gmail. 
  • Do not respond to unsolicited email and spam. Your reply or "unsubscribe me" message validates your email address for spammers. And if you buy something from spammers, your inbox may be filled with a staggering amount of new spam. 
  • When subscribing to an online newsletter, purchasing something online, or enrolling in any online service, review the organization's privacy policy and always choose to opt-out of any solicitations that you do not want. Think carefully about accepting any solicitations or "special offers," as mailing lists do get sold from company to company.
  • Be careful where you go on the Web. Some X-rated sites, for example, will glean your email address if you view their free tour area.
  • Be careful about downloading and installing "free" software. Such software often contains spyware used to harvest your email address, your Web-browsing habits, and other information suitable for mass e-marketers.

What should I do with spam I receive?

Our general advice is that you should delete and ignore any spam that does make it through. More specifically, here is the advice given by University of Delaware Police:

If you purchased an item, and within hours you are receiving mail from that particular company, chances are you inadvertently left a box checked. . . . [R]espond to them and have your name removed BEFORE they share your address with a "trusted business partner." If you don't act quickly, you've left the door open. If the unsolicited email is from a "known" company with a "good" reputation, you can usually find it safe to respond and request to be removed from a mailing list. Be aware, however, that spammers will sometimes send you what appears to be an email from a Fortune 500 company with a link on it to the spammer's Web site.

[Y]ou should regard all other unsolicited emails as coming from a disreputable source. . . . [U]nder no circumstances should you reply to their published "mechanism" for removing your name from their list. They may reply and say they have removed your name, but in reality you [have] provided them, in your reply, with your name, your email address, and your IP address. . . . If your email [includes] your v-card, you may have sent them your business and home addresses and phone numbers, including cell phones, pager, etc.! Yes, the mailer may remove you from the mail list you requested (as the law requires), but what about the other lists they maintain and sell? (From University of Delaware Police document, "What is Spam?")

You can also choose to report spam that you feel is illegal. According to the Federal Trade Commission (FTC), there are two places you can report spam:

  1. Forward egregious spam examples, deceptive messages, or examples of "remove me" requests not being honored to uce@ftc.gov.
  2. Report spam to the sender's ISP.

The FTC also suggests reporting spam to your ISP. However, since the University needs to be careful that legitimate email does not get blocked by any campus-wide anti-spam measures, the University does not recommend reporting spam to the IT Help Center.

If you decide to report spam to the sender's ISP or to the FTC, make sure that you forward the message with its full headers displayed.

Please be aware that the FTC can do very little about spam that originates outside the United States and that some ISPs make money from spammers using their services.

In short, reporting spam may make you feel better, but it may not have much effect on the amount of spam you receive.

Where can I get more information?