Network Engineering uses several tools to help keep spam from reaching your mailbox.
OSU implemented greylisting at the campus mail relays on October 30, 2007. At that time, statistics showed that greylisting reduced by over half the amount of spam that arrives in OSU email accounts.
Greylisting works by sending a temporary failure message on the first attempt of a unique combination of sender IP, sender and recipient. Legitimate, properly-configured mail servers deal with a temporary failure by queueing the message and resending later. (Resend times vary, but 15-30 minutes is typical.) On subsequent attempts to send a message, the greylisting server allows the message to be delivered.
Greylisting works as an effective method to prevent spam because spammers typically do not bother to queue mail. Rather they blast the spam out once and ignore delivery failures.
The downside of greylisting is that it may cause a legitimate message to be delayed (typically for about 30 minutes, although this depends on the configuration at the sending server). Messages may also appear to arrive out of order, as subsequent messages from the same sender are not delayed. This will only happen the first time that a new sender tries to send to a new recipient.
Sites that have implemented greylisting address these issues by building up a comprehensive whitelist. That is the approach we are taking as well. We have already whitelisted several sites that OSU communicates with on a daily basis. If there are sites that you are concerned about, please send us a list at net (at) oregonstate.edu, and we will add them to the whitelist.
NOTE: Greylisting does not apply to email sent within OSU.
An RBL is a list of hosts that are known spammers or open relays (misconfigured mail servers). When we receive email from one of these sites, we bounce the message back to the sender explaining that they are in an RBL and providing directions to get delisted from it. We also block mail from dynamic IP ranges, because mail servers should never have a dynamic IP. Finally, we block mail from dialup users and cable modem users - these users must relay through their ISPs mail server rather than sending directly to us (a trick often used by spammers).
We use the following RBLs at OSU:
If you are having trouble receiving mail from another site because they are listed in one of these RBLs, please tell the person at the remote location to contact their e-mail administrator or ISP and give them the information in the bounce message that they received from OSU. Contact us at net(at)oregonstate.edu if the sending site is unable or unwilling to get delisted - we may be able to help them get delisted, or simply add them to the allow list.
In addition to RBLs and greylisting, we maintain a custom block list for OSU. When we receive complaints about senders or hosts on the Internet spamming OSU addresses, we put in a static block for that site. Sometimes the block is a sender address (such as email@example.com), or an IP address. In some cases we will block an entire domain name (e.g. everything @foo.com) or a block of IP addresses that seem to be in use by spammers.
We treat messages that are detected as phish the same way that we treat virus emails: they are discarded at the mail relays. In addition, we block the reply-to address on phishing emails so that if anyone at OSU tries to reply to a phish, their message will not go to the phisher. Users who have responded to a phish with their username and password will typically have their OSU account disabled, and will be asked to change their password.
Despite our best efforts, some phishing emails still make it through. Please never send your password in email, and be careful with your personally identifiable information such as credit card numbers and social security number.
All messages coming into OSU from the Internet are tagged with SpamAssassin headers. These headers indicate the likelihood that a given message is spam. You can use these headers to filter mail that is likely spam into a junk folder. For more information, see the SpamAssassin page.