All e-mail users have received some unsolicited mail. It is a fairly consistent interpretation that the e-mail is spam if the following conditions are true:

• The message has been sent to multiple recipients
  
• The essential content of the messages is the same
  
• Sending messages to recipients without their advance consent or approval

The message content itself is not important: it may be a commercial or non-profit ad, a scam or simply harassment of the recipient. 

Anti-spam at the Department of Computer Science

Anti-spam at the Department of Computer Science is automatic and pretty aggressive due to the fact that more than 95%, for some users even more than 99%, of the incoming mail to the department's mail system is spam. Some of the spam is blocked already at the "boundary", ie incoming mail from certain IP addresses will not be accepted. Other junk mail is delivered to a user's own Junk_E-mail folder.

The main ways to filter spam messages are listed below.

Mail from unknown (often fake) incoming addresses

One general check is to ensure that the DNS service knows the name of the sender's domain address. If not, the sender will be notified of temporary malfunction (specified as temporary, as the DNS service may have transient disturbances).

Mail servers known to send spam

Many agencies maintain lists or black lists of the computer's IP addresses known to send spam. The department seeks to use the most reliable lists. Sometimes there are mistakes in these lists and sometimes an ordinary home user can get a dynamic IP address from his Internet Service Provider which has been blacklisted because of the previous holder's misdemeanor. Therefore the department maintains a particular white list of IP addresses and routing areas (mainly the FUNET network).

Mail from the dynamically reserved network addresses

E-mail will not be accepted if the sending computer's network address is known to be in a pool of dynamically reserved IP addresses . These networks typically consist of DSL and dial-up lines and there usually are no mail servers - but there are spammers and compromised home computers. Real email is sent through the ISP's mail servers.

Bayesian statistical analysis

Each message content is analyzed statistically and an index is calculated for every message. The index describes the likelihood of it being a spam message. The filter also attempts to interpret  the content of gif and png images and Word documents. The calculated index is used for automatic filtering of the messages.

Viruses, worms and other malware

All known viruses, email worms, malware and some other suspect files (phishing attacks) will be filtered out. There is a local anti-virus program running on the mail server which detects viruses and makes them harmless but the safest way is to tackle viruses, worms and malware at the earliest possible stage.

All the incoming e-mail messages and their attachments are reviewed. The message containing a harmful file will be filtered out and and the note about it is sent to the recipient's Junk_E-mail folder. The notification message gives the type of file and the original message headers.

Messages caught during post-scans

After all other filtering all the IP addresses in the message's header will be checked. This way we can catch the spam that is sent to the Department of Computer Science system from somewhere else (for example, through mailing lists or @helsinki.fi or @iki.fi email address).

False error messages

We try to eliminate error messages which arise from the spam sent to somewhere else using a fake sender address and the address used is a department user's address. Those error messages are related to messages which never passed the department's mail servers.

What will a typical user need to do

Typical users will not normally need to take any separate measures to get the departmet's spam filters. All the mail that will be accepted but is filtered is sent to the users' Junk_E-mail folder. Spam is automatically deleted from the folder (the timer is currently 30 days).

In spite of everything, sometimes mistakenly classified spam mail ends up in your mailbox and sometimes messages incorrectly classified as non-spam end up in your Junk_E-mail folder.  Unfortunately this is part of the price we have to pay. Most likely an incorrectly classified message is a short message, often in HTML format, sent in English.

Restricting the problems arising from spam

FICORA recommends that e.g. an e-mail address on a web page be written in the form

firstname.lastname @ domain-name.fi.NOSPAM.invalid

and equipped with the instruction to delete the ".NOSPAM" as well as the ".invalid" string. You can use some other string instead of ". NOSPAM" but. ".Invalid" is an  identifier commonly agreed on for non-working email addresses.

There are other ways. You often see the "@" sign replaced by the word "at" or the entire address presented as an image. There is no way to know how useful such address scrambling really is. Typically if spammers have the address in their address lists, there it stays. In other words, if the spam is already coming, the benefit of scrambling may be limited.

The e-mail addresses of the people employeed by the university can be found in cleartext in the HY-mainari personal directory. The addresses on the Department of Computer Science Information website are listed in the scrambled form.

My own white lists

If a sender's messages seem to be incorrectly classified, users can contact the postmaster or use their own white lists.  At this time this must be done directly to the mailserver using the SqWebMail webclient and an appropriate control rule for each address must be defined.

Adding the rule is as follows:

   1. Sign in to the SqWebMail interface at http://mail.cs.helsinki.fi/sqwebmail. (You can read your mail using SqWebMail but it is not recommended.)
   2. Go to the web interface on the "Edit Mail Filters" link at the top of the page.
   3. Enter the following information in the "Edit / Add mailfilter" form:
          * Write "Rule name" - an optional rule name, such as the sender's name.
          * Click on "Condition: Header" and enter the "From" address.
          * Choose the pull-down menu, select "contains" and enter the address you want to whitelist.
          * Click on "Action: Save in:" and choose the pull-down menu, select "INBOX" (default setting).
   4. Press "Submit".
   5. Press "Save All Changes". The mail rule is applied immediately.
   6. Finally, you can log out at the top right "Log Out" link.

 All the department's spam filters will be run after your own rules.

Legal Basis

The Department of Computer Science at the University of Helsinki right to filter its users' e-mail (ie, prevent them from receiving messages)  is based on the rights conferred in the Electronic Communications Privacy Act  20§ and 29§.