CWU banner, your future is Central.  
CWU Home   Applications   Helpdesk   Networks   Resnet   Telecom   Training
  A-Z SITE INDEX  
  Web Office   Wireless   ITS Home   
Pictures from around campus

Networks - Spam Information
Back to ITS
Back to Previous Page

Processing of SPAM mail at CWU

One of the components of the cwu.EDU email domain is an application, typically called a SPAM-detection engine. This component examines all email messages that have been identified as having an origination point external to the CWU network and attempts to assign the messages to categories from which email routing and delivery decisions will be determined.

The SPAM-detection engine produces its assignment of email messages to categories by performing an examination of the email message headers and the message body, including any attachments. During the examination, a collection of rules provided by the application product vendor and local cwu.EDU email domain support staff are applied to the email message resulting in a numerical value for the message. This numerical value is compared to site-defined threshhold values that identify the message as non-SPAM, SPAM or quarantined SPAM:

  1. a non-SPAM message is passed on to the next cwu.EDU email domain processing component;
  2. a SPAM message has the token [SPAM] placed on the message's Subject: line and is passed on to the next cwu.EDU email domain processing component;
  3. a quarantined SPAM message has the token [SPAM] placed on the message's Subject: line and is removed from the cwu.EDU email domain processing stream - ie, it is not delivered and placed in a quarantine area for a site- defined period, currently 14 days, after which it is deleted from the cwu.EDU email domain servers.

Within the SPAM-detection engine there are facilities provided for use by sites in customizing message handling for implementation of individual site email policies and for cutomizing message handling for email messages from specific sources. These facilities include, but are not limited to, assignment of trusted sources, assignment of rejected sources, addition of local site- composed rules and revision of the numerical value corresponding to individual rules.

The results of passage through the SPAM-detection engine are provided to the message recipient via the addition of message header lines prefixed with the pattern X-PMAS-. These lines contain an identification of the rule, a text description of the rule and the numerical value corresponding to the rule. Messages which typically receive high SPAM-detection scores are those which utilize formats, attachments and message body content that have been adopted by the community of email sources that participate in unsolicited advertizing activities, distribution of pornography and other questionable information content and identity theft attempts and other criminal activities.

Some specific examples are:

  1. use of HTML message bodies over plain/text message bodies;
  2. embedding of URLs/URIs in message bodies;
  3. unnecessary/invalid encoding of message bodies;
  4. embedding of graphic images in message bodies, especially images which contain URLs/URIs within the image.

More information on SPAM can be found at these links:

  1. Distributed Senders Blackhole List
  2. MAPS definition of "spam"
  3. Spamhaus definition of "spam"
  4. www.Google.com and search form SPAM

Thanks to Bill Glessner for contributing this information.
Contact Information
ITS - Networks
400 E. University Way
Ellensburg, WA 98926
Phone (509) 963-2924
Email: networks@cwu.edu
Central Washington University 400 E. University Way, Ellensburg WA 98926 This Site Optimized For Newer Browsers.
Go back to Central's main page