Skip navigation.
New Mexico State University

ICT Security Recommendations and Warnings

Stopping SPAM

NMSU is doing all that we can to battle the SPAM problem that proliferates the internet. We are currently filtering over 500,000 spam and virus messages per day here on campus! Unfortunately, due to the many tricks that spammers use, SPAM is a very hard thing to classify and stop. No filter will ever be perfect, but we can help tune your preferences to hopefully relieve you of some of the SPAM you receive.

The SPAM filtering system at NMSU is handled by a product called Sophos PureMessage. All incoming and outgoing email messages pass through PureMessage. The PureMessage filter looks for certain message characteristics and performs actions on the message when these characteristics are found. There are four basic categories that PureMessage uses to categorize email; spam, virus, suspect attachment, and other.

PureMessage contains several hundred spam tests that analyze individual characteristics of each message. Each of these tests has a numerical weight. When a message is analyzed by PureMessage, the weights from all the spam tests that matched the message are added up and converted to a spam score that expresses the message's "spam probability".
If a message is found to have a spam probability of 50% or more, it is copied to the PureMessage Quarantine. For mail coming into NMSU campus PureMessage also delivers these messages, but alters the message's subject heading to show its spam probability.
For messages found to contain viruses, the original message is moved to the quarantine and a notification email is sent to the recipient that a virused email addressed to them has been quarantined.

Depending on if the offending message is identified as spam or virus, PureMessage adds "PMX: Spam" or “PMX: Virus” to the subject header of the message received by the final recipient. Either of the modifications can be used to configure filters at recipient email servers or in the clients email program simply by filtering for PMX: in the subject line of the email. For example, for users of my.nmsu.edu we have created a SPAM folder for each user where email with PMX: is filtered to so that it does not end up in the user’s inbox.
For mail leaving NMSU campus, mail that is found to have a spam probability of 80% or higher is quarantined and not allowed to leave campus. If your mail is not currently being filtered, you can create a client side email filter to drop tagged messages into a folder of your choice. For more information visit our client-side filters page.

Suspect Attachments and Quarantine Digests

The following is the current list of attachments not allowed to flow through the NMSU email system;
*.adp, *.bas, *.bat, *.chm, *.cla, *.class, *.cmd, *.com, *.cpl, *.crt, *.exe, *.hlp, *.hta, *.inf, *.ins, *.js, *.jse, *.lnk, *.msc, *.msi, *.mst, *.ocx, *.pcd, *.pif, *.reg, *.scr, *.sct, *.shb, *.shs, *.url, *.vb, *.vbs,*.vbe, *.wsf, *.wsh, *.wsc, *.???.exe, *.???.lnk, *.???.pif
When the PureMessage filter detects that a message contains an attachment that is in our disallowed list, the message is stored in the PureMessage Quarantine instead of being delivered. PureMessage then does one of two things, depending on whether the email is incoming to NMSU or has been generated from inside of NMSU.
For suspect attachment emails that are incoming to NMSU, a quarantine digest email is created. Quarantine digests are email messages generated by the PureMessage system and sent to the original recipient of the message, listing the user's quarantined messages. Quarantine digests display the quarantine message ID number, the message's "From" address, the message's "Subject," and an explanation for the quarantined message. Users can release a single message from the Quarantine by clicking on the ID number. This generates an email to PureMessage; the message is automatically released. To release all listed messages from the Quarantine, users can simply reply to the message.

For mail containing suspect attachments originating inside of NMSU, the mail is quarantined and a non-delivery notification is sent to the sender of the email. There is no way to release an email for delivery that has been generated inside of NMSU. The delivery notification failure is to notify the user that the type of attachment they sent is not allowed
The reason that notifications of outgoing spam mail that has been quarantined are not sent is that most spam uses forged sending addresses and this would result in users getting many false positive notifications for spam that they have not really sent.

All Other Email

Any email that flows through the PureMessage system and is not found to contain spam, viruses or suspect attachments is classified as other and considered to be “good” mail. This good email is delivered as normal email to its destination.

Click Here for Instructions on Setting Your SPAM Preferences

 

But Why do I get so much SPAM?

One reason some people get more spam than others is simple; their e-mail is on more spammers' lists than others. If your e-mail address has every appeared on a webpage, or in a public forum, or especially if you've signed up for an online contest or promotion that asked for your e-mail address, chances are it has been harvested by spammers (including spammers representing porn sites).

Another thing that happens quite often that causes a person to be more highly targeted for spam is when they are infected with adware/spyware on their computer. Many of these programs sit working in the background, helping spammers to identify you as a target for SPAM. One thing you can do, besides the obvious running of updated virus scan and firewall products, is to run a spyware checker such as spybot. Spybot can be downloaded from one of the mirrors at http://www.safer-networking.org/en/mirrors/index.html The most current version of spybot has an automatic update funtion which allows you to make sure you can scan for the most common and current adware/spyware known. Many times removing this adware/spyware will stop much of the unwanted SPAM you receive.

The next thing you can do is look at your mail client. Many of todays clients can be "taught" what you consider to be SPAM and will throw those messages away for you, either through purchased add-on components, or as part of their regular functionality. Mozilla and Netscape mail are very good examples of mail clients that will do this for you for free!

Finally, if you are at your wits end, and are being totally bombarded with SPAM that you can't seem to stop, you can forward some of the spam messages to abuse@nmsu.edu or help@nmsu.edu, with full-headers enabled. The full headers show exactly where the SPAM is coming from and allow us to dig more deeply into the problem. Different e-mail programs handle headers differently -- once you figure out how to send with headers, forward the message(s) to abuse@nmsu.edu. For example, if you are using NMSU webmail, you have to click the " message source" link while viewing that message, and copy and paste that into a new e-mail.