skip to main content
Caltech
Information Management Systems and Services
IMSS  /  Services  /  Email, Calendar & Messaging  /  Email Features  /  Spam and Junk Email

Spam and Junk Email

An unfortunate "feature" of the modern Internet is junk email of various kinds. This not only includes unsolicited commercial email ("spam"), but also attempts to recruit people into criminal schemes, messages sent by mass-mailing viruses, and messages sent by misconfigured email scanning programs to an innocent person claiming that that innocent person sent a virus or piece of spam. To this can be added plain old harassment, by a person who keeps sending you email you don't want in a way that's hard to filter.

This page offers some things you can do about this sort of email and some things you shouldn't do. But first, some facts about junk email.

Junk Email

In Office 365 Exchange, there is an option to automatically filter suspected junk email. When enabled, Exchange will move suspected junk mail to a folder named "Junk Mail." It's advisable to check this folder periodically to make sure any valid mail is not filtered.

Instructions

Facts about junk email

There is no way for IMSS to simply block all of this junk.

You might think "why can't Caltech or IMSS or someone just stop all of this junk from getting to my mailbox"? The answer is that while some mail is obvious junk, there is quite a lot where it is hard to tell. In fact, what is desirable one day can become junk a week later (for example, if you sign up for emailed news updates about some topic which you soon find you don't care about, and can't figure out how to get the senders to stop sending you). No computer program can discriminate between junk email and desirable email with 100% accuracy, and IMSS does not want to throw away legitimate email in the name of stopping junk email, as the consequences could be disastrous (imagine a faculty member not receiving an important email while trying to meet a tight deadline for a multimillion dollar funding proposal, for example).

Caltech also has a dedication to academic freedom and the free exchange of ideas, and it would not be right for a Caltech department to stop academic colleagues of people on campus from communicating with them just because their mail happens to come from locations frequented by junk emailers.

Please believe us that if IMSS could block all of the junk, we would! A significant fraction of our mail servers' performance is wasted due to having to process junk email.

There is usually no way to track down the senders of junk email, or to stop them from using forged "From" addresses.

The SMTP protocol that underlies the sending and processing of email was designed for a more trusting Internet. In particular, there is no requirement, when connecting to a mail server, that you prove in any way that you are who you say you are in the "From" address. Fly-by-night operators thus set up accounts with large services like AOL or Hotmail, send out spam for a short time (often with a forged "From" address), then close the account and move on -- by the time anyone decides to complain, the account no longer exists. Sometimes junk mail is sent with a Reply-To email address of a real, innocent person, but really came From another address entirely. Junk emailers are also using "spambots" - programs installed on other people's computers by tricking them, or by exploiting security flaws. In such a case the person who owns the computer which is actually sending the junk email doesn't even know that it's happening.

Some mail servers are beginning to require authentication for outgoing email to hinder spam relaying. The IMSS email servers themselves require authentication of outgoing email if you are trying to send mail using your Caltech email account.

Caltech email accounts are particularly vulnerable to junk email.

Because it is convenient for many reasons, IMSS's mail servers handle all mail meant to go to an "@caltech.edu" address, and all accounts will, by default, accept mail to both "accountname@caltech.edu" and "accountname@caltech.edu". The caltech.edu domain is the "root domain" for Caltech - the range of numerical IP addresses allocated to Caltech are registered under the name "caltech.edu" - and the master lists of Internet domains are easily browsed (so people can figure out what domain names can be bought, for example). Thus junk emailers know that "caltech.edu" is a legitimate place to send email, and can connect to the mail servers handling that domain and start trying to send mail (IMSS can't prevent them, because it might be real mail). IMSS believes that the spammers then try sending to many, many short sequences of letters and numbers to see which ones are legitimate addresses. This is why you can get junk email even if you have never given your address to anyone.

This problem is not restricted to Caltech.

Junk email is on the rise everywhere on the Internet. Some service providers claim they can stop spam from coming to you, but they can only do that by taking aggressive measures that have a good chance of blocking legitimate email along with the junk mail. The reasons IMSS (and the IT departments of other universities) cannot do that are outlined above.

Things you can do about junk email

Use the Mail Protection Gateway (MPG) Service

The MPG service quarantines suspected spam for up to 45 days. During that time, you can log in to retrieve legitimate email from the Spam Quarantine, add senders to a personal safelist, or take no action if the email is actual spam. See MPG for more info.

Things you shouldn't do about junk email

Attempt to use an "unsubscribe" web link or email address.

A lot of unsolicited junk email comes with a claim you can unsubscribe, along with a web link to click on or an email address to send to. Think of this as a form of bait, and don't take it! Junk emailers send mail to large numbers of addresses, many of which don't work. If you click on the link or reply to the email, they now know your address works and has someone reading mail sent to it, and they will most likely now never stop mailing you.

Now, this warning doesn't apply to all mail - legitimate email lists do have an unsubscription method. However, this warning is generally valid for emails trying to sell you a product or service from a company you've never dealt with before.

Send lots of mail to the sender to punish them.

This tactic is known as "mailbombing" and is both ineffective and unethical. It is ineffective because the listed sender may not actually be the real sender, as described above. It is unethical because it may wind up punishing an innocent person; because it puts a load on the IMSS mail server, hurting everyone else on campus trying to send mail; and it may cause an Internet service provider to start rejecting all mail from Caltech, which again hurts everyone else on campus.

Forward junk email to IMSS.

In your frustration you may want to forward some particularly egregious piece of junk mail to IMSS. Please believe us when we say that we know junk email is a problem for everyone on campus and we are taking what limited steps we can to stop it. Please read the facts about junk email above before making any complaints to IMSS, so you know the kind of things we will just be unable to do.

Try changing your email address to avoid spam.

As mentioned above, junk emailers use automated harvesting techniques to find new addresses to send mail to. Changing your email address will only provide a temporary respite and will cause a great deal of inconvenience for the people trying to contact you at your old address. IMSS policy is to refuse to change account usernames for the purpose of spam avoidance. (We will do so for cases of harassment, however; please see below.)

Note about harassment

If you find yourself a subject of special email harassment or stalking, where someone or a group of people keep sending you email you don't want from many different addresses (so you can't filter it), IMSS will change your account username and eliminate previous references to your email address. Please contact us at https://help.caltech.edu (request type IMSS > Email & Calendar >Other).