Junk and Chain Mail

We all receive unwanted email, sometimes of an offensive nature. It is very hard to totally avoid this, but it can usually be contained to a mere irritation. Most incoming mail is scanned in order to tag junk mail, and IT Services recommends applying a filter to screen you from the worst excesses. Our web page on mail scanning tells you how to set this up.

The sections below provide more detail on junk mail. Visit our pages about phishing and How To Recognise Fake Emails for related information.

1. What are junk, chain, and hoax email?

Junk email is closely analogous to the junk mail that we all get in the post. Basically it is any email that is sent out without regard to whether the recipient is actually interested in it. It may be advertising goods or services, it may be expounding an ideology, it may be anything else that you don't want to receive. Some of it, eg that advertising availability of pornographic material, may be offensive to many people. The main difference between this and postal junk mail is that sending it out by email is vastly easier and cheaper than doing it through the post. It is therefore available to a much wider range of senders, some of whose rationality may be open to question. It also means it can be sent completely indiscriminately. Sending the same mail to large numbers of people is known as "spamming".

If you receive such mail, it is important that you realize that, in general, you have not been specially targeted. There are many companies (mostly in the US) which sell lists of email addresses, which they gather indiscriminately from any source they can find. If you send email to mailing lists, if you take part in newsgroups, if you request information from on-line sources, you will find yourself on their lists.

Chain email is when you are asked to send a particular message to a number of other people, who are also asked to send it on. These messages can ostensibly for "good luck", to advertize a "worthy cause" or "pyramid selling" schemes.

One particularly popular form of chain mail is in the form of hoax virus warnings. The message usually purports to alert you to the existence of some new virus and urges you to pass on the message to everyone you know. Do not pass on such virus warnings. IT support staff normally keep closely up to date with genuine virus problems and, if appropriate, may occasionally issue warnings by email. For more information on virus hoaxes, see the IT Services virus information pages.

2. What to do about junk mail

The official recommendation from the JANET authorities is simply to delete the message. We very strongly advise you not to respond in any way, particularly to the more "undesirable" mail. A silence may discourage the sender; any response, assuming it gets through, is liable to elicit even more unwanted correspondence. Some senders will try to goad you into replying ("you are on a list of people interested in this topic"). A reply will promote you from just one of thousands of addresses, many of which are not valid, to a real person who reads their email, on whom they can concentrate their attentions. It is widely believed that many of the 'Unsubscribe' links given in spam messages are also used to collect live email addresses, although some, of course, will be genuine.

If you receive junk or offensive email, it is important to be aware that the apparent sender whose name may appear in the "From:" line could easily be a forgery, either put there deliberately to fool you, or as the result of certain types of viruses which can use someone's email address book to send out virus infected messages. Finding out the real source of an email involves looking through the message's full headers list which charts its route around the internet.

If you think the sender is from Oxford University, or could be mistaken as such by other users, then please send a copy including all the mail header information to phishing@it.ox.ac.uk. See our documentation on phishing for more information.

If you are really worried about breaking the chain of a chain mail letter, send it to thechainstopshere@pavilion.co.uk (but it would be preferable just to delete it.)

You can use the Nexus account settings to reduce the amount of spam you receive in your inbox. All email received at Oxford is scanned for viruses and junk mail. The system relies on the number of stars a message receives. Where the message is known to be spam, it is given a high number of stars, where it is know not to be spam, e.g. internal Oxford addresses, it is given a low star score. You can set up a filter, which removes email with stars above a chosen value to your junk message folder. Most email clients will also have a feature for filtering messages.

3. University Policy

Junk and Chain mail is the cause of a large number of complaints, both from within and outside the University. It is a great waste of computing resources and staff time, both at the originating and the receiving site.

IT Services will take action against any Oxford user who is identified as having originated or passed on junk or chain mail. Serious cases will be referred to the Proctors.

3.1. What to do if you are personally harassed

Sometimes people may receive offensive mail that is directed to them personally. This may come about through the unwanted attentions of an acquaintance, because one is involved in activities or areas of research that have become the target of pressure groups, or because the user has expressed views in a public forum that others consider offensive or controversial. In the last case we would always advise caution and reflection before putting messages on newsgroups, etc.

If a user is persistently harassed, or is threatened by email, then there are various measure that can be taken to shield them. If you are in this situation, then please contact IT Services Help Centre (telephone (2)73200), and we shall arrange for one of our staff to discuss this with you confidentially.

The Proctors regard any form of harassment as a serious University offence, and will deal severely with cases originating from within the University.

4. Preventing Automatic Display of Offensive Content

Some email client programs automatically display a message's content in a "preview" pane before you open the message. To prevent the unintended display of potentially offensive messages or images, it may be possible to configure your email client to not show any of a message's content before you explicitly open it.

  • In Outlook Express, untick the [Tools->Options->Read->Automatically_download_message] menu option, and/or untick the [View->Layout->Show_preview_pane] menu option.
  • In Microsoft Outlook, deselect the [View->Preview_pane] and [View->Autopreview] menu options.
  • In Netscape Messenger (older versions) untick the [View->View_Attachment_Inline] menu option
  • In Netscape Messenger (newer versions) untick the [View->Show/Hide->Message_Pane] menu option.
  • In Eudora, untick the [Tools->Options->Viewing_Mail->Preview_Pane] menu option.

5. Junk Mail - Autumn 2006

The following information is a semi-technical guide to the autumn 2006 increase in spam emails being delivered to University members.

The amount of spam, and the improvement in its stealthiness (i.e. avoidance of detection) has gone up recently. It's probably true that everyone has been receiving more.

The global volume of spam is increasing, so even though we have maintained a constant accuracy level, the number of spam emails reaching users' inboxes has undoubtably increased. One of the more conservative estimates around (from Symantec) puts the increase in spam emails at about 30% in the last two months (September and October 2006). See:

If you read these two articles, then you would conclude that any detectable recent increase of spam in your inbox is not surprising.

Fighting spam is an arms race; when spammers change tactics there will inevitably be a delay before the anti-spam community responds effectively. There are four aspects to the problem (and the way that we are tackling the solutions):

Outright rejections based on malware and basic SMTP errors
For details of outright rejections see information about the University's mail relay service. We currently reject a staggering 3 out of every 4 emails before they enter the Oxford mail system! This is mainly because of reasons including invalid address information and critical breaches of the email sending protocols. There is also a rather useful real-time information page which you see from the 'rejections' link (section 5) on the page of Mail Relay Statistics.
Spam scoring (enabling basic spam filtering)
Spam scoring is part of the 'arms race' referred to above. We use a system called SpamAssassin (SA) to add the spam scores upon which a lot of users rely. We have introduced a further set of SA rules[1] to try to cope with some of the newer, cleverer tactics. This is an ongoing process, but the last few days have seen these rules applying higher scores to many more spam emails that may previously have escaped high scores.
Client end spam filtering that 'learns'
Client-side spam filtering that 'learns'. This is also known as Bayesian filtering. This is remarkably effective, as a set of rules are constantly tailored by the user. It's probably the best method, but also relies upon spam scoring. It is usually done by the client software, but can be done on a group basis (as close colleagues may wish to have similar rules). Good email clients are able to do it and it is of a level of complexity with which most users should be able to cope.

We hope these explanations help. A balance needs to be struck between heavy-handed filtering and rejection at the server, and something that does not inundate users with spam. The recent improvements in spam scoring should help right now, but it is a constant battle. Hopefully, a lot of the more 'clever' spam emails will now be detected (e.g. the stocks and shares emails that are so difficult to compose rules for).

[1] The latest rules are drawing on the knowledge base at SpamAssassin Rules Emporium (http://www.rulesemporium.com/), which is basically a repository of custom rules.


Service area: 

Written by IT Services. Latest revision 22 May 2017