The University Record, February 18, 1998

'Spam' mail bothersome, but difficult to regulate

By Rebecca A. Doyle

You have 12 new e-mail messages-or 25 or 167, depending on your job at the U-M and how often you check your electronic mailbox-facing you every morning when you boot up your computer.

Recently there has been a much greater chance that several of them are of the type known as "spam" mail. "Spam" is the commonly accepted term for unsolicited computer e-mail, the stuff that stuffs your mailbox with anything from advertisements for questionable products to exhortations that e-mail marketing works! Those who propagate this junk mail are known as "spammers."

Corporate America has tried to deal with the problem of electronic junk mail by placing filters in its mail programs that keep employees from being bombarded. The University and other educational institutions, however, have a different philosophy about how communications across the Internet can be regulated, and whether, indeed, they should be regulated at all. The free flow of new ideas, philosophies and diversity of thought makes the U-M and most other educational institutions reluctant to regulate almost any communication.

The resultant clog of electronic arteries with an overload of unsolicited mail has been a headache for those in the Information Technology Division (ITD) who are responsible for responding to user complaints. It meant slower service for both internal and external users of e-mail services.

So why can't the University just stop letting all those electronic stuffers into our mailboxes? The answer isn't that simple, says Kari Gluski, ITD systems project coordinator. She says that the model originally set up at the U-M was meant to serve the public by accepting and forwarding e-mail to other servers to further the University's mission of service, outreach and communication.

"If you look through the headers of mail you receive that is unsolicited junk mail, sometimes you will see it has been delivered from other university servers at other sites. The e-mail concept is a relay, and there is no authentication process for it. It is a cooperative model and is very vulnerable to this unsolicited mail."

Gluski says there are three types of mail that come through the U-M servers-mail sent from outside the University and addressed to those outside the U-M, mail sent to U-M users from outside the U-M and mail sent from U-M users.

External mail that passes through the U-M's servers is mostly what ITD has been working on and technologists have in place a fix that has reduced the flow of external-to-external mail. "We are still looking at potential fixes for the other types of e-mail and policy implications," she notes.

But reducing the amount of unsolicited mail from outside the U-M that pops up in individual mailboxes is more challenging, according to Andrew Inman, ITD technologist.

"There's not a lot we can do at this point without filtering users' mail," he says, "and that is contrary to the University's policy of openness. It would also create an enormous amount of overhead." Filtering mail by content would mean that each message would have to be looked at either by human eyes or a computer program, not only to see where it originated, but at least some of what it contained. Most people, he notes, are opposed to having their mail opened, even by computer programs.

"There are serious concerns about privacy here," he says, noting that ITD has been considering installing a filter that could be turned on and would allow users to reject mail from certain sites, but it is only at "the drawing board stage."

It is not only the privacy issue, but the difficulty involved in tracking down where mail originated, says Paul Killey. Director of the Computer Aided Engineering Network (CAEN) at the College of Engineering, Killey says that e-mail senders can disguise themselves and use a false return address, making it next to impossible to track them down.

"Even if we know some sites do nothing but 'spam' mail, we couldn't stop it all," he says. "It is easy for them to impersonate another site or a person."

Killey offers a few tips for those who receive unwanted e-mail.

 

Don't reply to messages, even if they ask you to send a reply saying you don't want to receive any more mail. "Unless you know that the company or person sending the message is reputable, it's best not to answer. Those messages are designed to validate e-mail addresses and they will pick up your address from the reply and sell it," Killey says.

 

If you purchase goods through the World Wide Web, be aware that your e-mail address may be passed on to others or picked up in transit.

 

UseNet news groups are a prime target for mailing lists. In fact, many who post messages on electronic bulletin boards have begun to include "no spam" in their addresses, which will fool some computerized address search programs.

 

Check the headers in your e-mail-the address and routing information at the beginning of the message-to make sure the sender is who you really think it is.

Within the University, there is a set of guidelines that regulates sending large amounts of mail or one message to a number of groups, although the current guidelines are "probably not strong enough," according to Virginia Rezmierski, director of the office of policy development and education at ITD. Rezmierski just last week appointed a committee of faculty, staff, undergraduate and graduate students, and administrators who will "identify the needs on campus for targeted mail and the educational issues, and determine what the guidelines should be." She says she hopes that recommendations will be made by the end of April.