News at Princeton

Friday, Sept. 19, 2014

Web Stories

New anti-spam service to launch June 7

A new anti-spam service that will significantly reduce the number of unwanted e-mail messages clogging inboxes and allow users to have more control over how messages are processed is slated to go live for the University community on June 7.

The service, called “Proofpoint,” has been in various stages of testing by the Office of Information Technology since last fall.

Currently, the University processes about 500,000 incoming e-mail messages each day. A total of 76 percent are screened as definitely spam or virus bearers and are stopped by a firewall, and the remaining 24 percent are delivered to people’s e-mail accounts — and a third of those are probably spam.

Two years ago, OIT introduced a filtering program called “Spam Assassin” that today is used by most people who have the University’s standard e-mail service called IMAP. With this system, suspect messages are filtered into a “spam” folder in the user’s e-mail account. It is the user’s responsibility to review and empty the spam folder to ensure that it doesn’t use up e-mail quota.

“With Spam Assassin, we started getting a handle on helping people separate out good mail from unwanted mail by moving those messages into the spam folder,” said Donna Tatro, senior manager for collaboration and systems services in OIT’s Enterprise Infrastructure Services. “But there was no easy way for people to keep track of messages that might appear spamlike but aren’t spam, or to flag those messages that are really egregious that you never want to get again. From a customer standpoint, the Spam Assassin solution was limited. We saw those limitations early on and started looking for ways to improve. And automatically moving spam messages to the spam folder worked only for IMAP users, not those using the Exchange e-mail service.”

Proofpoint will replace Spam Assassin, and it will screen e-mail for both IMAP and Exchange users. Instead of delivering the suspected spam messages to users’ e-mail accounts, Proofpoint will send a digest with information about those messages twice a day to users’ inboxes. The actual messages will be held in “quarantine” on a separate server. Users will be able to scan the digest, which will list the sender, subject and a score assigned by Proofpoint indicating the likelihood that the message is spam, and decide what to do with the messages.

If it looks like a legitimate message, users will be able to click on it and tell the system to release it from quarantine. The message will be released and delivered to the user’s inbox. If the message looks like spam, users need not do anything — the message will be purged from the quarantine after 30 days.

Users also will have the option of clicking on a link called “safelist,” which releases the message to the inbox and adds the e-mail address of the sender to a personal “safe-senders” list. Future messages from this sender then will not be sent to quarantine.

Tatro said that e-mail newsletters often have the characteristics of spam and are blocked by filters. This system allows users to make sure they receive those messages — if they want them — and to continue to receive them without having to search through a spam folder.

If the message flagged by the system is not spam, the user can report that to Proofpoint and the system will update its detection technology.

If a message is delivered to the inbox and is spam, the user can add the sender’s address to a blocked list, preventing any message from that address from subsequently appearing in the inbox.

At any time, users can edit their safe and blocked senders’ lists and request updated digest reports.

The digest reports will be sent at 8 a.m. and 4 p.m. weekdays. These times were chosen based on the populations served, according to Tatro — the earlier time for employees, who tend to read their e-mail in the morning, and the later time for students, who tend to read their e-mail in the afternoon and evening.

The way that Proofpoint processes messages addresses two important resource use considerations. Because the messages are held in quarantine and not sent to users’ e-mail accounts, the messages aren’t eating up quota space. And because the messages aren’t held on the same server, they are not backed up the way the University’s regular e-mail system is, saving time and server space.

Tatro said that Proofpoint also is much more effective because the University receives definition updates from the vendor multiple times a day. “Spammers change what they do almost on a daily basis,” she noted, constantly finding ways to circumvent even the best spam detection technologies. While those testing the system have seen a significant reduction in the number of spam messages in their inboxes, OIT staff members expect that some spam still will get through.

More information on Proofpoint is available through the OIT KnowledgeBase. Those with additional questions may contact the OIT Help Desk at (609) 258-4357.

Back To Top