University home   |   A-Z   |   Accessibility   |   Contact us   |   Help
     Students           Staff           Researchers           Visitors     
 

Services for Students
Home
New students start here
Libraries
Media Centres
Computing
Printing and Copying
Computer Store
Study Support
Getting help
All opening hours
A-Z
Forgotten Passwords
Links for Students
Studentcentral
Online Library
IS News
My Info
UniMail
UniCard
Documents and Helpsheets
Frequently Asked Questions
Subject Guides
You are here: Home arrow News from Information Services arrow Anti-Spam filtering service - project completed


Anti-Spam filtering service - project completed Print
Tuesday, 27 April 2010 (66036 hits)

Project completed.

Update, September 13: MessageLabs has been successfully running at the University of Brighton for twelve weeks now and in that time, the service has:

  • scanned 3,292,799 incoming email messages
  • scanned 469,941 outgoing email messagesprevented 14,553 messages containing viruses from coming in
  • prevented 27 messages containing viruses from being sent out of the university
  • prevented 1,187,426 spam messages from being delivered to university inboxes


The support for the product has been excellent and it has so far proved very accurate in its identification of problem messages. 

  • Just 1 in 411,599 emails (or 0.0002%) have been incorrectly identified as spam and
  • Just 1 in 113,544 (or 0.0009%) of messages that have delivered were actually found to be unwanted 'spam'

On the rare occasions that spam has slipped through, within 24 hours of the incident being reported, MessageLabs have introduced new detection rules to prevent a reoccurrence.

 Update, July 26: This project is now complete and we are using MessageLabs for scanning all incoming and outgoing email.

 

Update, June 27: This service was released on Monday 21 June. Almost one week later, the service appears to be working successfully. At least two serious 'phishing attacks' have already been blocked. Feedback received so far suggests that SPAM coming into the university has been virtually eliminated, but do let us know your views.

Background

Spam, viruses and other unwelcome email content have become a serious problem for the university and in response Information Services has subscribed to the MessageLabs anti-spam filtering service.  The aim of this hosted service is to prevent spam from reaching our network in the first place and to prevent any bogus messages from compromised accounts being sent from the university.

How does the new spam filtering service work?

All mail coming in to the university from the internet will first pass through the MessageLabs filtering service. Any messages suspected of being spam will be returned to the sender.  These messages will not be deleted, but will be kept in a quarantine folder on the MessageLabs service. Thus, if you suspect that a message you are expecting has been wrongly identified as spam, you will be able to contact our Helpdesk and ask them to retrieve the message for you.

Staff should see the following reassuring text at the bottom of messages received from, and sent to, external email addresses:

This email has been scanned by the MessageLabs Email Security System on behalf of the University of Brighton [or BSMS].

For more information please visit http://www.messagelabs.com/spam

 

Why do we need this service?

University policy has previously stated that we will not delete suspected spam messages that are sent to the university. instead, our SPAM filters add the text [SPAM?] to the subject line of any suspicious messages. * It is left to the recipient to decide whether to delete or read the message.

Unfortunately this has led to an increasing number of incidents where staff have inadvertently replied to spam messages and, in some cases, have given away their usernames and passwords. When this has happened, spammers have been able to send tens of thousands of messages from university accounts which has led to the university being blocked from sending any email to services such as Hotmail and Yahoo.

We recognise that this has been frustrating to all staff and students and people wishing to be contacted by members of the university. This new service aims to address those problems.

*Note that our servers WILL reject messages considered to contain viruses, phishing messages and other "malware".

 

About MessageLabs

MessageLabs services are currently used in over 83 countries and customers include the whole of UK central government, 35% of local government and 30% of FTSE 350 organisations. More significantly MessageLabs have a 99% success rate in capturing spam and removing threats. We anticipate that by using this service we will be able to protect the university's digital reputation and prevent future blocking of the university's email systems. We also expect to virtually eliminate internet spam and hoaxes from your inboxes.

Over the next few weeks, Information Services will be configuring and testing connections with MessageLabs services.  We expect to release the new anti-spam filtering by the end of June 2010.

 

See other summer projects

watering can in garden

Comment on this story
< Previous   Next >
   
Comments

Daniel, if I have understood your question properly then the answer is a bit of a yes and no:

The yes bit: If a message is likely to be trapped by a SPAM filter then MessageLabs would stop it first and we will be notified.

The no bit: But if you are thinking about a less sophisticated SPAM filter at the destination that is likely to trap more false positives, then the fact that it has passed safely through MessageLabs won't give it any advantage.

regards, Jill

Posted by jill shacklock, on 09/15/2010 at 15:08

Does this mean, when implemented, outgoing mail processed by MessageLabs will be less susceptible to false-positives with other filters when they are received as well?

Posted by Daniel Warren, on 09/15/2010 at 00:08

I was worried about the scheme of appending 'This message has been scanned' notices to email breaking public-key cryptography based signatures.

But it looks like MessageLabs are clever enough to NOT append the footers to signed or encrypted messages. Phew, scared me for a moment! I was foreseeing great disruption...

Posted by Eric Kow, on 06/25/2010 at 14:48

Jon,
In answer to your comments on the new spam filtering service from Message Labs.

The Helpdesk will have full access to messages that have been quarantined by the Message Labs service and will be able to release these in the very unlikely event of a false-positive being blocked.

Message Labs have been chosen after a lengthy investigation of the various services available due to their excellent reputation and their significant experience in this field. We evaluated several products and went through careful testing and discussion before deciding on this service as one of the best.

The main reason for implementing such a service was the username/password phishing emails that were regularly getting through our existing spam filters and being replied to by members of the University. The problem with these email attacks is they compromise a legitimate account and therefore SSL and Secure SMTP are then rendered useless as the attacker is using genuine credentials to abuse our email systems.

We tried user education using logon screens and repeated emails to advise users on password security, but this all failed and users who admitted to seeing the messages regarding password security still sent their passwords to attackers, despite being asked not to.

Also worth noting is that the secure SMTP service is not used by the Exchange email system, which is where the attacks were made, using legitimate user credentials.

Hijacked machines are not the issue, the main issue was users giving out their credentials.

After lengthy discussion and consideration, it was decided that the best method to protect the University from these attacks was to ensure the phishing emails never appeared in users inboxes in the first place, and therefore we needed a service that would provide this level of protection.

Message Labs have over 10 years experience in the field of message filtering and spam detection and have several layers of protection in place. Their false-positive rate is reckoned to be 1 in 330,000 which is one of the best in the business. We also have access to be able to white-list domains and even individual addresses if needed.

I hope this puts your mind at rest that we have carefully considered this service and the implications and that we have multiple means at our disposal to ensure legitimate email is delivered, but spam and viruses are blocked.

If you have any further questions or comments, please email me.

Many thanks

Adam
_________________________________________________________
Adam Collett
Desktop Infrastructure Support Specialist Information Services

Posted by Adam Collett, on 06/22/2010 at 09:16

Will we have any means to a) look through junked mail and b) even more vitally, be consistently informed if outgoing mail has been junked? A single false positive in such a system could be a disaster. I speak from experience having lost a project this year that would have netted a 6 figure sum, directly as a result of outgoing mail filtering.

On a system that already uses authentication and ssl for smtp this seems like overkill. In the event of a hijacked machine sending spam it would be far better and more effective to block that machine altogether and contact the owner immediately than risk the blocking of vital legitimate emails on a per message basis.

Posted by Jon Dron, on 06/19/2010 at 00:21

Graham
Initially we will only be filtering incoming messages but we will implement outgoing filtering over the following couple of weeks. So eventually everything incoming and outgoing will be filtered by MessageLabs

Posted by Jill Shacklock, on 06/18/2010 at 14:37

> … mail coming in to the university from the internet
> will first pass through the MessageLabs filtering service …

Will the AntiSpam Filter Service apply to outgoing messages, from the University?

Or will it be limited to incoming messages?

> … tens of thousands of messages
> from university accounts …

Posted by Graham Perrin, on 06/18/2010 at 13:07
You are not authorized to leave comments - please login.
Recent IS news
Site maintained by University of Brighton Information Services
Comments? Questions? Compliments? Complaints? Email us at docs@brighton.ac.uk