Duke

• OIT News 2012
• OIT News 2011
• OIT News 2010
• OIT News 2009
• OIT News 2008
• OIT News 2007

February 2008

Email advertisements for cheap drugs, offers to share millions of dollars with deposed Nigerian officials and embarrassing offers from singles dying to meet you. Why do we get so much of it? What can we do to stop it?

A year ago, Duke’s policy was to not reject any incoming email messages at its gateway based on their address of origin. But something had to be done about the avalanche of spam, so OIT put new spam filters in place. Six months ago 5 million messages a day were stopped based on their origin. Currently, 29 million a day are stopped. The blocked messages come from addresses that can be found on commercially available lists of known spammers, as well as lists that OIT has compiled.

Also a year ago, OIT discarded 1 million to 2 million messages a day based on scans of know spam content phrases. Today it discards 500,000 per day. The numbers have gone down as spammers have received return messages that their emails have been rejected, and then moved on to more fertile ground.

Last year, OIT delivered 2 million to 3 million email messages a day to Duke students and staff. Today, it delivers 1 million, having trimmed away spam. And Duke students and staff are also sending less spam.

Duke users are sending spam? According to Chris Colomb, OIT senior analyst for emails and messaging services, Duke students and staff are unwary purveyors of spam, as spammers have become sophisticated at controlling computers from afar. OIT scans outgoing email volume from Duke, with an eye for mass mailings.

Can spam be blocked altogether? Some Duke students and staff have begun moving to services like Google’s Gmail, with its very sensitive and effective filters. Though a convenient and powerful service, Gmail lacks email features that are essential to university environments, and users must weigh convenience against the risk of unreliable transmission of emails for sensitive, deadline-driven research communications, emergency communications or other university activities.

For example, it is unlikely that commercial services would take the time to comply with Institutional Review Board policies for research confidentiality in communications. Also, if filters at another institution are rejecting your outgoing messages, these services are unlikely to intervene to make sure your messages are allowed in. OIT, on the other hand, can work with other institutions to ensure your mail reaches its destination. And if you accidentally delete an email you had meant to save, OIT will retrieve it, while other service providers will not. It’s the difference between using commercial services designed very effectively for very focused use and an in-house service that can provide flexibility and responsiveness to its home institution.