about projects people publications resources resources visit us visit us search search

Anti-spam Measures

As you are probably aware, unsolicited commercial e-mail, a.k.a., spam, has become a significant problem on the Internet. To combat this problem we have become more draconian in our e-mail rejection policies:

• We blacklist sites on the Internet that are known to be originators of spam
• We use anti-virus software to reject any e-mail that contains known viruses
• We use gray listing to temporily reject email (because legimite email will be resent)
• We use SPF information to verify the orgin of email
• And we use callback verification to see if the return address is legitimate or not

Through these measures, many of our users have reported a dramatic reduction in the volume of spam that they receive.

Email rejection

If cgl.ucsf.edu rejects e-mail, it will report which policy was violated and how to fix it: with either, (1) a URL with instructions, or (2), a message to send email to postmaster@cgl.ucsf.edu.

How to get on our blacklist

We use various blacklists (see below) to limit e-mail accepted by our mail server. Incoming e-mail from an Internet host listed on one of these blacklists will be rejected and returned to the sender. If we discover e-mail with spam content, then we report the abuse and/or blacklist the originating site. We also have a set of local rules that our mail server checks before accepting e-mail. Our local blacklist consists of:

• Home dialup or DSL Internet connections.

Workaround: send outgoing email via your ISP.

• Sites that send out spam (that isn't caught by other blacklists).

Solution: send email to postmaster@cgl.ucsf.edu when you've stopped sending spam.

• Sites that reject standard e-mail reporting errors.

Solution: fix your mail software to follow RFC 1123 error messages (i.e., accept MAIL FROM:<>).

We also whitelist sites that are known not to originate spam using the same technology (e.g., some sites within UCSF that sometimes do bulk e-mailing).

How to get off our blacklist

Or what to do when you received an error message like:

550 Access denied, send email to postmaster@cgl.ucsf.edu if in error

If your mail server is listed in our local blacklist incorrectly, send e-mail to postmaster@cgl.ucsf.edu. You will receive personal attention. If we've made a mistake in listing your server, then we'd be happy to remove it from our blacklist.

Blacklists we use in addition to our local one

The exact set of blacklists we use is subject to change, but currently we use the Spamhaus blacklist, the Spam Cop blacklist, and our local blacklist. (See the spam database list for some possible blacklists.)

SPF

SPF is an emerging Internet technology where the Internet addresses that can legally send email for a domain are published in the DNS.

Articles and other information about SPF:

• SPF: Sender Policy Framework
• PC Magazine article: Stopping Spam
• Infoworld article: Sender ID e-mail spec submitted to standards body
• eWeek article: New Anti-spam Initiative Gaining Traction
• Linux Journal article: SPF Overview
• Linux Journal article: SPF, MTAs, and SRS

About RBVI | Projects | People | Publications | Resources | Visit Us

Copyright 2018 Regents of the University of California. All rights reserved.