Cranfield University UBE (spam) reduction policy
Receipt of Unsolicited Bulk Email (UBE also known as "spam") is a growing
concern for Email users at Cranfield University as well as for Email
and network managers. This document provides a description of
what we are doing about it, why and how that effects you.
This document serves several purposes and addresses four types of
readers.
- The Cranfield user who wants to know what we are doing about spam
- The legitimate end user at Cranfield or elsewhere who finds that
s/he is no longer able to send mail to Cranfield and was referred
to this document.
- The site administrator at a site that is prevented from sending
mail to (or through) Cranfield.
- The site administrator at other sites who are curious about what
sites like ours are doing.
Very Important Note: Some of our policy and practice
will have a negative effect on legitimate users at sites which are
blocked and on those at Cranfield who wish to receive email from those
sites. Please continue reading this document to understand why we
have made this choice, despite its short term harmfulness to some
legitimate users.
Also note: it is possible for our email hubs to
refused mail from you or your system for reasons other than UBE
blocking. Please read the section on non-spam reasons for which you may have
been blocked and have been referred to this document.
Contents
There are a large number of sites which discuss why spam (Unsolicited
Bulk Email) is bad. Links will be provided within this document
as it expands and is updated.
The overall principle, beyond the fact that it is annoying, is that it
constitutes a theft of service. A comparison with
unsolicited bulk postal (physical) mail may be helpful. There are
important similarities and differences.
- Similarity
- Both are unsolicited and often unwanted by the recipient
- Similarity
- The marginal cost of carrying any particular message is
negligible. That is, once the basic system for carrying mail (in
either form) is established and running, the additional cost of
carrying an additional letter/message is very small.
- Similarity
- Both can usually be easily discarded by the recipient after
receipt without difficulty.
- Alleged similarity
- Both are part of normal or creative business practice and help
promote commerce. Especially allowing entry to smaller businesses
wishing to compete with well branded giants. [This claim about
spam probably doesn't hold up, but this is not the place for a
detailed investigation.]
- Alleged similarity
- Both are (or should be) protected by basic rights to free
unfettered expression.
This just doesn't hold up for spam: The
content of the messages may be entitled to such
protection, but not the unstoppable delivery onto the recipients
computer system. By analogy, the content and right to publish
some short note may be protected, but that would not grant the
publisher the right to tie it to a brick and throw it through your
house window.
- Difference
- In most cases it is possible (though not
always easy) to get your address removed from a postal mailing
list. But once spammers have your email address, you will not get
off it. (So-called "remove" systems are mostly used to confirm
that addresses are real and are read. Attempts to get yourself
removed from a spam list by following the spammers remove
instructions are almost always bound to get your on more lists.)
- Difference
- Spam is almost always forged. Often the address the message
is made to look like it comes from is a real and innocent person, who
then becomes the victim of misdirected complaints and email delivery
error reports.
- The fundamental difference
- The cost of transporting and storing spam is borne by the
unwilling recipient hosts and users as well as by unwilling relay
sites. Additionally, a very large price may be paid by a user and
system whose address is forged in the spam. With postal bulk
mail, the fees paid by the bulk mailers provide resources to the
postal system which end up reducing costs to ordinary users.
(This is true even though bulk mailers pay a discounted bulk
rate.)
It is because of this difference that email and network managers
consider UBE as a theft of service.
Site blocking means that our email hubs which process all incoming
email to Cranfield refuse to accept mail from blocked sites (with the
exception that mail may be accepted if addressed to special addresses
such as postmaster@Cranfield.ac.uk or abuse@cranfield.ac.uk).
Cranfield University's central mail hubs will simply reject mail
connections from blocked
sites.
When receipt is refused the sending system will be informed
that the mail was refused (in the normal way). Additionally a notice is
added to the emailer error message refering to this document.
Blocking websites that advertise via UBE
One way to put pressure on spammers is to block access to websites
which are persistantly advertised by UBE. Cranfield may block HTTP access
from Cranfield to such sites, making such advertised sites unreadable
from the Cranfield network.
By blocking a site, Cranfield's network connectivity is reduced.
Suppose site A gets blocked. That does not mean that only the spam is
blocked from that site, but that (almost) all email from that site is
blocked. This may very well include legitimate users who have
legitimate correspondence with people at Cranfield. This hurts both
the legitimate users at the blocked site and the effected users at
Cranfield.
That cost is recognized and regreted, but there are reasons for it. Some
are purely practical, others more based on some abstract principles.
In general, Cranfield shares the view of many Internet systems managers as
expressed by the rationale for the RBL system
- Site blocking is by far (other than entirely ignoring
the problem) the easiest thing to implement. Alternatives would
require additional resources and additional staff.
- The only (practical) way to put pressure on the spammers
themselves is to make sites unwilling to grant network access to
spammers. Putting pressure on sites that willingly host spammers
is a very good way to ensure that sites don't willingly host
spammers.
- It is the adversely effected legitimate users who are in the best
position to put pressure on their sites which are willingly host
spammers. If your ISP is unwilling to take action to prevent spam
originating or passing through it, then your ISP is a very bad
network citizen and should not be on the net. Get them to fix it
or switch to a different ISP. If your ISP is a university or a
company (and not an ISP for the general public) then you probably
have more leverage in getting them to take appropriate action.
- Because spam is a theft of network service, other sites on the
network have the right to exclude those sites which do
not take action against spammers using their systems.
- Because spam is a theft of network service, other sites on the
network have the responsibility to exclude those sites
which do not take action against spammers using their systems.
- Many of the conceivable alternative actions would actually make
life easier for spammers and spam friendly sites.
If you are not a user at Cranfield, first get in touch with your site's
Email support people and refer them to this document. Pass on to
them all of the details which lead you to believe you are from a
blocked site. That will probably include an email "non-delivery
report" (NDR), that is the bounce or error you got when you tried to
send mail to Cranfield. No site will be blocked without first being
informed and given an opportunity to respond. (Some spamming sites
are not set up to receive mail properly and so may get blocked without
having received a warning. But there should be few legitimate users
at such sites.) So, your email staff will have been warned and
informed about blocking.
Email from most blocked sites may may still be sent
to postmaster@Cranfield.ac.uk or
Abuse@Cranfield.ac.uk. Please do not ask
the email managers at Cranfield to forward a message to a user at
Cranfield except to inform
particular users that mail from your site is blocked. It is not part of their
jobs to get
into the business of forwarding such email.
For particularly large sites that are blocked specifically by
Cranfield some explaination may put up about
specific
information about why some particular sites are blocked. However
not every blocked site will be listed, and for confidentiality reasons some of
the information listed may be deliberately vague.
Note also that there are blocked sites -- which very many other sites
also block -- which are not added to Cranfield's
blocking lists locally, but are done
via the MAPS Realtime Blocking List
mechanism. Cranfield supports their criteria for
adding and removing sites from their RBL, and so will continue to
use their listings. You should follow documents there to find out
what criteria they use for listing and de-listing sites to block.
Additionally, Cranfield does not accept mail connections which come
directly from the temporary dial-up addresses from most ISPs. This should
not have any noticable effect on legitimate users. Those using dial-up
accounts should have their mail go via their ISP's mail hubs. So
Cranfield subscribes to the MAPS Dial-up
User List (DUL).
These should not affect legitimate
users except for those with the following misconfigurations:
- Cranfield users using external ISPs, but who have set their
SMTP hosts to be the Cranfield servers. Only those at Cranfield
or using Cranfield's dial-up service should do that. All other
dial-up users should set their SMTP hosts to those advised by
their ISPs. Note that this still allows these users to read
mail delivered to Cranfield.
- External dial-up users who insist on doing their email transport directly
instead of via their ISP. There is no reason why those using dynamic IP
addresses via should be doing that. Instead they should configure
their mail transport system to send all mail via their ISPs mail
hubs. The better ISPs force such behaviour. Further information
about that is documented at the
DUL
In the mean time you will have to find alternative ways to communicate
with the people in question. Please note that you should report the
problem to your site administrators. If they take appropriate action
or give us a credible promise to take appropriate action,
Cranfield email support staff will remove
them from the Cranfield blocking list at the first opportunity.
Note that it is possible to be blocked by virtue (if that is the word)
of being on the RBL list, Cranfield does
not maintain that list but is supportive of their policy.
If your site is blocked by local policy reasons at Cranfield it could
be for any combinations of reasons. Sites will not be added to the list
without
first attempting to warn and explain to action to the managers of the
blocked site.
However many sites
which behave in ways which lead to them being blocked do not provide a
mechanism for us to contact them. In such cases they will have to get in touch with the Cranfield University Computer Centre after noticing that thay have
been blocked. Mail from blocked sites is always allowed to
Postmaster@Cranfield.ac.uk and Abuse@Cranfield.ac.uk .
The rules below are vague for two reasons: First, if explicit rules are
provided,
sites may find ways of maintaining the same abuse
while technically not violating the rules. Second without full time dedicated
staff dedicated to maintaining the list, many things will slip through.
As a consequence
there will be substantial inconsistence in who "gets caught".
First the spam related reasons:
- Your site or domain is a known source of unsolicited bulk email
(UBE or "spam"), which has failed to implement a serious policy to
stop users of your site's network for such behavior. Often in
these cases we have made complaints and not received a
satisfactory reply. For large sites with many users, it is recognized
that even that even with a substantial effort to
control spam from their users will always have some leaks. For
the large sites, Cranfield, and most of the Internet community, know who
is really making an effort and who is just publishing anti-spam
policies which are unenforced.
- For smaller sites producing spam, these tend to fall into three
categories.
- Sites set up (usually temporarily) specifically for the purpose
of spamming. There are a number of ways to recognize these,
and they will be placed on our list relatively quickly and
come off relatively slowly. Because the change so quickly,
however, we probably won't be able to keep up with many of
them.
- Small ISPs who were unprepared to regulate and control such
things. They are the victims of having a small staff.
Enforcing policies requires staff time. In general when the
usually overwhelmed postmasters from such sites inform us that
they are working on fixing the problem Cranfield will usually refrain
from addingthem on the list.
- Other small or medium sized sites (businesses and
universities) which have had either a security breach or have
misbehaving staff. Again, informing us that the problem is
being worked on will usually get them off the list.
- The spam in question involves harmful forgeries and attempts to misdirect
blame to innocent sites and individuals. In general, the worse the spam
as a network abuse, the quicker a site sending it to us will be blocked.
- Relaying:
Many sites which transmit spam are unwilling relays and are not
the originators. Despite the fact that such site are often the
largest victims of spam, we will block them too. We have full
sympathy (from bitter experience) and again will unblock when we
know that action will be taken to fix things.
In some ways, blocking mail from the unwilling relays does the
victims of relaying a favour. It reduces the mail traffic
actually relayed through their site.
- Non-spam abuse:
We have to be vague here, since it is impossible to list the types
of abuse that might occur. These can range from having a site so
misconfigured it shouldn't be on the net, to having a site which
is involved in an attempt to breach our security or damage our
systems.
These are reasons that are not the consequence of attempting to send
spam or abusive mail to Cranfield users.
- Attempting to relay via our mailhubs
Our mail systems will only accept mail which either (a) originates
at Cranfield or (b) is to be delivered to Cranfield addresses.
Attempts to send mail from outside of Cranfield to addresses out
side of Cranfield is called relaying. We do not allow our site to
be used as a relay. This is separate from our blocking list.
However suspicious attempts to use us as a relay, may get a site
added to the blocking list as well.
Legitimate Cranfield users who wish to send email via Cranfield
from off-site should contact support@cranfield.ac.uk for advise.
The anti-relaying policy does not effect mail to Cranfield
users who have set up automatic forwarding to off site addresses
or mailing lists based at Cranfield.
- No reverse DNS look-up:
Machines acting on the Internet have an IP address, and usually
associated with that IP address is a name. If the name is not
properly registered, our system cannot resolve a name from the
number. This is either accidental misconfiguration or
a deliberate attempt to make it difficult to report complaints to
the network provider. No mail hub on the Internet should be
misconfigured in that way, and Cranfield University maintains the right
to block such sites.
Any legitimate site sending legitimate email to Cranfield which, however,
does not have a proper reverse lookup, can be added to a list of such
sites from which email will be accepted. This will give such sites time
to get properly configured with a minimum disruption of email traffic.
Please send mail to Postmaster@Cranfield.ac.uk or Abuse@cranfield.ac.uk
with details of any site which should be allowed to send email to
Cranfield, but does not have a properly configured DNS entry.
- Direct dial-up addresses
An ever increasing amount of spam is arriving directly from dial-up address.
This is an indication of the success of anti-relaying policies which are
making life a bit harder for spammers.
Where such address can be identified, they will be blocked. Note that this
does not prevent mail that comes via the ISP's legitimate email hubs, but
only mail which comes directly from dial-up machines acting as mail hubs.
This part of the policy should have a small effect on legitimate users,
although any that it does should get in touch with
Postmaster@Cranfield.ac.uk .
The use of blocking lists should produce a noticeable reduction in spam
at a fairly low cost, however it will not eliminate it and a
substantial portion will continue to get through. While there are
other measures Cranfield could take, the marginal gain would not justify it.
Cranfield adopts this policy not only because of the local spam reduction
it will lead to, but because
if enough other sites on the network did the
same, then the cost to spammers and the hosts that support them would
become high enough that there really would be a substantial reduction
of spam on the network as a whole. It is hoped that our users and other
sites will support this effort.