You must receive too much email, like most people. And spam? Forget about it! We're awash in it. But what may surprise you is how little of that tide really washes your way.
ITS recently improved the way our mail
servers work to filter out spam and phishing messages, and here we'll explain some of the steps
taken by these mail servers to reduce spam and phishing from making their way to
your inbox. Here you'll also find some surprising statistics about the number email messages received and filtered on a typical
day. If you want to skip the section on
our mail systems and how mail is processed, you can jump to the section on statistics.
In order to have this discussion, it is important to
understand the three major components of the NAU email systems. One component is the faculty and staff email
system. This is a Microsoft Exchange
system often called IRIS or iris.nau.edu. For the rest of this article it will be simply called Exchange. Faculty and staff typically use Outlook or Outlook Web Access (OWA) to
connect to Exchange.
A second component is the student email system. This is a hosted service through Google or
Google Apps for Education (GAE). GAE
provides many other services besides mail, but this discussion will focus only on the mail component and call it Google.
Finally, there are a group of servers called mailgates. These are mail gateways that accept email
from the Internet and then send it on to either Exchange or Google. All mail sent from Exchange to the Internet
also passes through these mailgates.
All three systems, mailgate, Exchange, and Google perform some manner of of spam checking. Previously, Exchange and
Google have always looked at the content of the message to determine if it is
spam and the mailgates have until recently only
checked where the email is coming from to determine if it is spam. It also
scanned for viruses.
What has changed is
that ITS has added some additional content checks at the mailgates to look for spam
and suspicious links or URLs in the messages in the mail coming into our
systems from the Internet. The effect is
that with two different systems—either mailgate and Exchange or mailgate and
Google—checking for spam, we identify more email as spam. Even though spam and
phishing are discussed as two different types of messages, the systems treat them pretty much
the same and take the same actions to keep you from having to read them.
Above you'll see a simple diagram showing how mail flows between the Internet and our mail systems.
What happens to spam?
As mail comes into our systems, mailgate checks first to see
where it is coming from. If it is coming
from a known spamming site we drop the network connection and don’t accept any further mail from them. If a site is not a known
spammer but has been sending us mail at a high rate, we slow them down and will
only accept mail messages at the slower speed. Sites that send too much mail too fast may also be spammers.
After mailgate accepts the message, it then checks to see if
it contains a virus. If it does, the
message is quarantined. It also performs
content checks to see if it is likely spam or a phishing message. If mailgate does think it is spam or
phishing, it marks the message in a couple of ways. The most obvious way to mark the message is by
adding the text ***Spam*** to the front of the subject line.
After all of its checks are complete, mailgate then passes
the message on to Exchange or Google, depending who is the intended recipient.
Exchange and Google both do additional spam checks.
Exchange takes anything that is marked by mailgate as spam
(***Spam*** in the subject line) and anything Exchange thinks is spam and
places it in your Junk Email folder. If
you are using Outlook to read email, Outlook makes a few more checks and may
also file the message in your Junk Email folder. So it is possible for you to see some
messages in Junk Email marked with ***Spam*** and some that are not.
Google does its own spam checking and anything it thinks is
spam will get filed in the Spam folder. Google does not know about mailgate’s ***Spam*** flag so it is possible
that you will see some ***Spam*** messages in the Google Inbox.
So how much email and spam do we process? We don’t have numbers for the Exchange and
Google email systems, but we do have counts of the messages coming from the
internet into mailgate. The following
numbers are for the February 5, 2014 and represent a typical day.
Connections blocked – 744,926
These are connections blocked
because the mail is coming from a known spamming site. There is no way to tell how many mail
messages this represents because more than one message can be sent in a single
connection and a single message can be sent to multiple recipients.
Connections rate limited – 210,473
These are connections that were
temporarily blocked and slowed down because they were sending mail at too fast
of a rate.
Messages scanned for spam, phishing and viruses – 373,669
Results from this scan:
- Messages that were clean - 332,595 (89.01 %)
- Messages marked ***Spam*** 36,377 (9.74 %)
- Messages quarantined because they contain a
virus or malware 200 (.05%)
The numbers above represent unique
messages, but a message can be addressed to multiple recipients.
Total messages passed on to Exchange and Google - 822,078.
This number counts one message to
multiple recipients as multiple messages.
That is a lot of mail getting delivered to NAU faculty, staff and
students every day.