is up with this spam e-mail?
All spam e-mail is sent for one reason:
money. The original phishing e-mail that was sent to JCU
on Saturday, March 2, was also sent to Case Western Reserve University. Many
other universities were likely targeted as well. The people
who sent out the phishing message most likely sold off the username/passwords
that members of the JCU community sent back to them to spammers. The
spammers logged into the JCU e-mail server and used the system
to send out tens of thousands of messages telling the recipients
they won a lottery or they won something from Pepsi. While
the JCU e-mail server can send out over one-thousand messages
per minute (this is what the spammers find attractive!), many
of the e-mail addresses the spammers send to are invalid. The
server is designed to make sure it delivers every message. When
an invalid address is encountered, processing slows down significantly. As
hundreds to thousands of e-mails with invalid addresses stack
up, response on the server grinds to a halt.
Spammers work on the law of averages. Just
as some of the JCU community members responded with their username
and password, there are people who will respond with their bank
account and credit card numbers. By sending out thousands
of messages, the spammers only need a few responses to make the
result worthwhile. In addition, since each individual theft
is typically small, it is difficult to obtain law enforcement
attention to address the problem.
JCU IS staff has been working with the e-mail
system vendor to put safeguards in place to make the JCU e-mail
server less attractive to spammers. The current maximum
number of recipients for any one message has been reduced from
2000 to 50. This limit had been set to accommodate different
programs on campus, but is no longer an option. Filters
are also being tested which will be much more restrictive on
message delivery. E-mail server tuning is a balancing act. While
more restrictive filters will sharply curtail spam attacks, they
may also hinder legitimate use of the server.
Another consequence of the JCU server being
used as a source of spam is the block (or black) listing of the
server by some Internet Service Providers (ISPs). JCU IS
staff is working diligently to convince these ISPs to remove
the JCU server from their block list.
Early-warning measures have also been put
in place which should allow the IS staff to respond to future
attacks more quickly. In addition, alternative e-mail systems
and providers such as Gmail and Microsoft Live @ edu are being
evaluated as potential replacements for the current system.
Why has the server been so slow?
As mentioned above, this is due to suspected
software problems. JCU IS staff has been working with the
server vendor to isolate the problems and correct them. Two
patches were applied on Monday, March 10th which appear to have
had a positive impact on server performance. Another major
patch is currently being tested by the vendor and is expected
to be released in the near future. This patch should address
additional identified issues. The software on the e-mail
server has not changed since last November which indicates that
the source of the software problems originate in the interaction
of the server with other programs. Indeed the patches applied
on Monday relate to the interaction between the sever and IMAP
clients such as Outlook. It is likely the case that a change
in the Outlook client (and possibly other clients) is the source
of the slowness issues which appeared mainly in the webmail client.
The IS staff fully understands the difficulty
this situation has caused and will continue to address it until
an acceptable, long-term solution has been identified and put
into place. Thank you for your patience and consideration
as we continue to strive to deliver the top-notch service you
have come to expect. In addition, thank you for taking
the time to read all the way through this long explanation! As
you have seen, the issues involved are complex.
Please feel free to contact me directly
with any questions you may have. I will do my best to respond
to them in a timely fashion.