Keeping spam at bay is a never-ending progression of checks and
balances. For a long time, UB’s Central email system
administrators used firewalls, spam identification engines and
enterprise level anti-virus software to protect the email system.
This level of protection afforded UB the delicate balance between
openness, typical of colleges and universities, and closing our
systems to unauthorized use.
Over time, people with malicious intent figured out workaround
methods to bypass these barriers. In response, system
administrators needed to start closing the doors through a series
of technology measures that increasingly required proofs. These
measures, including closing down open email relay usage on campus
and requiring password protection to send email through UB’s
Central email system, have blocked the growing tide of spam that
could—without warning—choke our campus networks.
But what if the spam comes from what seems to be legitimate
sources? The increasing sophistication of phishing emails
puts UB’s Central email systems at risk through the
unwittingly release of legitimate UBITNames and passwords by those
who share their credentials. Using those credentials,
spammers from outside our network can appear as UB members making
legitimate requests. (As an aside, I’ve heard IT staff
debating whether an email was a phish or legit, so it’s not
just the hapless being duped.)
Anti-spam, anti-virus, anti-phishing—these are all
reactive measures that require identifying the “vector”
and pushing out prevention definitions to update our
safeguards. Even if it takes just a few minutes for this to
happen, it’s enough time for the infestation to plant itself
in the system, and credentials to be stolen. Just seconds
later, those credentials are being used to drop huge amounts of
what masquerade to be legitimate email coming from “one of
us” on our own network, hogging huge amounts of network
bandwidth and potentially UB’s Internet connection.
“The key is to stop spammers at the source,” says
Saira Hasnain, CIT Director of Enterprise Infrastructure Services
When asked to describe the “source,” Saira talks
about areas “out there” on the net—computers and
networks—that are linked to spamming. Since 1997,
Real-time Blackhole Lists, or RBL’s, have been used by the
Internet community to keep track of these areas so that Internet
Service Providers, like UB, can refuse to accept their requests.
This doesn’t come without controversy, however, since
RBL’s blindly block all email requests from an IP address,
legitimate or not. Central email system admins have enabled
RBL’s at our email front door; if the email comes from a
Blackhole, the front door stays locked.
The effect has been dramatic: on average, UB is stopping 4
million email requests, more than 85-92% of the incoming queue.
There is a more subtle effect than not having spam show up on your
inbox, however. Stopping spam at the front door means the Central
email system will no longer need to determine the legitimacy of
each of those messages, sort the good from the bad, and deliver
them into our inboxes. “We no longer need to process
badness,” said Saira, “It’s bye-bye at the
“RBL’s are not the end-all, however. It’s a
moving target. They are another way for us to prevent spam.
We’re likely to need more [ways],” Saira reports.
When asked what might be the next step, Saira spoke about the
potential for rate limiting email at the individual level,
“but how much bandwidth should an individual use for their
personal or business related emails?” That is a
discussion for another day.