Members of the Internet-savvy Generation Y are well aware that “spam” is more than an unappetizing luncheon meat. Spam, or unwanted junk e-mail, has slyly infiltrated the e-mail boxes of many University of Chicago students over the last two weeks in the form of a letter entitled in lower case letters, “about this part-time job.”
The e-mail got past the University spam filter “JunkMail,” a service provided by Networking Services and Information Technologies (NSIT). Sent by a supposed “Kenneth Coleman,” the e-mail did not adhere to the traditional format of anonymously sent spam, which advertises the newest, cheapest, and best version of Viagra. Coleman’s address appeared in the form kennethcoleman@secret-shopping.biz, as well as coleman@mysteriousjobs.com. The e-mail opens with a personally addressed salutation, followed by the unnamed company’s enticing offer of $300 to $500 per week to be a “Secret Shopper” who performs field tests and writes product reviews for different companies. Well concealed as a genuine proposal, the letter is actually a deceptive hoax, tempting unwary students to reply for more information.
“I had no idea that the e-mail was spam because it looked like any other letter in my mailbox with a known sender and average-sounding title,” said first-year in the College Alix Lerner, who replied to the e-mail asking for more information. “Had I known it was spam, I clearly wouldn’t have replied.”
Bob Bartlett, director of NSIT Enterprise Network Services & Security, explained that spammers most commonly harvest e-mail addresses and associated information by searching mailing list archives, Usenet news posts, and web pages. Bartlett further discussed how spam such as this can pass the University’s spam filter: “There is essentially an arms race going on between spam filter authors and spammers,” he said. “Each is attempting to improve—spammers to better evade filtering software, and spam filter writers to better identify spam without falsely identifying legitimate mail.”
Spam filters attempt to identify junk e-mail through a variety of methods, Bartlett said. “The sender: Is it a known spam sender? The content of the message: does the content match with known spam messages? Finally, the number of similar messages arriving over a period of time for different users,” he elaborated.
Spammers have their own methods to circumvent each of these identification methods. It is possible that the sender is fictitious or that the spam is sent from a compromised machine that is not a known spam site. The content of the e-mail can avoid spam filters by careful phrasing or by scrambled word spellings, such as “ph8rmeceutical” or “V1agra.” Consequently, it is impossible to block all spam, but the University’s current spam filter assigns to mail messages a percentage that indicates the probability of the message being spam. “We are conservative about what we send to the quarantine, so we only send messages that are assigned a probability greater than 90 percent,” Bartlett said. “It is possible to use that probability score to filter messages in your client. I actually send any message with a weight greater than 50 percent to a special mailbox and I have only had two false positives.”
The University uses a commercial program for spam filtering, whose author is constantly updating it to improve its accuracy, Bartlett said. The filter will never be 100 percent accurate, always erring on the conservative side in assigning spam probabilities so as not to quarantine valid e-mails.
Most students who use Webmail do not employ their own spam filters in addition to the one provided by the NSIT server, yet there are those cautious few who take extra measures to block spam. Maurice Codik, a fourth-year in the College studying computer science, uses a spam filter on his computer. “I use the Evolution mail client set up in conjunction with SpamAssassin,” he said. “It learns what is spam-based on what spam messages I train it on.”
Third-year in the College Ian Sefferman, also a computer science concentrator, gave multiple reasons for using a spam filter. “Firstly, because I use more than just my uchicago.edu email address,” he said. “Second, because spam was a problem for me long before NSIT released JunkMail.”
Sefferman drives his reasoning home with a double entendre only a U of C student would dare use, saying that, in the end, he has a second spam filter “because you simply can never have too much protection.”