Spam Email, Abuse, U.Va.

Mailing Address:

PO Box 400217
Charlottesville, VA
22904-4217 USA

Physical Address:

108 Cresap Road
Charlottesville, VA 22903

434-924-4165
434-924-3579
Email Us
See Map

Information About Spam Email

What is spam email?
Types of spam email here at U.Va.
Spam email that originates from outside U.Va.
Spam email that originates from within U.Va.
What is done to stop spam through the central email hub?
What can you do when you receive a message you think is spam email?
Full headers of a spam email message and how to read them

What is spam email?

What is spam? Although the term was first associated with newsgroups, it has since become linked to the widely-present and largely unwanted "unsolicited bulk email" messages. The messages may contain commercial information, wishes for luck, notices of philanthropic opportunities, humor, etc. Some of them are simply chain letters: a message unrelated to the mission of the University that asks you to redistribute the message to others. You may receive these messages from someone you know or from a complete stranger.

Types of spam email

We on the abuse team try to avoid reading message content. When reading a message is unavoidable, we on the abuse team try not to judge messages based on their content. If we suspect that the content of a message violates federal, state or University laws and/or regulations, we will consult with the University's General Counsel office for advice on our next course of action. For messages that are outside this category, we see most spam messages as falling into two broad categories: those that those that originate outside this community and those that originate within it (are sent by a member of this community or are sent using University resources).

Spam email that originates outside U.Va.

For the spam email messages that originate outside the U.Va. community, two optional anti-spam services are available to members of the University community. One service works with email accounts on the Central Mail Service (CMS) and the other works with any registered address (example: mst3k@Virginia.edu.

Please consult the information on anti-spam statutes for the Commonwealth of Virginia to learn what your legal rights may be. We believe that the best course of action in most cases for the recipient of a spam email message is to delete the message. Other individuals may want to attempt to establish a filter, "rule" or "personal block" on incoming spam to their address.

Spam email that originates within the University of Virginia

If the message originates from University resources or the sender appears to be someone at U.Va., we need to know about it. Although sometimes the message headers will have been forged to make it appear that the message originated here when it did not, it is useful to have the abuse team examine the message to insure that if the message originated here, we can take appropriate actions to see that the behavior is stopped.

We will want you to redirect the message you received, with its full headers, to the abuse team at the address abuse@Virginia.edu. If you are uncertain how to redirect the message with its full headers, we can try to explain the process to you if we know which email client you use to read your mail (Mulberry, Eudora, Pine, etc.) or you can, in your message to the abuse team, authorize a member of the abuse team to examine the headers of message in your server mailbox using administrative access to your mailbox. Please tell us how to locate the message so that we will not intrude on your privacy more than is need to resolve this incident. When we have a copy of the message in the format we need, we will examine the message headers and then refer what we have found to the normal disciplinary procedures for the individual/system involved.

Avoid replying to the sender of these types of messages.

What is done to stop spam through the central email hub?

There are two optional anti-spam measures in place for use by members of the University community. Both measures require that an individual subscribe to the service before the service will begin to work for that person.

What can you do when you receive a message you think is spam email?

If you receive a spam message and are not using one of the two optional anti-spam measures that exist, you may want to investigate them and begin to use whatever service is available to you. Some individuals receive these messages and immediately delete them. Still others see the information contained therein as an opportunity about which they are pleased to know. And others will reply to the message (sometimes unknowingly using the Reply All feature of their email client) and thereby further distribute the message.

Be aware that replying to a spam message is not appropriate behavior when the spam message originates with University resources.

Other individuals object to this invasion of their email mailbox and report its receipt to the abuse team. And others will write to the abuse team wanting to know what to do to stop receiving more messages of this type or ask that we filter their incoming mail so that they never see the spam messages.

You may want to delete these messages but find that the information contained therein gives you pause. At times, some of these messages will advise you of computer viruses, at other times they will tell you of ways to become wealthy (usually quickly and without involving work on your part) or perhaps they will tell you of a heart-wretching situation and a way in which you can help. Be careful of what you believe and in what you participate. Some well-intentioned messages have caused systems to crash. Think about what the message says: does it look like there is really a way for what is stated to happen? There are a variety of websites that you can check to authenticate reports that you receive.

Among the more well-known ones are:

When you have a question about a spam message that you receive, you may send a copy of the message you receive, with its full headers, to abuse@Virginia.edu and ask the abuse team to help you determine if the information provided in the message is legitimate. Should it be truthful and warrant wide University attention, the abuse team can coordinate the dissemination of the information within the U.Va. community.

The two optional anti-spam measures at the University provide many with substantial relief from incoming spam message.

Should you want to establish a local filter on your incoming mail in addition to using one or both of the system anti-spam measures, you will need to learn how to do it. Most email clients support this function and on some it is not difficult to implement. If you are uncertain how to filter your email with the client you use to read email, please contact the ITC Help Desk at (804) 924-3731 between 8 a.m. and 8 p.m., Monday - Thursday or between 8 a.m. and 5 p.m., Friday. The ITC Help Desk is not open during University Holidays when school is not in session or when the University is otherwise officially closed. A second alternative for assistance with creating a personal email filter is to send an email message to consult@Virginia.edu.

We want you to understand that if you attempt contact the sending site and are successful (perhaps with a request to be removed from the mailing list), this action sometimes results in your receiving more spam email messages as your message to the sending site it notifies the sender that their message reached a working address. As is always the case, visiting a web site or opening an attachment from someone you do not know is never a good idea. And while we wish we had better advice to offer you about how to handle these messages, at the present time, deleting these messages seems to be the most effective way to process them.

Full headers of a spam email message and how to read them

What follows are the headers of a spam email message that the U.Va. email postmaster received that was undeliverable. The id to which it was sent here at U.Va. has been altered, but it is, in all other respects, authentic. Comments (in italics) before and after some of the headers to explain what the headers indicate.

Date: Mon, 4 Oct 99 6:04:20 EDT
From: "mail.virginia.edu MMDF Mailer"
Sender: mmdf@virginia.edu
Subject: Failed mail (msg.ab19556)
To: Postmaster@virginia.edu
Status: OR

Postmaster received the message on Monday, October 4, 1999 at 6:04 a.m. Eastern Daylight Time. We received the message from mmdf (the mail transport agent at that time on our mailhub) because the mmdf computer software could not deliver the message nor could mmdf return the message to its senders (hence, postmaster receives it). What follows is the first error-in-delivery message and then an attempt by our software to provide the sender with some clues about how they might better address their message.

Your message could not be delivered to
'mailing1@usa.net (host: usa.net) (queue: smtp-ns)' for the following
reason: ' ... User exceed storage quota'

Your message follows:

Date: Mon, 4 Oct 99 06:04:19 EDT
From: "MMDF Mail System"
To: mailing1@usa.net
Subject: Failed Mail

This is an automatically-generated form letter.

The mailbox specification "xxx1x" is unknown to the
University of Virginia mail server. We suggest that you resend
your message to a mailbox name consisting of your prospective
correspondent's name or local work phone number. For example,
suppose your original message, destined for a John Doe Smith, were
addressed to

jds2x@Virginia.EDU

Unfortunately, jds2x turns out to be incorrect for some reason.
Try

John.D.Smith@Virginia.EDU
or
J.Doe.Smith@Virginia.EDU
instead. Alternatively, if you do not know Smith's first and/or
middles names, you might send to

9241234@Virginia.EDU

where 924-1234 is Smith's local work phone number.

If ITC can do anything further to assist you, feel
free to contact the Electronic Mail Postmaster. Inquiries should
be directed to one of the following addresses:

Postmaster@Virginia.EDU [ Internet (or local to UVA) ]
...!uunet!virginia!postmaster [ UUCP ]
Postmast@VIRGINIA [ BITNET ]

Your message follows:

When we see "Your message follows," we know that we are nearing the headers for the original message. Read the left side of the headers quickly to find the From: and the To: and then begin to read up.

The following received header says that the message was received from the computer that is probably in Turkey by our mail.virginia.edu computer (that is the present name of the computer to which U.Va._Computing_ID@Virginia.edu messages go). Note that the date is 10/4/1999 and the time is 6:04 a.m. Eastern Daylight Time. mail.virginia.edu could neither deliver the message nor return it, as shown above, so it sent the message to postmaster@Virginia.edu for attention.

Received: from [212.174.240.2] by mail.virginia.edu id aa19462;
4 Oct 99 6:04 EDT

The following received header indicates that message was probably sent by a computer with the IP address 212.174.240.54 to a computer that was probably named selcuk.hay.net.tr. The IP address is for a computer some place in Europe. The computer named selcuk.hay.net.tr is also in Europe. TR is the country code for Turkey, and it is possible that the message originated there, though it could have originated some place else, too. The message probably passed through the selcuk.hay.net.tr computer in Turkey. Note the date and time on the message - although the U.Va. postmaster received the message on 10/4/1999, the time says it was originally sent on August 3, 1999 at about 5:30 a.m. local time. The sending computer may have a date problem! Also note the "+0300" - the sending site was 3 hours ahead of Greenwich Mean Time (GMT); U.Va. is behind GMT, so our messages are usually -0400 or -0500 at that place in the header. Our time varies because we switch between Eastern Standard TIme and Eastern Daylight Time. Also note all the "probably" statements in the above text: headers can be forged and it is difficult to say that this message definitely came from either of the sites indicated in the headers. Now scroll up some more to see the information on the first Received: header.

Received: from my-computer (212.174.240.54 [212.174.240.54]) by selcuk.hay.net.tr
with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.1960.3)
id Q1JBPSQF; Tue, 3 Aug 1999 05:29:59 +0300

From: and To: are forged - these are not valid addresses (though they appear to be.) usa.net is a valid domain; but mailing1 is not a valid address at that domain. Now read up to see the comments for each header

From: Net-Pa Internet Marketing Center
To: 006- TR REHBER 6
Date: Mon, 04 Oct 1999 05:27:07 +0200
Subject: Farkli, Etkili, Hizli, Basarili ve Bedava Reklam Olanagi !...
Reply-To: mailing1@usa.net
Organization: Net-Pa
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_001_14767927_19627,95_14787554,9492188"
Content-Transfer-Encoding: 7bit
X-Priority: 3




Report A Problem Information About Spam Email Request Information Ways To Prevent Abuse Frequently Asked Questions Home Mailing Address: PO Box 400217 Charlottesville, VA 22904-4217 USA Physical Address: 108 Cresap Road Charlottesville, VA 22903 434-924-4165 434-924-3579 Email Us See Map		Information About Spam Email What is spam email? Types of spam email here at U.Va. Spam email that originates from outside U.Va. Spam email that originates from within U.Va. What is done to stop spam through the central email hub? What can you do when you receive a message you think is spam email? Full headers of a spam email message and how to read them What is spam email? What is spam? Although the term was first associated with newsgroups, it has since become linked to the widely-present and largely unwanted "unsolicited bulk email" messages. The messages may contain commercial information, wishes for luck, notices of philanthropic opportunities, humor, etc. Some of them are simply chain letters: a message unrelated to the mission of the University that asks you to redistribute the message to others. You may receive these messages from someone you know or from a complete stranger. Types of spam email We on the abuse team try to avoid reading message content. When reading a message is unavoidable, we on the abuse team try not to judge messages based on their content. If we suspect that the content of a message violates federal, state or University laws and/or regulations, we will consult with the University's General Counsel office for advice on our next course of action. For messages that are outside this category, we see most spam messages as falling into two broad categories: those that those that originate outside this community and those that originate within it (are sent by a member of this community or are sent using University resources). Spam email that originates outside U.Va. For the spam email messages that originate outside the U.Va. community, two optional anti-spam services are available to members of the University community. One service works with email accounts on the Central Mail Service (CMS) and the other works with any registered address (example: mst3k@Virginia.edu. Please consult the information on anti-spam statutes for the Commonwealth of Virginia to learn what your legal rights may be. We believe that the best course of action in most cases for the recipient of a spam email message is to delete the message. Other individuals may want to attempt to establish a filter, "rule" or "personal block" on incoming spam to their address. Spam email that originates within the University of Virginia If the message originates from University resources or the sender appears to be someone at U.Va., we need to know about it. Although sometimes the message headers will have been forged to make it appear that the message originated here when it did not, it is useful to have the abuse team examine the message to insure that if the message originated here, we can take appropriate actions to see that the behavior is stopped. We will want you to redirect the message you received, with its full headers, to the abuse team at the address abuse@Virginia.edu. If you are uncertain how to redirect the message with its full headers, we can try to explain the process to you if we know which email client you use to read your mail (Mulberry, Eudora, Pine, etc.) or you can, in your message to the abuse team, authorize a member of the abuse team to examine the headers of message in your server mailbox using administrative access to your mailbox. Please tell us how to locate the message so that we will not intrude on your privacy more than is need to resolve this incident. When we have a copy of the message in the format we need, we will examine the message headers and then refer what we have found to the normal disciplinary procedures for the individual/system involved. Avoid replying to the sender of these types of messages. What is done to stop spam through the central email hub? There are two optional anti-spam measures in place for use by members of the University community. Both measures require that an individual subscribe to the service before the service will begin to work for that person. What can you do when you receive a message you think is spam email? If you receive a spam message and are not using one of the two optional anti-spam measures that exist, you may want to investigate them and begin to use whatever service is available to you. Some individuals receive these messages and immediately delete them. Still others see the information contained therein as an opportunity about which they are pleased to know. And others will reply to the message (sometimes unknowingly using the Reply All feature of their email client) and thereby further distribute the message. Be aware that replying to a spam message is not appropriate behavior when the spam message originates with University resources. Other individuals object to this invasion of their email mailbox and report its receipt to the abuse team. And others will write to the abuse team wanting to know what to do to stop receiving more messages of this type or ask that we filter their incoming mail so that they never see the spam messages. You may want to delete these messages but find that the information contained therein gives you pause. At times, some of these messages will advise you of computer viruses, at other times they will tell you of ways to become wealthy (usually quickly and without involving work on your part) or perhaps they will tell you of a heart-wretching situation and a way in which you can help. Be careful of what you believe and in what you participate. Some well-intentioned messages have caused systems to crash. Think about what the message says: does it look like there is really a way for what is stated to happen? There are a variety of websites that you can check to authenticate reports that you receive. Among the more well-known ones are: urbanlegends.miningco.com HoaxBusters Kumite's Computer Virus Myths Carnegie Mellon Symantec's virus hoax McAfee's anti-virus F-Secure When you have a question about a spam message that you receive, you may send a copy of the message you receive, with its full headers, to abuse@Virginia.edu and ask the abuse team to help you determine if the information provided in the message is legitimate. Should it be truthful and warrant wide University attention, the abuse team can coordinate the dissemination of the information within the U.Va. community. The two optional anti-spam measures at the University provide many with substantial relief from incoming spam message. Should you want to establish a local filter on your incoming mail in addition to using one or both of the system anti-spam measures, you will need to learn how to do it. Most email clients support this function and on some it is not difficult to implement. If you are uncertain how to filter your email with the client you use to read email, please contact the ITC Help Desk at (804) 924-3731 between 8 a.m. and 8 p.m., Monday - Thursday or between 8 a.m. and 5 p.m., Friday. The ITC Help Desk is not open during University Holidays when school is not in session or when the University is otherwise officially closed. A second alternative for assistance with creating a personal email filter is to send an email message to consult@Virginia.edu. We want you to understand that if you attempt contact the sending site and are successful (perhaps with a request to be removed from the mailing list), this action sometimes results in your receiving more spam email messages as your message to the sending site it notifies the sender that their message reached a working address. As is always the case, visiting a web site or opening an attachment from someone you do not know is never a good idea. And while we wish we had better advice to offer you about how to handle these messages, at the present time, deleting these messages seems to be the most effective way to process them. Full headers of a spam email message and how to read them What follows are the headers of a spam email message that the U.Va. email postmaster received that was undeliverable. The id to which it was sent here at U.Va. has been altered, but it is, in all other respects, authentic. Comments (in italics) before and after some of the headers to explain what the headers indicate. Date: Mon, 4 Oct 99 6:04:20 EDT From: "mail.virginia.edu MMDF Mailer" Sender: mmdf@virginia.edu Subject: Failed mail (msg.ab19556) To: Postmaster@virginia.edu Status: OR Postmaster received the message on Monday, October 4, 1999 at 6:04 a.m. Eastern Daylight Time. We received the message from mmdf (the mail transport agent at that time on our mailhub) because the mmdf computer software could not deliver the message nor could mmdf return the message to its senders (hence, postmaster receives it). What follows is the first error-in-delivery message and then an attempt by our software to provide the sender with some clues about how they might better address their message. Your message could not be delivered to 'mailing1@usa.net (host: usa.net) (queue: smtp-ns)' for the following reason: ' ... User exceed storage quota' Your message follows: Date: Mon, 4 Oct 99 06:04:19 EDT From: "MMDF Mail System" To: mailing1@usa.net Subject: Failed Mail This is an automatically-generated form letter. The mailbox specification "xxx1x" is unknown to the University of Virginia mail server. We suggest that you resend your message to a mailbox name consisting of your prospective correspondent's name or local work phone number. For example, suppose your original message, destined for a John Doe Smith, were addressed to jds2x@Virginia.EDU Unfortunately, jds2x turns out to be incorrect for some reason. Try John.D.Smith@Virginia.EDU or J.Doe.Smith@Virginia.EDU instead. Alternatively, if you do not know Smith's first and/or middles names, you might send to 9241234@Virginia.EDU where 924-1234 is Smith's local work phone number. If ITC can do anything further to assist you, feel free to contact the Electronic Mail Postmaster. Inquiries should be directed to one of the following addresses: Postmaster@Virginia.EDU [ Internet (or local to UVA) ] ...!uunet!virginia!postmaster [ UUCP ] Postmast@VIRGINIA [ BITNET ] Your message follows: When we see "Your message follows," we know that we are nearing the headers for the original message. Read the left side of the headers quickly to find the From: and the To: and then begin to read up. The following received header says that the message was received from the computer that is probably in Turkey by our mail.virginia.edu computer (that is the present name of the computer to which U.Va._Computing_ID@Virginia.edu messages go). Note that the date is 10/4/1999 and the time is 6:04 a.m. Eastern Daylight Time. mail.virginia.edu could neither deliver the message nor return it, as shown above, so it sent the message to postmaster@Virginia.edu for attention. Received: from [212.174.240.2] by mail.virginia.edu id aa19462; 4 Oct 99 6:04 EDT The following received header indicates that message was probably sent by a computer with the IP address 212.174.240.54 to a computer that was probably named selcuk.hay.net.tr. The IP address is for a computer some place in Europe. The computer named selcuk.hay.net.tr is also in Europe. TR is the country code for Turkey, and it is possible that the message originated there, though it could have originated some place else, too. The message probably passed through the selcuk.hay.net.tr computer in Turkey. Note the date and time on the message - although the U.Va. postmaster received the message on 10/4/1999, the time says it was originally sent on August 3, 1999 at about 5:30 a.m. local time. The sending computer may have a date problem! Also note the "+0300" - the sending site was 3 hours ahead of Greenwich Mean Time (GMT); U.Va. is behind GMT, so our messages are usually -0400 or -0500 at that place in the header. Our time varies because we switch between Eastern Standard TIme and Eastern Daylight Time. Also note all the "probably" statements in the above text: headers can be forged and it is difficult to say that this message definitely came from either of the sites indicated in the headers. Now scroll up some more to see the information on the first Received: header. Received: from my-computer (212.174.240.54 [212.174.240.54]) by selcuk.hay.net.tr with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.1960.3) id Q1JBPSQF; Tue, 3 Aug 1999 05:29:59 +0300 From: and To: are forged - these are not valid addresses (though they appear to be.) usa.net is a valid domain; but mailing1 is not a valid address at that domain. Now read up to see the comments for each header From: Net-Pa Internet Marketing Center To: 006- TR REHBER 6 Date: Mon, 04 Oct 1999 05:27:07 +0200 Subject: Farkli, Etkili, Hizli, Basarili ve Bedava Reklam Olanagi !... Reply-To: mailing1@usa.net Organization: Net-Pa MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_001_14767927_19627,95_14787554,9492188" Content-Transfer-Encoding: 7bit X-Priority: 3