SPAM FAQ
What is spam or Unsolicited Commercial Email (UCE)?
SPAM is, of course, the brand name of a canned meat product manufactured by Hormel. However, in Internet parlance, spam is essentially an unsolicited e-mail of a commercial nature, or UCE. A message can be considered UCE or spam if it is not explicitly requested by the recipient.
Didn't Virginia write a law?
Yes. Back in the middle of 2003, the Commonwealth passed an anti-spam law. Of the 26 states with ani-spam legislation (at the time), Virginia's was the toughest.
For more information, see this press release:
'http://www.governor.virginia.gov/Press_Policy/Releases/2003/Apr03/0429b.htm
How do spammers get my e-mail address?
There are several ways that spammers can learn or aquire valid e-mail addresses. Here are some examples:
- Your name is on someone's list: Junk mail and targeted e-mail lists have been around about as long as the Internet itself. Some lists cost as little as $100 for 11 million (or more) valid addresses. These lists are created by website owners and online stores who "share" their customer information - often for a price. It is difficult at best for spammers to identify your personal taste or interests when sending messages to such a large group. Therefore they use a "shotgun" approach mailing is sent out with product offers, get rich quick schemes, and adult porn sites mailings.
- Participating in an Opt-in Lists: These lists are developed by partnering with legitimate websites which require that you specifically check a "Don't send me offers" setting as part of registration for their site or services. Eventually, one of the boxes will escape your attention, and you're added to a list. Truth be told, many sites and opt-in lists are legitimate. They will honor your removal requests. For every one legitimate list or site, there are more that are not, and it only takes being on one or two opt-in lists to eventually generate a mountain of spam in your inbox.
- Automated E-mail address Extractors: Spammers use programs to read and analyze web sites, including forums, and news posts. When reading web pages they look specifically for e-mail addresses. This type of software can locate thousands of reliable e-mail addresses an hour. To avoid having your address harvested in this way, avoid posting put your main (@odu.edu) e-mail address on any website, forum, or newsgroup. Also, if you actually need to post an email address, use specialized Javascript code which makes the link clickable but foils many email harvesters.
For more information, see: http://www.odu.edu/docs/developer/adv_nospam.shtml - MX Server Extractors: These programs exploit a foundational email technology, Internet mail server protocols. When an e-mail is sent to you it is handled first by the email server. During part of this process the sender asks the email server "Is this name correct?", and the email server dutifully responds Yes or No. You may have seen "bounce" messages in the past - this is an example of an email server saying "No, that email address does not exist here". Programs exist that can utilize this feature and mine over 5000 e-mail addresses per minute, at a cost of around $100.
- Viruses, Spyware, and Malicious Code: It is a common tactic of an email based virus - get onto an unsuspecting computer, read the address book, and send email to everyone who is listed. And perhaps send the address book to a spammer, along the way
Why do I get e-mail that isn't addressed to me?
You may receive email through whats called a "Blind Copy". Also, many of the data elements needed to make email "work" can be forged such as the From, To, Subject, Date. Additionally, many viruses choose a random e-mail address out of an infected person's address book and put that in the From header. This actually happens quite frequently. Anyone who has your name in their local address book could potentially be sending out mail that looks like it comes from you.
Should I "reply to remove?" It never seems to work!
Unless the spam is from a legitimate company (such as Amazon, Yahoo!, or another recognized and legitimate company), you should avoid the temptation to click on the "unsubscribe" links. These links are often used to confirm that the spam reached an e-mail address that is actually checked. The end result is that you will get MORE spam.
What is ODU doing about spam on campus?
During 2004, OCCS deployed a highly customizable system. OCCS has created a simplified interface which allows you to choose some basic anti-spam processing or you can explore a very rich expert interface and have a high degree of control over your email. All "@odu.edu" addresses receive some minimal protections through the anti-spam system. See the OCCS Spam Trap page for more information.
http://occs.odu.edu/accounts/spamtrap/index.shtml
How can I figure out where the spam came from?
This is time consuming. You can review all of the headers on the message and submit them to an online spam tracing service such as spamcop.net. A free is membership required to use this service.
Who is responsible for dealing with spam at ODU?
The Office of Computing and Communications Services. In order to investigate any complaints about spam, you must meet the requisites. First, you must have a MIDAS account and you must have opted in to the anti-spam system. Second, you must understand that in order to take any action regarding spam the security group needs to actually look in your Notes Inbox. Forwarding email from Notes strips off valuable header information.
Does ODU sell its directory?
Absolutely not. The University may contact alumni through the Alumni Relations office or may contact you by email for official reasons.