Spam and Phishing

SpamTrap - learn all about how to use SpamTrap, Western's tool for catching spam.

About SpamTrap

A significant number of emails addressed to Western email addresses are now spam. WTS filters out 75% of incoming mail as 'known spam'. An additional 3% of incoming mail is 'suspect spam'.  Western's main tool for filtering spam is our SpamTrap service.

Western email address have their spam ‘trapped' in a central repository rather than clogging your Inbox and using email resources. A single notice is sent each day so that a user may see the messages that are trapped. This summary notice allows for 3 easy choices - delete all, deliver selected messages and delete the rest, or log in and manage your SpamTrap.

We recommend taking a few minutes to scan the notification message to ensure that the trap has not caught legitimate email. If you agree with what we have trapped then select the button ‘reject all as spam’.  You need to be sure - once this action is taken the message(s) cannot be retrieved.  If we have trapped something that you would like to receive then mark it as accept and the other messages as reject then select the button ‘submit’. 

By taking specific action on the notification message you are actively contributing to the efficiency of your personal stream.  It also makes it easier to scan the trap contents.  If no action is taken you will continue to receive daily reminders of any new or outstanding content in your trap until after 30 days it is automatically cleared.

Tag and Pass

All incoming mail from external sources is being scanned for both spam and virus content. However, there are some gaps in the processing of messages addressed in particular to mailing lists that are not 'trapped'. These messages will be received directly to an individual's inbox tagged as [Spam?] in the left hand margin of the subject line. This allows individuals to recognize, filter and delete them more easily.

Changing SpamTrap notifications

This procedure will describe how to change the 'notification type' within SpamTrap. This will simplify the management of your trap by allowing you to accept/reject messages caught in your trap without having to login to the SpamTrap service.

Procedure

  1. Login to your SpamTrap: http://spamtrap.uwo.ca
  2. Enter your Western user name and password.
  3. Select Preferences... Notification
  4. From the Notification type:
  5. Select Clickable Webform
  6. Select Logout
  • Note: To submit your selection using Outlook 2007, you will need to open the message, click the Other Actions button, then View in Browser.

Training SpamTrap to Identify Spam

This procedure will describe how you can help contribute to reduce the levels of undetected spam which you receive. This is accomplished by using training links inserted to individuals with an active stream, you can assist us in identifying new characteristics and techniques implemented by spammers. It should be noted that this will 'over time' adjust system filter to reduce the levels of undetected spam.

Requirements

  • An Active SpamTrap
  • Email delivery directly to Western email address

Procedure

  1. From your email client
  2. View the full email headers of the messages which you would like to report as spam.
  3. Search for "X-CanItPRO-Stream: username"
  4. Make sure the message went through your stream by ensuring the username is equal to yourself. If it didn't then you will not have the necessary permission to move forward with this procedure. You may want to consider forwarding the message to the username listed.
  5. Search for "X-Antispam-Training-Spam:"
  6. Copy the link.
  7. Login to https://spamtrap.uwo.ca, note this requires UWO authentication
  8. Paste the url from above into the address bar of the browser
  9. Select Spam.
  10. Select Logout

Releasing Messages from SpamTrap

Based on the automated email notification summarizing messages caught in your trap, on occasion you may discover a false positive e.g. legitimate email caught in your trap. This procedure describes how to release that message. If email from a recognizable source is frequently caught in your trap we would recommend that you safe list the sender.

Please Note: Once a message has been released from your trap it still has to go through the university's mail queue. Therefore a small delay may occur before this message reaches your inbox.  Based on the email client you are using and how you are sorting your message list it will appear with either the original sent date or the date you released the message from SpamTrap.

Procedure

  1. Login to your SpamTrap: http://spamtrap.uwo.ca 
  2. Enter your Western Email user name and password.
  3. Select Trap Contents... Pending
  4. Identify the email you would like to release from your trap from the section Pending Messages (x to y of y)
  5. From the column Status Pending drop down menu select Accept message
  6. From the top right hand corner select Log Out

Whitelisting Legitimate Senders

Requirements

  • An Active SpamTrap
  • Email delivery directly to yourself

Procedure

  1. Login to your SpamTrap: http://spamtrap.uwo.ca
  2. Enter your Western user name and password.
  3. Select Rules... Senders
  4. From the Enter a specific Sender's email address:
  5. Type the address you would like to receive mail from
  6. Select Add Rule
  7. From the column Action drop down menu select Always Allow
  8. Select Submit Changes
  9. Select Logout

Best Practices - describes the best practices when it comes to dealing with spam and phishing emails.

More and more unwanted messages are clogging mail servers and wasting employees' time. Therefore the easiest and best way to deal with spam is also the one which wastes the least resources and your time, simply delete it. The reality is because most messages that are spam come from outside sources, there isn't very much that we can do to control them because;

  • Systems administrators are usually aware of spammers and have closed down the access long before they receive a complaint.
  • Email accounts are freely available and readily opened, therefore as quick as a spammers email access is closed down they have a new one is opened within minutes.
  • The information in email headers is often forged and what you see as the "To:" and "From:" fields are invalid.
  • If we block the whole email system sending these messages we block legitimate email from these sources.
  • Often complaints to some of these outside service providers are ignored because the people spamming us are paying for the ISP service, whereas we are not.

What you should never do is reply to the email, this just confirms you are a valid email address and can be added to other spam lists. 

Official Emails - find out if WTS really sent you that email.

To assist our customers in distinguishing spam and phishing email scams from official WTS email communications, widely distributed WTS emails as well as targetted phishing emails will be posted on this site so that you may be assured that the email you received is official before responding to it. Simply click on the email subject to see the full text of the message. Some points to remember:

  • An email subject line starting with [SPAM?] should be considered potential SPAM unless the WTS Support Centre tells you otherwise
  • Official email communication from an @uwo.ca account should never have [SPAM?] in the subject line
  • Official email communication from WTS will never ask you to email your password or other personal information
  • If you receive an email claiming to be from WTS that is not posted on this site please forward a copy of the message with full headers to phishing@uwo.ca .

Other kinds of phishing attacks occur regularly - for example, fraudulent banking notifications, or offers of free goods or services. Many such phishing messages will be caught by Western's anti-spam tools (reference links at right), but some may arrive at your inbox. For more information about phishing in general, and how you can protect yourself against such attacks, please visit Phishing on the CyberSmart website.

Recent Phishing Emails Seen on Campus

Official Emails Sent from WTS

Forwarding Emails with Full Headers - explaining how to forward spam emails to WTS with their full headers.

Procedure

Office 365 Webmail

  1. Click on the message in your Inbox to select it
  2. Click the downward facing arrow to the right of the "Reply all" button
  3. Select View Message Details from the drop down menu.
  4. A box will appear with the message header information.
  5. Copy the message headers:
    • Click anywhere in the Message Details box.
    • Press Ctrl-A to select the message headers
    • Press Ctrl-C to copy the message headers
  6. Open a new message composition window.
    • Select New from the menu at the top of Outlook.
    • Enter "postmaster@uwo.ca" into the To: field.
  7. Paste the complete message in the body of the new message.
    • Click your mouse in the body of the message (does not matter where).
    • Press Ctrl-V to paste the message headers.
  8. Send the message.

Western Convergence

  1. Highlight the message and select the forward button
  2. From the tabbed message view enter the appropriate email address in the To field
  3. Select Send

Note: Please do not forward the message using the option, Inline .

Outlook 2010/2013

  1. Double-click on the email message to open it in its own window.
  2. From the Message tab, Locate the group called Tags.
  3. Select the arrow in the bottom right hand corner of the group.
  4. A box will appear with the internet header information on the lower portion.
  5. Copy the Internet headers: into memory:
    • Click anywhere in the Internet headers: box.
    • Press Ctrl-A
    • Press Ctrl-C
  6. Open a new message composition window.
    • Select New from the menu at the top of Outlook.
    • Enter "postmaster@uwo.ca" into the To: field.
  7. Paste the complete message in the body of the new message.
    • Click your mouse in the body of the message (does not matter where).
    • Press Ctrl-V.
  8. Send the message.

Outlook 2007

  1. Double-click on the email message to open it in its own window.
  2. From the Options dialog box
  3. Select the arrow in the bottom right hand corner
  4. Copy the Internet headers: into memory:
    • Click anywhere in the Internet headers: box.
    • Press Ctrl-A
    • Press Ctrl-C
  5. Open a new message composition window.
    • Select New from the menu at the top of Outlook.
    • Enter "postmaster@uwo.ca" into the To: field.
  6. Paste the complete message in the body of the new message.
    • Click your mouse in the body of the message (does not matter where).
    • Press Ctrl-V.
  7. Send the message.

Thunderbird

From the menu at top

  1. Select View... Headers... All
  2. Navigate to and highlight the message in question
  3. Select the Forward button.
  4. Enter "postmaster@uwo.ca" into the To: field.
  5. Send the message.
    Note: Once you have successfully forwarded the message with full headers be sure to switch back to 'normal headers by selecting View... Headers... Normal.

Outlook 2003

  1. Double-click on the email message to open it in its own window.
  2. Click the View menu.
  3. Click on Options...
  4. Copy the Internet headers: into memory:
    • Click anywhere in the Internet headers: box.
    • Press Ctrl-A
    • Press Ctrl-C
  5. Open a new message composition window.
    • Select New from the menu at the top of Outlook.
    • Enter "postmaster@uwo.ca" into the To: field.
  6. Paste the complete message in the body of the new message.
    • Click your mouse in the body of the message (does not matter where).
    • Press Ctrl-V.
  7. Send the message.

Mac OSX Mail

  1. Select the message you want the full headers for.
  2. In the menu bar click 'View'.
  3. Go down the list and select 'Message', 'Long Headers'.
  4. Click on the message to highlight it, and then click on the Forward button.
  5. Enter "postmaster@uwo.ca" into the To: field.
  6. Send the message.

Gmail

  1. Log in to Gmail.
  2. Open the message you'd like to view headers for.
  3. Click the down arrow next to Reply, at the top-right of the message pane.
  4. Select Show original.
  5. Copy the entire content and paste into a new message
  6. Enter "postmaster@uwo.ca" into the To: field.
  7. Send the message.

Hotmail

  1. Log in to Hotmail.
  2. Highlight the message you'd like to view headers for.
  3. Right-click the message in the message list
  4. Select View message source.
  5. Copy the entire content and paste into a new message
  6. Enter "postmaster@uwo.ca" into the To: field.
  7. Send the message.

Yahoo

  1. Log in to Yahoo.
  2. Highlight the message you'd like to view headers for.
  3. Right-click the message in the message list
  4. Select View Full Headers
  5. Copy the entire content and paste into a new message
  6. Enter "postmaster@uwo.ca" into the To: field.
  7. Send the message.

Published on  and maintained in Cascade CMS.