What is spam?
Technically, SPAM (TM) is a potted meat product composed of chopped up pork shoulder and ham, invented by Hormel Foods, Inc. in 1937. The word was originally adopted as slang for unsolicited commercial email (UCE). It is now commonly extended to several varieties of email and newsgroup abuse, loosely categorized by using the Internet to deliver inappropriate messages to unwilling recipients. Hormel Foods has posted its admirable position on UCE and the use of the word "spam" on the Web at http://www.spam.com/ci/ci_in.htm.

Illustration by Steve Oerding/IT-Creative Communication Services

• Unsolicited commercial email (UCE), such as advertisements for goods and services, which may be anything from discount office supplies to XXX-rated adult Web sites. Though some offerings may be more offensive than others, they are all fundamentally the same kind of abuse.

• Chain letters. The most infamous example is any variation on "Make Money Fast!" but there are others that don't involve money. The ones that do are a felony (mail fraud) in addition to being a form of spam.

• Off-topic or otherwise inappropriate posting. This can be either to a mailing list or to a newsgroup, and includes cross-posting messages to numerous unrelated newsgroups and posting many single identical or nearly identical messages to many groups. It is usually, but not always, commercial in nature. An example of this form of spam is posting a message concerning your litter of kittens (free to a good home!) on a mailing list devoted to NT security updates. Another example is posting an incensed reply regarding someone else's litter of kittens to the entire list, rather than to the sender.

• Posting to a newsgroup or list messages that castigate the subscribers as for engaging in whatever activity the newsgroup or list is concerning. This is known as "trolling," and exposes the troll as immature and socially backward, but is almost by definition on topic for its target.

• Using email or newsgroup posting to publicly or privately harass another person. Harassment is a violation of the UC Davis Acceptable Use Policy and may result in disciplinary action. In some cases it could even result in arrest and prosecution.

• Forwarding false virus warnings. The "virus" in this case is the warning itself, which is almost invariably a hoax (see http://www.symantec.com/avcenter/hoax.html for a list; many will no doubt sound familiar). This is a particularly nasty and insidious thing. It abuses the concern that people have for their friends and co-workers, and uses naive goodwill to waste network bandwidth.

Are you part of the problem?
If you engage in any of the activities mentioned in what "spam is," you are a "spammer" and may be subject to disciplinary action. No one in the academic community is exempt. It's also possible to be part of the spam problem without actually generating any mail yourself. If you are responsible for a computer that is on the network and is capable of functioning as a mail server, you could be providing a service to spammers by giving them a conduit to get around the efforts of other administrators to block the unwanted traffic. The service, called "relaying," is enabled by running mail server software configured to accept and forward messages that are neither from nor to a ucdavis.edu address. Spammers love to find relay-enabled hosts, especially in a respectable domain such as ucdavis.edu, because it lets them spout thousands of messages that would be blocked if they were coming directly from their true source.

Any system that supports mail transport may have a default configuration allowing mail relaying. It is the responsibility of the system administrator to check the mail transport application configuration. In the past few years, system administrators have become more savvy about setting this configuration properly. According to the Mail Abuse Prevention System, "In February 1998, the Internet Mail Consortium (IMC) released a survey reporting that 55 percent of the Internet mail servers remain vulnerable to unauthorized third party relay. Not too long ago, nearly every mail server was vulnerable to relay. So, although there is a lot of work left to do, we've made remarkable progress over the past few months."

If you have Microsoft Exchange Server, don't feel smug. Relaying was the default configuration for Exchange Server when it first came out. Are you sure you've fixed it? If you are not running server software, you aren't relaying, so all the people using Eudora to download their mail from the central campus POP servers can breathe a sigh of relief.

You're wondering why you should care, aren't you?
The two spam issues that have the most direct impact on the campus are relaying through a campus host, and spam generated at UCD that is directed at least in part to off-campus addresses. Both of these, if unchecked, can lead other sites to block mail from the ucdavis.edu domain. This can have very negative effects on you as an innocent end user. Imagine you're submitting an application for a grant that will support your entire lab for three years. Or, imagine you're in the midst of negotiating the summer internship of your dreams with the company you hope will give you a terrific job when you graduate. Or, imagine you've just finished the final corrections on the manuscript that the department chair has assured you will make him world famous, and email it to the journal a healthy two hours before the final deadline. Now imagine that your mail bounces because that site has just blocked delivery from ucdavis.edu because of spam originated at, or relayed by, UCD.

If you're not an innocent bystander, direct consequences of spamming could include losing your computing account, having a reprimand in your personnel file, or facing a lawsuit. Being a mail relay is bad for your computer because it diverts CPU and memory from your applications. Since spammers generously share the addresses of relaying systems with each other, the end result can be that your system's resources are overwhelmed by the volume of mail, locking you out entirely or crashing your system.

How to tell if your system is relaying, and what to do if it is
There are online resources available for system administrators who wish to make sure their site is not being used for mail relay.

The key links are:

• http://dcas.ucdavis.edu/security/tools/relaytest.html - A test you can run against your system to determine if the SMTP (Simple Mail Transport Protocol) service is open to mail relay.
• http://maps.vix.com/tsi/ar-fix.html - Assistance with disabling relaying on many different mail programs.
• ftp://ftp.ucdavis.edu/sendmail.d/ - If you are using a UNIX system with sendmail as the mail transport agent, pre-made program and configuration files for several versions are available for download. The README file on that page outlines the procedure for using the files.

The amount of spam infesting the Internet increases daily. UCD blocks a long list of well-known spam domains, but there are always more where those came from. You have three or four options for dealing with spam that lands in your mailbox:

1. Delete and ignore it.
2. Filter it (not readily accomplished by Pine users and can be difficult to set up effectively for others).
3. Complain to the spammer's Internet Service Provider (ISP), but make sure you know how to read headers, so you're complaining to the right person.
   • Open the message and expand the headers (see sidebar).
   • Forward the message with full headers to abuse@ or postmaster@ followed by the ISP's domain.
4. Report it to abuse@ucdavis.edu.
   • Open the message and expand the headers (see sidebar).
   • Forward the message with full headers to abuse@ucdavis.edu.

   To ensure that action is taken against the appropriate entity, the forwarded message must contain the full headers. Many of these complaints are investigated each month, so if you do not get a personal response immediately, please understand that it doesn't mean the complaint is being ignored.

Resources:
Coalition Against Unsolicited Commercial Email: http://www.cauce.org/

Resources:

• For more information on the Incident Response and Reporting project contact Doreen Meyer at dimeyer@ucdavis.edu.
• To follow IT's progress on incident response, see the project Web site at http://dcas.ucdavis.edu/security/.
• For a look at national trends, as monitored by the federal incident response network, see http://www.fedcirc.gov/.