Why can't my employer stop the spam e-mails?

I work part-time at a community college. All staff and students have e-mail, and the address is the same for everyone: (your name)@college.com.

For every legitimate e-mail, there are (I’m not exaggerating) 50-100 pieces of spam. I’ve tried setting up filters, but it’s impossible to catch even a tenth of it.

So these hundreds of daily pieces of spam are being sent to hundreds of faculty, staff, and students, who are all wasting time deleting it.

I never got a single piece of spam at my last job, and e-mail was set up the same way. Is it because they had their own servers and the college doesn’t? (I’m not even sure that’s true – I know diddley about how this all works.)

But obviously, it can be done, spam can be prevented from getting to staff. What where they doing at my old job that my current employer can’t do?

If I understood how it worked, I might be able to calm down mornings. As it is, I’m imagining some slacker who’s supposed to be working on this playing Halo instead.

Do you get spam at your work e-mail? If not, why not?

I’m in IT, specializing in running email systems. Been doing it for years. The problem with stopping spam is that you have to be very restrictive on how you set up your email system, and you have to put a lot of effort into setting up the filters to block it. If the university doesn’t run their own servers, then they need to get onto the people that do to set up proper filters. Thing is, these aren’t free. (Ok, some are. But not ones for a large amount of mailboxes).

My current employer has had a huge spam problem for a long time. It’s gotten so bad that I have to have our email sent to an outside service first to have the email filtered, then sent on to our system. That catches about 95% of the spam. In one week, it stopped about 130k spam messages. So with catching 95%, we’re still letting in around 5-7k spam messages. It’s just really ugly. Spamming is cheap, mostly untraceable, and og help us, it works at times.

As for why you’re getting more now that you were, a spammer can find a list of names for people that work at the university, and just hammer them. So, one spammer does it, passes it up the chain, and you get constantly hammered. And once they have that address, it doesn’t really cost them anything to send messages to it. It’s expensive to stop, and typically hard to set up the filters.

 I'm also an IT guy, and I agree.  The agency I work for has in the last few years allowed "external email" (i.e., mail from outside our secured network).  Previously, only internal email was allowed for security reasons; heck, we still don't allow users access to the Internet and it's magical bottles of poisonous fun.  We occassionally get some spam email coming in, which we then block from HQ on a case-by-case basis (certainly not the best method).  
 From what you're describing, with the huge volume of crap coming in, I'd say that someone got their hands on your (presumably) standardized email address format (i.e. firstname.lastname@communitycollege.edu) and possibly even a campus directory and went to work with it in the spam lair of death.
 FWIW, a friend of mine was formerly a pretty highly placed executive with a major provider of spam services.  They've done well for themselves.  Basically, they compiled a massive database of valid email addresses and would send a client's advertisements to all of them for a fee.  They now also do counter-spam work.  What a racket. . .

One other point. You didn’t say what type of company your previous employer was. It’s more practical in some situations than in others to have a very restrictive spam filter. In a community college with (I assume) people with a great many different legitimate interests (maybe some one there does have a legitimate interest in erectile dysfunction :smiley: ), it’s going to be very difficult to filter spam out of everyone’s e-mail without having a problem with false positives (non-spam thrown out because it looks like spam).

I work in IT (non-technical end of it, though). I work for an enormous company and I’ve never received one piece of spam. Everyone has access to the internet and some people have access to both our stuff and the client’s stuff. So I know it’s possible to kill all spam. I’d hazard a guess that it’s extremely costly to do so. That would drive me positively over the edge to have to wade through that much junk. I feel for ya!

Oops… Forgot to ask…one of our clients is the U.S. Gov’t. Could that be the reason we’re so good at stopping this stuff? Is it in conjunction with security obligations that go with working for the feds?

I had the idea that if your email was posted in a website that spammers would get your address that way. I am wrong on that? I get tons of spam on my address listed on our site, but not so much on my other non-listed address.

I work for a large company that has its own servers. They have aggressive spam filters, and I only receive a few pieces of spam per month. One thing we have is a email address to forward spam to. I’m assuming this automatically filters that message from the mail servers.

Yep, that can happen. That’s one of the reasons the SDMB makes you go through several steps to see an email address of a member. Also, you’ll see some people post their address at dikuNOSPAM@sdmb.com. The automated search program won’t know to remove the nospam, but a regular user would.

As for those that don’t get any spam, visibility is the key. The more public of a face your email address has, the more spam you’ll get. My company has a really well known name, and spammers just run through all combinations to hit addresses. Luckily, Exchange 2003(email system) has made things better by not accepting email addressed to people not in the directory. That helps relieve the load quite a bit. That with good filters helps cut down a lot.

Presumably because they are too stupid to invest in decent spam blocking software. I have never received a piece of spam at my work email address. I do get the odd thing quarantined that isn’t really spam but is also nothing to do with work, but I can release them anyway.

Appliance manufacturer, many locations around the world. You had to know have a name in order to get an e-mail to them.

With the college, anyone who finds the website can get the faculty and staff e-mail list. I thought that was unusual when I first saw it. You need a password to read e-mail, of course, but anyone can get the names and addresses.

I suppose it’s considered good service for a school to be accessible to the community that supports it, and that’s probably why the addresses are public.

Thanks for everyone’s replies. :slight_smile:

There’s a general rule that the more effective a spam filter is, the more non-spam messages it will stop. You always have to balance the need for people to reach you with the attempts to avoid spam.

However, the conditions mentioned in the OP does seem to indicate that there is no spam filtering. That’s something that is really essential these days in order to keep e-mail a useful tool.

The company I work for set up spam filters that work incredibly well. I don’t know how it works but since they implemented it, I haven’t received one piece of spam.

So yeah, it’s possible.

If anyone has the names of these programs or filters, please pass 'em on, so I can pass 'em on.

I run a Barracuda box at work, it’s extremely effective. You don’t need to be running your own mail server to use one either. Your IT people undoubtedly know about them though, so it probably won’t fit in your budget.

Trouble is, as other people are mentioning, there’s probably been legitimate emails which have never got through to you.

My little local ISP uses Barracuda. I like it. I might suggest it to the IT folks at the college. Seems like if little old Woolstock phone company can afford it, the college might be able to.

You say that like it’s a bad thing.

One of the most effective ways to stop spam is not to use a catch-all mailbox and to have specific, difficult-to-guess account names (i.e. not just ‘firstname@domain.com’) and having the server refuse to accept anything addressed to an invalid account (as opposed to trying to filter out the crap or forwarding it to a postmaster). I have just made this switch on a mail server at work and it was quite surprising how much unwanted traffic just failed to arrive afterwards.

Of course that won’t stop spam that is addressed to a legitimate mail user, and you do need a configurable spam filter for this, but I find the one built into Thunderbird is plenty good enough for that.

What email program are you using?

I use Eudora and absolutely no spam makes it past my filters into my inbox any more. 0.00%. Mind you, I’ve probably got 13, 207 filter rules at this point :eek:

Eudie’s filters aren’t perfect or ideal (I’d like unlimited number of clauses, not just two conditions per filter, and I’d really like to create a boolean calc field that determines whether a given piece of email fits the parameter, nesting clauses within parentheses and using “AND” & “OR” & “NOT” at will throughout). But they’re still an improvement over nearly every other email program’s filtering system.

For the corporation to do it on the server side and do it effectively, you run a high risk of legitimate email you’d have wanted to receive going into the corporate trash bin unseen. That’s a risk with your own workstation-side filters, too, but at least it’s YOUR trash bin and you can peek before you delete.

I’ve got Eudora filters set up so it labels each piece of email with a colored label that indicated in a broad sense the reason the email got filtered into trash.

I don’t think you get this degree of versatility in Thunderbird, Outlook, or Apple’s Mail.