During the last few weeks the campus has seen a drastic increase in Spam. We are also aware of several mail domains (e.g. Hotmail) that are rejecting or delaying e-mail originating from UMBC mail servers.
Most of the issues we are witnessing can be attributed to phishing attacks targeted at UMBC in which the criminals attempt to get UMBC users to provide their UMBC login credentials (i.e. username and password). Users at UMBC are often successfully tricked in to providing their login credentials. Unfortunately, it only takes a handful of compromised accounts to generate large volumes of Spam messages. The compromised UMBC mail accounts are then used to send out millions of Spam messages from our mail servers.
While we quickly identify the compromised accounts it is typically too late as the compromised account has sent out hundreds of thousands of Spam messages from UMBC mail servers. Some of this Spam is sent to UMBC users but much of it is directed to outside addresses at domains such as Hotmail. These large volumes of Spam then get the UMBC mail servers blocked by domains using reputation based Spam filters (e.g. Hotmail).
The most recent round of attacks used compromised accounts to access the gl.umbc.edu Linux servers to send out the Spam. The approach being used by the Spammers uses the fact that these servers were allowed to sent email through programs such as Pine, but does so in a way that they can send tremendous amounts of Spam. In order to mitigate both the Spam and the blocking of legitimate e-mails originating from UMBC we have developed the following plans.
Short-term (This Week).
1. We will disallow email from our Gl.umbc.edu (Linux1, Linux2, Linux3) machines. Over the last months we have seen 120 UMBC legitimate account holders use these systems to send email. This will impact a few faculty/staff but should greatly impede the way the spammers operate. We will be directly contacting the 120 UMBC account holders with information on an alternate approach they can use for email. These changes will be implemented on Thursday morning (April 1, 2010).
Mid-term changes coming between now and fall.
2. UMBC is working with the Attorney General's office on a contract with Google. Once the Google contract is approved and signed by the attorney generals office we plan to leverage Google's commercial anti-spam service called Google message security (previously called Postini) for faculty and staff. This service won't involve moving faculty and staff mail accounts to Google but instead it will augment, or possibly replace, our open-source anti-spam filtering solution. The Google message security solution is much better than our open source solution and should help cut-down on the spam that faculty and staff get in their inbox.
3. As planned and discussed with campus groups, over the summer we will move the student email from UMBC's servers to the Google Gmail service. Students will see a number of benefits to their email, including Google's basic spam filtering services they provide for GMAIL users.
Closing Thoughts
FastCompany magazine recently had a very interesting piece (March 24, 2010) that featured an amazing infographic on the SPAM industry from NewScientist magazine, http://www.fastcompany.com/1595958/infographic-of-the-day-the-spam-industry. The article highlights our challenges. In a recent attack that was discovered a group sent out 35 million spam emails with a link in them (this was one of many attacks that day), 10,500 (.03%) clicked the link, 28 bought products (.00008%). This criminal group made millions over the course of the year.
UMBC receives approximately six Spam emails for every legitimate email (about 1.2 million SPAM emails a day). We are seeing over 2 million many days in the last month. Our current tools have not kept pace with the changes and if just a small fraction get through it can mean dozens of SPAM emails in your inbox. This is why we are anxious to move faculty and staff to a commercial solution for SPAM filtering. We feel the only way to keep pace in this race is to leverage better technology.