To help thwart the distribution of "spam" (electronic junk-mail), Penn State recently made several modifications to its main e-mail system. The changes will make it more difficult for cyber marketers to use the University's network to send junk-mail to unwilling recipients, but will not disturb the normal flow of Internet traffic for most Penn State students, faculty, and staff.
As e-mail users increasingly find their in-boxes flooded with unwanted and often offensive solicitations, spam has become a source of irritation for many today. It is also becoming a burden for Internet providers to manage, since the volume of mail can be extremely high (spammers will typically send 10,000 e-mails or more at a time). Yet, since the original design of the Internet was based on the concept of trust and the use of open relay (free exchange) systems, many Internet Service Providers have been reluctant to limit these electronic transmissions.
Moreover, Universities like Penn State, that provide large-scale Internet services, sometimes become unwilling partners in the distribution of junk-mail, because perpetrators use their high-power networks to carry messages to the locations they're targeting.
"Unethical bulk mailers, known as spammers, discovered that we have an efficient way of handling e-mail," said Russ Vaught, senior director of the Center for Academic Computing (CAC). "When these individuals send junk-mail through our system, it can result in institutions and businesses around the world receiving unwanted solicitations sometimes on a massive scale." For this reason, according to Vaught, it became critical to find and block the holes in the Penn State network that the spammers were using.
He explained that previous to the Penn State changes, anti-spamming vigilante organizations, such as the Mail Abuse Prevention System (MAPS) and the Open Relay Behavior Modification System (ORBS), placed Penn State on their black lists because spam had inadvertently been transmitted by the University's network.
"Some of our faculty members were unable to send e-mail to Oxford University and the University of Ottawa because of the ORBS and MAPS blacklisting," Vaught added.
After the system modifications took place, the main Penn State e-mail servers were taken off the blacklists and electronic communications between Oxford, Ottawa, and Penn State resumed. (Note: individual university, college or departmental e-mail servers could, however, still experience communication difficulties, if their system administrators have not yet incorporated similar modifications).
With the war between anti-spamming vigilantes and cyber marketers escalating, government agencies are beginning to pay closer attention to the junk-mail problem. An on-line article by CNET last year reported that the Federal Trade Commission had been investigating spam-related issues and was proposing legislation that will penalize those who send unsolicited messages to e-mail account holders.
According to the report, the legislation's introduction comes on the heels of a recent Coalition Against Unsolicited Commercial E-mail (CAUCE), survey that indicates consumer support for government regulation of spam. In the survey, 76 percent of the respondents said they believe the government should regulate spam "in some way." About the same proportion said fraudulent return addresses should be made illegal, and valid contact information should be required. About 67 percent said Internet Service Providers should be able to refuse to send or deliver spam.
In the meantime, many companies are now offering anti-spam solutions for individual computer users. Eudora Pro, Microsoft Outlook Express 5.0, and Netscape Communicator all have filters that can be used to deal with the spam problem.
Yet, despite the challenge the problems have created for Internet Service Providers, Penn State's main e-mail system continues to effectively process an average of two million e-mails per day, according to Steve Kellogg, the CAC's director of Advanced Information Technologies (AIT).
"The robust quality of our network is, unfortunately, what makes Penn State's e-mail system continue to be attractive to cyber marketers," he observed.
But Kellogg believes that the recent network changes should effectively address most of the current problem, even though the alterations won't be perceptible to those who use Penn State's Internet service via residence halls, computer labs, offices, and dial-up connections.
"It's important to note, however, Penn State users connecting from non-University resources such as AT&T's @Home, America Online, etc., will need to check their in-coming Penn State mail, in order to be authenticated, before they send out-going mail," he added.
"This is an ongoing problem," summarized Vaught. "As long as it is profitable and legal, junk-mail marketers are going to try to find holes in our system, and we will need to continue to work with system administrators to intensify Penn State's preventive efforts."
For more details about the recent e-mail system modifications please see: http://cac.psu.edu/news/alerts/email121699.html , or contact the CAC help desk at 863-2494 or 863-1035.