Outbound Message Filtering in TechMail
No One at Texas Tech University or from Anywhere Else Should Ask For Your Password
Despite continued warnings from the TTU IT Division, a small number of TTU
faculty, staff, and students have responded to “phishing” emails by replying
with their eRaider usernames and passwords, as well as other confidential
information. As a result, spammers have been able to use these accounts to
generate large quantities of spam. Subsequently, major email providers have
placed the TTU mail domain on their “black list”, causing legitimate emails
sent to those providers (Yahoo, MSN, HotMail, Google, etc.) to be rejected and
In order to address this problem, the TTU IT Division has implemented two new email features:
Outgoing messages from the TechMail system are run through Microsoft's Content Filter Agent (CFA) and scored on a ten point scale called a Spam Confidence Level (SCL).
- SCL 0-7: Low confidence of being spam. These messages are delivered as usual. It is still possible for the recipient's spam filter to block the message.
- SCL 8-9: The message is not delivered and you receive the following undeliverable
- TechMail unable to deliver because message was scored as spam. Please alter message and re-send. For assistance, contact 806-742-HELP.
TechMail administrators do not control the scoring process; it is based on periodic updates received from Microsoft.
These measures exist to protect the reputation of the TechMail servers with other email providers. Large amounts of spam messages sent from TechMail can cause email providers such as Gmail or Hotmail to block all incoming messages from @ttu.edu addresses for a period of time. This can affect the entire University's ability to conduct business.
NOTE: If you need to send messages to a large number of recipients for matters not related to TTU, you may need to use the services of a third party email system.
Emails which are unrelated to official Texas Tech business or academic purposes should be sent using personal email accounts. For example, if you are emailing a list of items for your spouse to pick up at the store on the way home, that type of correspondence should be sent from your personal account rather than your TechMail account.
For official correspondence between individuals at Texas Tech, please use your TechMail account for both sending and receiving.
ALTER THE MESSAGE CONTENT BEFORE SENDING
No junk email filtering solution is perfect. The CFA makes a judgment based on multiple factors, especially the subject line and message body.
Microsoft's spam filters are based on known behavior patterns of spammers. Microsoft does not reveal the specifics of their anti-spam technology, nor does any other vendor, as this information would be used to create messages that would bypass filters. The following conditions may increase the likelihood of your message being scored as spam.
- Misspelled words in the subject line and body
- Use of words and acronyms not likely to be found in a common dictionary including scientific and technical terms, particularly in the subject line
- Sending email from a POP/IMAP client via SMTP can result in higher scoring than using a native Exchange client, such as Outlook or Outlook Web Access (https://mail.ttu.edu)
- Sending messages in plain text
- Sending to multiple recipients, especially a large number of recipients
- Sending to addresses in an international mail domain
- Messages sent at hours atypical of most email usage
- Inclusion of words and characters typically found in spam. Microsoft
offers these words as examples of what spam filtering may look for:
http://office.microsoft.com/en-us/help/HA010450051033.aspx. This list is an example only, however it is a good example of what spam filtering may look for in a message.
You can alter the content of the email being sent to avoid having the message scored as SCL 8-9.
Messages sent to TechMail users are scanned to identify likely phishing schemes. When the sender is not on your "Safe Senders List", suspected phishing messages are automatically placed in your Junk E‑mail folder and prepended with the following warning:
WARNING: This message is not from a sender on your Safe Sender’s list AND MAY BE AN ATTEMPT TO STEAL YOUR PASSWORD. No email from a reputable source will ever ask for, or direct you to verify, your email account information! If you are certain of the sender’s identity and need to reply or forward this message, delete this warning verbiage before sending and add the address to your Safe Sender’s list. For further assistance, call (806) 742-4357.
Please note that authenticated, internal TechMail messages are not be affected by the phishing filter.
Further, if a TechMail user replies to a suspected phishing message which has been tagged with the above warning, the outgoing message will not be delivered. The sender will receive a notice stating the following:
- Unable to send messages flagged with security warnings. Contact 806.742.4357 for assistance.
Note that for legitimate external messages received, TechMail users can remove the warning text from their reply in order for the message to be sent. They may also want to consider adding the original sender to their Safe Senders List; this will prevent the warning from being prepended to future messages from that sender.
These measures are an attempt to help protect eRaider accounts from phishing and to protect TechMail servers from being blocked by other email providers.