Donovan Lambright, Automation Librarian

Yesterday, Christmas Day, the SELCO email server was deluged with a new wave of spam.  Like the one that we had a couple of weeks ago, the messages consisted of a graphic with very little text.  This is one of the harder forms of spam to filter, both because there is little text to check for stop words and because many legitimate business use the same kind of email for holiday sale emails.  This group of messages was more sexually explicit than the last.  The timing of this group of messages was almost certainly not an accident.  By sending them out on Christmas day, the spammers ensure that most organizations will not be monitoring their email servers.  Many organizations will have systems staff taking time off to travel with family for a few days after the holiday.  All this adds up to more time going by before corrective measures can be taken.

So,  enough excuses.  What are we doing about it?  Mick Reese, SELCO Systems Manager, and I had a phone meeting today to go over our options (Mick is one of those System Admins who is taking time off to be with family this week).  We decided to:

• Increase the sensitivity of our spam filter to block these messages.  Our current settings have proven inadequate; going much further will likely block some email from legitimate businesses sending this kind of email.  I believe that the explicit nature of the spam justifies this step.  Mick will carry out this task by the end of the weekend.
• Contact our spam filtering company to find out why messages with explicit subject headings are not being blocked.  The body of the messages has little text but the subject headings seem dirty enough that the filter should be blocking them anyway.  It's possible that we have something misconfigured in the filter.
• Re-evaluate the way SELCO uses email distribution lists.  Since Exchange distribution lists are just email addresses that bounce messages to list members, they will accept a message from any address.  The alternative is to set up a server running the free LISTSERV software.  Listservs, as you probably already know, can be configured to only accept email from list members.  We haven't taken this step before because it's not perfect and will require considerable effort from both SELCO staff and users.  Spam that has been faked to appear to come from a list member (aka "spoofed") is very common and will get past the listserv.  Setting up the listservs will require a complete reworking of our email distribution lists with all users having to re-subscribe to their lists.  Measuring the benefits against the costs, we have not chosen to take this step.  Recent events with spam have convinced me that we should revisit the issue after New Years when everyone is back from holiday travels and the ILS Operations Committee has their next meeting.

That's it.  Please accept my apologies for this offensive batch of unwanted email.  Spam fighting is a never ending struggle and we will continue to tackle the problem.