Information Technology has implemented a process that "quarantines" external e-mails as possible spam. Since its June 28 implementation, the quarantine process, which is performed by IronMail software, has raised some questions for college e-mail users.

As noted in Interim IT Assistant Vice President Yvonne Flood's e-mail announcing the quarantine implementation, Metro State has reached the maximum level of automated filtration and elimination of spam, necessitating the quarantining process.

How does the system know when an external e-mail is spam or might possibly be spam? IronMail uses a rating system based on 12 to 15 factors with assigned scores. The total of the scores is the determinant. If the e-mail scores above 50, it is spam and is deleted. A score of 50 or below means it could possibly be spam, in which case it is quarantined and the user decides whether to open it, or it is legitimate e-mail and is sent through automatically.

"Quarantining lets the user decide if the e-mail might be spam and whether or not they want to release it from quarantine and open it," says Flood. "There always will be some false positives with quarantining, but that's good because it means the filter is doing its job."

The factors IronMail rates include such things as how many people the e-mail is going to—the more people, the higher the score, and if particular words that spam often contains are found in the header or in the first half of the body of the e-mail.

One factor that carries such a high score that the e-mail will at the least be quarantined is a "spoofed" sender address. Spoofing is a nasty trend in spam e-mail, according to Flood. Spammers use fictitious e-mail names and addresses in the "From:" line of their junk messages. They make the message appear to come from someone legitimate, increasing the chance that the e-mail will be opened.

It has come to IT's attention that some Metro employees spoof their addresses when they are working at home using their ISP clients, like AOL or Comcast.

"For example, an employee may be doing legitimate college business from home and wants to make sure their e-mail is recognized as such," Flood explains. "Rather than send an e-mail as somebody@aol.com, they'll spoof the sender address so that it reads somebody@mscd.edu. At the minimum IronMail quarantines it because it's spoofed."

Interim Vice President of IT George Middlemist suggests that employees doing college business at home either use the MetroConnect portal or their real ISP address. If they spoof instead, it likely will be quarantined.

Middlemist adds that this truly is an ongoing process that allows for adjusting the scores based on college needs and for quick response as spammers devise new methods. "We want and need feedback from staff about how the quarantining system is working for them," he says. "Based upon that feedback, we may have to adjust the scoring of certain factors. We implemented the filter using recommended industry standards, and have already adjusted a couple of scores."
Middlemist cautions, however, that too many changes to the baseline scores will complicate the software upgrading process. "It's a fine science, and we'll be very thoughtful and careful about any adjustments we make."

IT asks that anyone with particular questions contact the Help Desk at 556-8325.

To learn more about quarantining go to http://www.mscd.edu/%7Einfotech/training/spam/quarantine.htm