Email Security

Email Awareness

  • Don't put anything in an email you would not put on a postcard. Presume any message sent over the internet is available to the public. Email is not a secure form of communication and should never be used to send or receive confidential or sensitive information.
  • Consider using encryption to protect the confidentiality of your email messages.
  • Be careful when addressing email to be sure it is being sent to your intended recipient(s).
  • Check the source of your email. Email is subject to spoofing in which the identity of the sender may be forged, so use common sense when assessing validity and veracity of email message.
  • Be careful with email attachments. Never open email attachments from strangers or from senders you know if attachments are not expected.

Avoiding Spam

Spam is digital junk mail, mass emailings posted without regard to the relevance of message for or the desire of the designated receiver to receive them. They include:

  • Phishing, pyramid schemes, virus hoaxes, chain letters, and fraudulent business opportunities. A typical spam message is the 419 Scam whose name references the fraud section of the Nigerian legal code. 419 spam messages, which often feature the subject heading Urgent Business Deal, offer recipients a percentage of a large sum of money for helping the sender transfer funds out of a west African country.
  • Sexually explicit solicitations
  • Legitimate promotions and advertisements from commercial online businesses including retailers, financial institutions and utilities. These senders usually obtain email addresses from orders, surveys, contests and warranty registrations, and may also purchase from, sell to or share email lists with other companies.

Spammers are adept at changing ISPs and forging email 'From' addresses to cover their tracks. If you are an active internet user, there is no sure way of decreasing spam.

Receiving spam is not the same as being harassed by abusive or threatening email. (See Email Harassment)

Reducing Spam

Many bulk emails have tag lines such as:

Do not follow any of the tag line instructions on spam

The 800 numbers usually lead to inoperative voice mailboxes; the URLs and email addresses are usually schemes to confirm their list of active addresses. Responding to spam in any way, lets spammers know that their mail is being read and it simply encourages them.

To reduce the amount of spam you receive:

  • Check the source of your email and delete what you consider spam. (If an email message seems suspicious, it probably is. If the subject line seems odd and you don't know the sender, you may want to call and ask if that person sent the message. The best advice is to delete the message unopened.)
  • Maintain a separate temporary email address. Using your primary email address on any web-based form will likely make you a target for spammers. Consider keeping your primary email address private, and use a secondary free email account for temporary use or on web forms where an email address is required.
  • Be careful sharing your email address. Only give it to people or companies who you know will not distribute it to third parties.
  • Do not put your email address on a web page. If you must, encode it so that "spambots" cannot recognize it as an email address.
  • Do not pass along chain letters and virus hoax message to your friends.
  • Do not send people online greeting cards as the greeting card web site might store and sell your email address to spammers.
  • Do not reply to or follow web links inside spam messages. These include message inviting you to visit a URL (These can point to a different web site designed to steal personal information) and avoid clicking on "Remove yourself from the mailing list" links which are almost always invalid and are often used to verify the existence of a valid email address or to confirm that messages are being read. Following these links will usually result in getting more spam, not less. (The only exception is where you have taken steps to sign up personally for a mailing list, and messages from that list provide instructions for unsubscribing.)
  • Set up email filters to delete or sort spam messages. Use your email application's built-in filter or a third-party product, such as server side-filters. For more information, see the Dealing with Spam page.

Blocking Spam

One person's spam may very well be another's requested email. It is impossible for anyone besides the individual to determine which email messages are solicited and which are being sent without the recipient having either requested or agreed to receive them. Determining which messages are spam is even more complicated and difficult in a campus-wide system with thousands of users.

Professional spammers can be identified and all email being sent from their servers can be blocked. Companies that engage in practices of sending unsolicited email can be blocked until their policies are revised to prevent such abuse. Email servers that are unprotected and open to third-party hijacking can be identified, and in the cases where the systems administrator either fails to respond or refuses to protect their system from attack, can be blocked until the problem is resolved. Mail sent from personal computers can be blocked, if the address ranges of ISPs that are assigned to personal computers can be identified.

Keeping track of which systems are legitimate and which are being used by spammers on a daily basis is virtually impossible. Even if UBC were to expend the resources to identify spammers and block their messages, the spammers would simply adapt and the problem would persist.

UBC IT tags bulk email and messages with a medium spam probability for filtering by email programs, such as Outlook. For more information, see the Dealing with Spam page.

For information on how message rejection works, please see the Message Rejection page.

Complaining About Spam

It is recommended that you do NOT use any of the numerous programs available on the internet for complaining about unsolicited email, as the complain to addresses that appear in header lines can be forged. Your complaint could easily become spam for some innocent receiver, and you will have compounded the problem.

Dealing with Email Harassment

Harassing, abusive or threatening emails can be ethnic, personal, physical, religious, or sexual in nature, but ultimately are any communication, persistent or not, that make you uncomfortable. (Harassing emails are not spam.)

Harassment is unacceptable behaviour, by electronic or by any other means. It is not funny and should not be taken lightly.

If you receive harassing or threatening emails or instant messages, or are being mail bombed with numerous messages directed at you in a short period of time:

  • If you feel your immediate safety is endangered, dial 911 from any telephone and report the incident. Otherwise, respond directly to the sender, and express clearly but politely that you do not wish to receive further communications from the sender.
  • Make it clear that you wish to terminate all communications. Do not maintain a dialogue with someone who is sending harassing email, as it may prevent you from legal recourse. The person sending the emails to you may mistakenly believe you are someone else. You have now politely advised the person of the error.
  • Have no further contact with the other party.
  • Save a copy of the harassing correspondence, copying the email to yourself, saving chat sessions, where possible and making notes to yourself as to the time and date that each incident occurs.
  • Report further email incidents.

If harassment persists, you are strongly urged to contact your local police department.

Further Details

UBC IT has prepared a backgrounder on spam [pptx - PowerPoint file] which provides and overview of spam and how to best avoid it.

  • Details on steps you can take to deal with spam can be found on the Dealing with Spam page.
  • More information on the dangers of email phishing can be found on the Phishing page.
  • Read more on Message Rejection and how it works.