St. Lawrence University uses a combination of real-time block lists (RBL) and Sophos PureMessage to help reduce the amount of unwanted e-mail (spam) that reaches campus. Users have the ability to administer their personal anti-spam preferences from the Sophos PureMessage web interface.

Anti-spam Administration: Users can perform a variety of administrative functions from the Sophos PureMessage web interface at: http://spam.stlawu.edu/. These options include the ability to:

• maintain an individual blocklist/whitelist
• view/release quarantined messages
• subscribe to daily notifications of quarantined messages
• disable all spam checking for your email account

For detailed instructions on performing any of these operations, use the help link available within the web interface.

Spam Identification Rules:

• Messages with a very high probability of being spam are discarded. These are messages with a spam probability higher than 90%, or well known spam sources as identified by a real-time block list.
• Messages with a high probability of being spam (50%-90%) are quarantined. Quarantined messages can be viewed and released via the administrative interface at http://spam.stlawu.edu/, or from a link in a quarantine notification message.

Phishing Information:

For those of you who may not yet have gotten the word, I want to alert you to a new kind of e-mail scam. Incidents have grown 800-fold over the last six months, according to IT-industry news magazines, so it is quite conceivable that you or someone close to you may find yourself targeted. Please be wary.

In these scams, which are referred to as 'phishing' e-mails because the scammer is fishing for personal information, the target (that is, you) receives what appears to be an e-mail from a trusted source, such as a bank or merchant with which you do business, asking you to validate personal information. A classic example sends you to a bogus web site that appears to belong to your bank, then asks you to enter your credit card number and PIN, as well as other personal information that you should not wish to make public. Often, the scammer provides a reasonable-sounding explanation for why the bank is asking that you do this. Please do not believe it. If you find yourself tempted to believe, call the vendor on a number that you know belongs to them or that you got from a trusted source (yellow pages), and ask them about it before following through.

Please, be wary of anyone who asks you for personal information like SSN, credit card numbers, PINs, etc. If you did not initiate the contact yourself, then it is highly likely that it is a scam. Once the scammer gets your personal data, you may be exposed to months of pain as you try to prove that it was not you who bought $10,000 worth of precious stones or whatever resalable product the scammer may have converted your good credit into.

In general, if you get an e-mail like this, the best strategy is to discard it. DO NOT RESPOND in any way. If the scammer believes that he/she wrote to a dead address, he may prune you from the target list, which is a wonderful bonus.

If you receive any e-mail that worries you, please feel free to ask anyone in IT for advice before taking any action.