Spam Leads to Change in Exchange Mail System
LEXINGTON, Ky. (June 11, 2010) - To deal with recent spam attacks on university email servers, University of Kentucky Information Technology is implementing a change to the Outbound E-mail Policy in response to recent problems with external mail systems rejecting e-mail messages sent through UK's Exchange system. The Exchange mail system now has a per message limit of 200 recipients.
As a result of the spam attacks, e-mail originating from the University of Kentucky has been blocked by many external mail providers. Vince Kellen, CIO, stated that “IT is making additional technical changes to make it more difficult for spammers. IT is also working with the mail providers to have the UK mail system unblocked. However, we need your help to stop the spammers.”
WHY UK E-MAIL IS BEING BLOCKED
The blocking of UK outgoing mail is a result of spam originating from UK user accounts. In order to protect their e-mail users from spam, the mail providers and companies with mail servers each decide whether or not to accept mail from UK. Their decision to block UK is based on the volume of spam received from our users over a given period of time. In this recent case, some UK email users had inadvertently given their password out by responding to emails which pretended to come from legitimate sources but were actually spammers specifically looking to gain access to a user account. Spammers use this login ID and passwords obtained to then send out e-mail directly from the users account.
HOW TO HELP SOLVE THE PROBLEM
We are asking you to be on the lookout for these attempts to secure your password and ignore them.
· NEVER GIVE YOUR UK ID OR PASSWORD TO ANYONE.
· UK WILL NEVER ASK FOR YOUR ID OR PASSWORD IN AN E-MAIL.
If you receive an “undeliverable” error message, from an external organization that is not on the list below, please forward a copy of the “undeliverable” error message to helpdesk@uky.edu, making sure to include any error messages that were included.
WHY RESTRICTING THE RECIPIENT COUNT HELPS
Restricting the message recipient count to 200 makes it harder for the spammers to send a large amount of e-mail. When an e-mail user attempts to send a message to more than 200 recipients, the message will not be sent. However, Groups needing to send a message to a large recipient base should refer to the ListServ service at http://lsv.uky.edu/, as this system is designed to send messages to groups of users.
Please note that the limit is the total number of recipients in the “To:,” “Cc:,” and “Bcc:” fields of the message and applies to both internal and external e-mail. However, e-mail that is addressed to an Exchange Distribution List or ListServ list is only counted as one recipient, regardless of the number of members on that list.
For questions regarding this policy change or for assistance with sending out business mailings through Exchange to more than 200 recipients, please contact UK IT Customer Service at (859) 218-4357 or helpdesk@uky.edu.
WE WILL KEEP YOU UPDATED
We will provide updates throughout the next few weeks to keep you abreast of how successful we are in collectively stopping the spammers.
REMEMBER THESE SECURITY PRACTICES
· Avoid these “phishing” attempts by never giving your Link Blue user ID and Password credentials to anyone or any website.
· Be vigilant in choosing software, and never installing unknown software or unknown browser plug-ins on your computer.
· Maintain current anti-virus software and install all available operating system patches to prevent compromises from malicious software.
· For additional information, please review: