Chain email and spam

Network-wide Broadcasted Messages (spam)

Some people use the Internet today as their own personal broadcast medium for distributing advertisements and solicitations, many of which are for money-making schemes. The term "spam" has been coined to describe these indiscriminate, network-wide broadcasted messages. Spam is unsolicited bulk email on the Internet. It includes chain letters, items for sale, get rich quick schemes, or any other unwanted email that people often receive. An example of an unauthorized mass mailing is using a mail client's address book or a directory service to send spam email to every user or groups of users listed there. Do not send these messages, and if you reply to them, do not reply to all the recipients.

Since spamming is against the UA Code of Computing Practices, you must make sure not to send out any spam yourself. Do not send emails to large groups of people especially if you do not know each of the people personally. Some people have used the Reply All button in response to unwanted spam email, which makes the problem even worse. Sometimes this is done deliberately, but it can be accidental. In many cases, sending a message to a long list of recipients (even with good intentions) can result in the loss of computing privileges. If you do use the Reply All button, be sure it's appropriate for all of the recipients and use it only if you know ALL of the recipients. Even if your intention is to stop a spam outbreak, when you reply to all the recipients of a mass mailing, you are perpetuating the problem!

What should you do if you receive a spam message? It's best to just ignore the message and delete it from your mailbox. Never reply to these messages and never send them money. Many people who send spam messages take great pains to hide their real identity on the network, so trying to reply to their spam messages is usually futile. Many email applications have filtering capabilities that can block messages from a specified addresses. To report the spam email to University IT Services, expand the full header of the message and forward it to abuse@uark.edu. To learn how to expand full headers and filter spam emails, go to the UITS Email page and select your preferred email client.

What happens if I send chain emails or spam from my University account?

Users who are found to have initiated or propagated chain email messages or spam messages from a University account will be locked from that account for two business days. Subsequent violations of this policy will result in additional administrative sanctions.

What is spoofing?

If you are receiving notices of bounced email messages that you didn't send, the returned mail you received probably did not come from your account. A new tactic of viruses is to use someone else's email address when mailing themselves to potential victims. That is spoofing. They will search infected computers for email addresses and anything resembling an email address. They will find addresses in the address books of email clients, Microsoft Office documents, viewed Web pages, instant messenger lists, old email, and possibly any other form of data that may have been transmitted to the infected computer.

Once the virus compiles a list of addresses, it will use one of the email addresses as the From: address of an email, and another as the To: address. If the email is not delivered to the intended recipient (in the To: field) possibly because the address no longer exists, is over quota, or the server would not accept the email since it contained a virus, the message will be bounced to the address in the From: field. If your address happened to be one that was harvested from an infected computer and used as the From: address by the virus, you might receive returned messages that you did not send.

Sometimes the virus will use addresses of major service providers as the From: address such as PayPal, eBay, Microsoft, and others before mass mailing to all of the other addresses found on the infected computer. So, you could receive a message that appears to be important information from one of these companies.

Unfortunately, many email gateway filters do not take the forged address into account and will report the virus attachment to the address in the From: field. Sometimes these gateways cause more problems then the actual virus with these incorrect reports and their rejection messages. Additionally, many do not contain sufficient information that will help mail server administrators or IT Security staff to actually track down the infected computer. In cases where they do report appropriately, or staffers receive emails of the original message with their full headers, the infected computer can be identified, and more steps can be taken to mitigate the problems.

In these cases, contacting the appropriate Internet provider is most likely the only step that can be taken. We hope that they will assist their user/customer clean their computer and educate them about not opening attachments and the use of updated antivirus software. For our own local users, we have a policy of blocking users with infected computers, and will contact them or an appropriate technical contact concerning the steps that must be taken before the computer can return to our network.

What are email hoaxes?

Virus hoax emails contain bogus virus warnings usually intent only on frightening or misleading users. Please refer to Symantec Security if you have a question about what appears to be a bogus message regarding a new virus or a promotion that sounds too good to be true.

How do I know if email is really from the U of A?

If the email was from admin@uark.edu, administrator@uark.edu, service@uark.edu, mail@uark.edu, register@uark.edu, support@uark.edu, webmaster@uark.edu, or info@uark.edu and signed by the "UARK Support Team", then you received a spoofed message, an email that had a fake From address in it.

These accounts don't exist, so these messages were not from University IT Services nor the University. There is also no "Uark Support Team". The attachment in a spoofed email typically contains a virus. The message about your account is to get you to open the attachment.

If you opened the attachment, it is possible that your computer now has a virus. If you have not downloaded and installed Symantec AntiVirus (downloadable from the University IT Services site), you will need to do so and run the virus scan. You can report the message by expanding the header and forwarding it to:
abuse@uark.edu
Note: The email's header must be expanded so that the real path and sender of the message can be seen.
For instructions for expanding headers visit the UITS Email page and select the email client you are using.

What is Chain Email?

Why are chain letters a problem?

Since chain email is sent to so many people with that number increasing every time that piece of mail is sent, an email chain letter has the potential to waste great amounts of bandwidth and disk space and clog up networks which can cause problems for people trying to send legitimate email or do other work on the Internet. They are also illegal (in violation of Title 18, U.S. Code, Section 1302, the Postal Lottery Statute) if they contain any requests for money or items of value. They are also often damaging to a person's or organization's reputation, for example chain emails that illegitimately request money for an organization.

What can be done?

Examples of popular chain emails

These chain emails are still circulating on the Internet. Beware!

Email Tax (602P) Hoax
Harry Potter Hoax
Klingerman Virus
Nigerian Business Proposal
PENPAL GREETINGS
Make Money Fast Warning
Paypal Account scam
A Little Girl Dying
Jessica Mydek
Kidney Harvest
Hawaiian Good Luck Totem
Honey Starr

Links to Web Sites with more info on chain email

• CIAC Internet Hoax and Chain Letter pages
• Chain Email
• Chain Letters (Rutgers)
• Getting Rid of "Spam"
• SpamDontBuyIt.org