Incoming e-mail destined for addresses at Indiana State University are processed by a system known as “The mailgate cluster”. The mailgate cluster is a number of systems configured specifically for e-mail processing. These systems are designed to protect other internal servers and mail clients from malicious e-mail.

Incoming e-mail is processed by a number of distinct processes.

When a message first arrives the originator of the message is checked against four separate and unique lists of “known mail abusers”. These lists are maintained by disinterested third parties and are not controlled by ISU. Each list has a separate maintainer and different sets of procedures for how and why you can get listed or removed from a list.

The lists are:

http://www.spamcop.net

http://www.spamhaus.org

http://www.ordb.org/faq

There are basically three ways you can get on one of these lists and be blocked from sending e-mail to ISU.

The first method is to be an open relay. An open relay is a mail server misconfigured in such a way as to allow anyone to send anything to whomever they want. Spammers take advantage of this to send unsolicited commercial e-mail to you while disguising the actual point of origin. Using this method the spammer can simply move from one open relay to another, making it difficult for the end user to stop. There is NO reason for a mail server to be an open relay; therefore ISU does not accept mail from servers listed as such.

The second method to get listed is to simply be a known spammer. Some organizations just run their own mail servers and send spam from there. While there systems are not open relays they do send mass unsolicited commercial e-mail. These mailings are often reported to organizations that maintain the “lists” and once listed never attempt to remove themselves.

The third method is the e-mail trap. A number of systems set up e-mail accounts in their domain for users that do not exist, never send e-mail or browse the web. Any message sent to one of these accounts automatically gets the senders domain listed as a spammer.

In each case if a message is rejected by ISU because of being listed by one of these services, the body of the rejection message includes an explanation of why the message was rejected and a URL directing the end user to instructions for having their domain or e-mail address removed from the list.

If the message passes the above tests, it is then scanned for viruses and executable attachments. Known viruses and executable attachments (which can contain unknown viruses or other hostile code) are removed from the message. If the message contained any viruses or executable attachments that were removed, it is noted in the message body.

After the message has been scanned for viruses the body of the message is then assigned a “spam score”. This score is calculated by assigning point values to words and phrases commonly found in e-mail messages. If the spam score exceeds a fixed value the score and the phrase “message-is-spam” is added to the message header. The message is then delivered to its final destination. The end user may then use this phrase in the message header to filter out spam utilizing the features of their mail client.