Skip to Content

Vanderbilt IT

Home > Services > Messaging > antispam > faq > FAQ

FAQ

Frequently Asked Questions

General Questions:

Usage Questions:

General Questions:

Q: What is VUmailguard?

VUmailguard is the deployment of a modular based electronic messaging security product, featuring email firewall, anti-virus and anti-spam filtering modules, designed to help keep the Vanderbilt network safe from email attacks.

Q: What methods are used to mitigate email attacks?

When a message is received into the Vanderbilt network, the message is processed by the following modules, respectively.

  1. Email Firewall

    The email firewall module is the first line of defense and blocks based upon connection and message criteria.

    • Connection criteria would include the sending email server's reputation (DNSBLs) or behavior (throttling) e.g. a server has a known reputation of sending spam/viruses around the Internet, or a server is sending a high percentage of spam/viruses into the Vanderbilt network.
    • Message criteria would include criteria such as SPF receiver side rules, message size limits, and specific high-risk attachments.
  2. Anti-Virus

    The anti-virus module guards against virus infections including zero-hour outbreaks. VUmailguard scans for viruses prior to an email message ever being analyzed as possible spam.

    Note: No notification is sent to the sender of messages containing viruses that are quarantined.
  3. Anti-Spam

    Once the message is deemed to be clean, the anti-spam module assigns a numeric probability that the email is spam. Based on the probability score several things will happen. Messages determined to be spam are dropped without notification. Messages that a have a high probability of being spam but the system cannot be sure of are placed in the users "Quarantine" and are not delivered to the inbox. A notification of messages held in quarantine is sent 1 day after the first message arrives. Users that do not want to have their messages filtered need to make a request to the ITS Help Desk.

All of this happens in milliseconds, as the VUmailguard service handles over 30 million messages per month.

return to top

Q: What are DNS block lists (DNSBLs)?

DNS blocklists are a published set of IP addresses that are in a format that can be easily queried by computer programs. Generally, this is a list of IP addresses that should be avoided. For email purposes, the DNSBLs are a list of IP addresses that are known to be senders of spam and malware. For more information about DNSBLs, see the Wikipedia entry for DNSBLs.

Currently, Vanderbilt University uses the following DNSBLs:

return to top

Q: What is throttling?

Throttling restricts traffic initiating from specific IP addresses by analyzing the messages from the connections in real time and applying policies according to what it discovers from the analysis. For example, if 50% of the email originating from a specific IP address over a 24 hour period is infected with a virus or contains spam, VUmailguard will apply a rule to reject the messages originating from that IP address for a period of time. VUmailguard may also restrict the number of connections it accepts from IP addresses that are suspected of threatening the Vanderbilt network with a Denial of Service Attack (DOS) or Directory Harvest Attack (DHA).

return to top

Q: What is Sender Policy Framework (SPF)?

Sender Policy Framework (SPF) is an anti-spam protocol that allows you to authenticate or verify the domain of an email sender. This protocol is useful in deterring spammers who often disguise their true Internet address by pretending that their email comes from a legitimate domain.

Each domain that provides support for SPF has an entry in their Domain Name System (DNS) that describes unique attributes about their mail system and a list of authorized senders. A SPF client program or receiver, in this case –VUmailguard – sends a DNS query to the domain from which the email supposedly originated to determine if the sender is legitimate. When the SPF client program evaluates an SPF record, it produces one of several results or conditions, which are predefined by the SPF protocol and included as rules in the VUmailguard SPF feature. The results of the DNS query will determine if VUmailguard should accept the email.

return to top

Q: What is the VUmailguard message size limit?

The VUmailguard message size limit is based upon several criteria.

  • Overall message size: The total size of a message cannot exceed 25 MB.
  • Attachment count: The total number of attachments in a message cannot exceed 256.
  • Individual attachment size: No single attachment in a message can exceed 20 MB.
  • Archived attachment e.g. zip, tar, sit, etc.:
    • No single file within an archived attachment can exceed 20 MB.
    • The total number of files within an archived attachment cannot exceed 256.
    • The maximum folder depth within an archived attachment cannot exceed 20.

return to top

Q: What is spam?

Spamming is commonly defined as the sending of unsolicited bulk e-mail - that is, email that was not asked for (unsolicited) and received by multiple recipients (bulk). A further common definition of spam restricts it to unsolicited commercial e-mail, a definition that does not consider non-commercial solicitations such as political or religious pitches, even if unsolicited, as spam.? This definition is directly copied from the Wikipedia definition for SPAM (electronic).
return to top

 

Q: What is VU doing about spam?

Vanderbilt University ITS has implemented Microsoft's Forefront Online as well as subscribed to several real-time Blocking Lists to help manage spam for Vanderbilt University. Currently all Vmail and VU Gmail users are enrolled in the service.
return to top

 

Q: Why Exchange Online Protection?

Microsoft's Forefront Online is an industry leader in spam and anti-virus protection. Vanderbilt has recently entered into a campus agreement which allows Vanderbilt to leverage this partnership to use the latest technology.
return to top

Q: How does spam filtering work?

Please refer to this Microsoft site http://www.microsoft.com/online/exchange-email-filtering.aspx.
return to top

Q: What email addresses are filtered?

Any email sent to Vanderbilt email systems will be filtered. Any messages sent to other accounts, such as yahoo mail or hotmail, will not be scanned, even though you may review those messages on campus.
return to top

Q: What if my Vanderbilt email is forwarded to another address?

All email sent to you using your @vanderbilt.edu address are filtered before they are forwarded elsewhere.
return to top

Q: Why am I getting fewer messages than I used to?

By default, when VUmailguard detects that an email message is spam, that message is "quarantined." You will receive a digest message, listing all of the senders and subject lines of messages which have been quarantined. If there is a message that you want to examine, you can release the message, and it will be delivered to your mailbox.
return to top

Q: How do I report spam that I received?

All users can directly report spam to Microsoft by forwarding the email as an attachment to abuse@messaging.microsoft.com. Additionally, Outlook users can download a plugin from Microsoft, which adds the ability to report Junk email from within the message.
return to top

 

Q: I didn't receive a message I was expecting; is it because of the Exchange Online Protection quarantine?

Probably not, Exchange Online Protection has the lowest error rate of any anti-spam technology currently available. However, if a message is quarantined in error, you can still release the message via the digest. Additionally, the quarantine can be checked anytime by going to your quarantine
return to top

Usage Questions:

Q: What's a "digest?"

VUmailguard sends you an email message which includes a list of the senders and subject lines for each of your quarantine messages. To view an email in the list, click "Move to Mbox" in the message, and the quarantine message will be delivered to the users’ mailbox.

return to top

Q: Are quarantined messages confidential?

Quarantined messages are treated with the same level of confidentiality as all email at Vanderbilt: Access to email without the permission of the recipient can only be authorized by a Vice-Chancellor or the Director of Human Resources.
return to top

Q: Do quarantined messages count against my quota?

No. Quarantined messages are stored on a separate server, and do not count against your email quota unless they are released to your Inbox.
return to top

Q: How often is the digest delivered?

Digests are mailed 1 day after the first spam message is quarantined.
return to top

Q: What credentials do I use to log into VUmailguard ("Spam Quarantine")?

This system does not use VUnetID and ePassword.  Your username for this system is your full Vanderbilt email address.  The password will be one that you create specifically for this system via the “Need your password?” link on the login screen.

return to top


Last Modified: 2014-07-09