Unsolicited commercial email (spam) has been a common complaint for Harvard alumni who use the email forwarding service. Spam is not only irritating and misleading, but it also places an increased burden on the email forwarding technical infrastructure.
Alumni can help fight spam by being careful with using email forwarding addresses on the internet. We advise alumni not to publish email forwarding addresses on Web pages, internet directories, chat rooms, discussion boards, or blogs. Publicly available addresses are very easily "harvested" by automated programs used by spammers to build mailing lists. In addition, users should be careful with using email forwarding addresses as contact addresses for contests, online order confirmations, or commercial websites. These addresses are often sold to other companies, which results in more spam to email forwarding users.
If you do receive spam, the following tips may be useful.
- The best course of action is generally to delete spam messages without opening them.
- Do not reply to spam messages or click on any links in messages which you suspect may be spam. Doing so may confirm to the sender that your address is valid, which will often result in more spam.
- Do not open any attachments to unsolicited messages. Attachments to spam messages often contain viruses, worms, or spyware.
A common tactic in spam message is "phishing," or fraudulently posing as a legitimate sender to fool the recipient into providing confidential information. Some recent phishing attempts have posed as messages from Harvard support or administrative departments.
- We will never ask you to send a password or credit card information by email. Please do not send this information to anyone by email.
- Legitimate messages from Harvard will generally be sent from a harvard.edu email address. However, From: addresses are easy to forge, so this is not a guarantee that messages are legitimate. If you reply to a message that claims to be from Harvard, look at the address that appears in the To: line of your message; do not send the message if this address is different from the one displayed in the From: field of the original message, particularly if it is not a harvard.edu address.
- Be careful when clicking on links in email messages. In many email programs, you can tell where a link is pointing by moving your mouse over the link (without clicking on it). Do not click on the link if it points to an unknown website, or if it points to an address different from the one displayed in the text of the message.
- If you do click on any links, look at the address bar of your web browser to confirm the address of the site before entering any confidential information.
- Websites hosted by Harvard are in the harvard.edu or hbs.edu domains, or a subdomain such as alumni.harvard.edu, pin1.harvard.edu or alumni.hbs.edu. In addition, alumniconnections.com and reuniontechnologies.com domains host legitimate alumni websites, and can be considered trustworthy.
- You can tell what domain a web or email address belongs to by looking at the last word before .com or .edu. For instance, the web address alumni.harvard.edu is part of the harvard.edu domain, but harvard.alumni.edu is not.
- Many phishing emails claim that your account will be deactivated if you do not follow the instructions in the message. Harvard email forwarding addresses are only deactivated in cases of suspected abuse or fraud, and not for "account maintenance" or unspecified "security reasons," as is often claimed in fraudulent messages.
If you have received a message which claims to be from Harvard, and are not sure that it is legitimate, please contact the AAD Service Desk. To help us investigate, please include the headers and text of message that you received. If you think that you may have provided your HarvardKey login in response to a fraudulent message, please change your HarvardKey password and contact the service desk.
Mail sent to email forwarding addresses is scanned by Spam Assassin. Spam Assassin does not delete spam. Rather, it flags suspected spam messages as [POSSIBLE SPAM], which empowers alumni to make their own choices about how to handle flagged messages. You can choose to manually review messages flagged as [POSSIBLE SPAM] or set up a filter on your destination account to delete flagged messages or sort them into a designated folder.
The Spam Assassin program looks at each message and evaluates it against a set of rules relating to the content, format, and headers of the message. If a message meets a certain threshold based on these rules, it is labeled as [POSSIBLE SPAM]. Spammers constantly change their tactics to circumvent spam scanning systems, so some spam messages may slip through undetected. In addition, certain legitimate messages (particularly messages sent as part of a bulk mailing list) may occasionally have features which cause them to be identified as spam. The email forwarding servers are frequently updated with new versions of Spam Assassin, which should increase the number of spam messages that are identified as spam and decrease the number of legitimate messages that are misidentified as spam.
The email forwarding servers employ additional techniques besides Spam Assassin to control spam. For example, all messages are checked against a database of known spam servers and rejected if they are sent from known spammers. This technique substantially reduces the number of spam messages forwarded but should not affect legitimate messages. We may implement additional spam protection measures in the future, based on future technical developments and University practices.
I am receiving spam messages. Can you stop this from happening?
Once someone has obtained your email address, it is not possible to prevent them from sending messages to you. We scan messages sent to email forwarding addresses to identify likely spam messages (see the Spam Protection section, above), but we can't guarantee that all unwanted messages will be identified.
I have received messages claiming to be from Harvard which ask me to confirm my login or credit card information. Are these legitimate?
These types of messages are often fraudulent. Please see the Phishing section for more information.
I am receiving spam messages that are addressed to someone else. Why is this happening?
The address displayed in the "to" field of a message does not always correspond to your address; your address may be included in the "bcc" (blind carbon copy) field of the message. When your address is included in the "bcc" field, you receive the message, but your address is not displayed in the "to" or "cc" fields. Any messages which display other addresses in the "to" and/or "cc" fields are sent to these addresses as well as to your address. It is a fairly common practice for spammers to include a list of addresses in the "bcc:" field of a message.
I am receiving spam messages with a return address from a Harvard domain. Does this mean that an email forwarding user is sending spam messages?
Not necessarily. While it is possible that a Harvard alumnus or alumna is sending unsolicited email, it is more likely that the spam messages are sent using a forged email address. It is very easy for a spammer to set the "from" line in an email to display an address other than the one actually being used to send the message; the email address that is displayed may not even be a valid address. Unfortunately, this is a very common practice, and there is not much that can be done to stop it.
Spam messages are being sent using my email forwarding address. Does this mean that someone has broken into my account?
No. First, there is no email inbox to hack or break into, you only have an email forwarding alias.
It is very easy for a spammer to forge an email address by setting the "from" line in an email to display an address other than the one being used to send the message. A spammer only needs to know your email forwarding address to send mail claiming to be from your forwarding address. Unfortunately, it is virtually impossible to identify the actual sender of these spam messages, or to prevent them from being sent.
Why are some messages delivered with a [POSSIBLE SPAM] tag in the subject line?
The [POSSIBLE SPAM] tag means that the message has been flagged by Spam Assassin as a potential spam message.
Can I turn off spam scanning or change the settings for my account?
The email forwarding system currently uses the same Spam Assassin settings system-wide, so it is not possible to de-activate scanning or adjust settings for individual accounts.
Some spam messages are not being flagged. Can you fix the system?
It is difficult to identify all spam, as spammers constantly adjust their tactics to circumvent spam scanning systems. Because of the point system, there will always be messages that a user may consider to be spam that didn't score high enough to be labeled as such. Although it is possible to adjust Spam Assassin settings to catch more spam messages, this will also increase the chance of legitimate messages being misidentified as spam.
Spam filtering was working for a while, but recently I seem to be getting more spam. Is there something wrong?
Spammers are always developing new techniques to avoid spam scanners. This may result in more spam being delivered without being identified. However, the email forwarding system is frequently updated with new versions of Spam Assassin, which will improve the amount of spam that is properly labeled.
Some of the mail being flagged as spam is legitimate mail. What should I do?
Some legitimate mail may have characteristics that make the message appear as Spam to the Spam Assassin program, particularly if the message was sent as part of a bulk mailing list. We have tried to set the threshold for flagging as Spam so that this does not happen. However, any content-based spam scanning system will occasionally misinterpret legitimate messages as spam. We recommend reviewing messages which have been labeled as spam before deleting them.
Still need help? Contact the AAD Service Desk.