Communicating online: preventing spam and other email security issues
Unwanted junk mail – spam – is an ever present problem for any organisation that uses email. For some people, spam is just a bit of a nuisance, but for others who receive many messages it clutters their mailbox and makes their work less efficient.
Information Services implements mail filters on the central mail relays to identify and either block or mark junk messages.
However, this cannot block all messages and there is always the possibility that legitimate email may get caught.
Spammers obtain email addresses from public web pages, forums, news groups etc. So be cautious about publishing personal email addresses.
To try and stop spammers consider:
- Using a comments form on web pages rather than a mail address
- Referring people to the Cardiff University contacts search rather than publishing your email address
- Only publish generic / team email addresses to prevent your personal email address becoming known to the spammers
- This raises accessibility issues
- If it's too obscure it will cause confusion
- Reassembly of email addresses may lead to mistakes and misaddressing which will lead to bounced emails
- Obfuscation will only cause a delay for the spammer, it is unlikely to prevent spam. Spammers have automated ways of de-obfuscating email addresses. Think of password cracking!
Preventing unauthorised access to your email
Normal email messages are not entirely secure. It is not obvious when a message has been read by someone other than the intended recipient so it is generally unwise to send any sensitive or confidential material by email.
There are three ways in which someone who is not intended could see a message:
- It could be wrongly addressed;
- Someone could gain unauthorised access to the mailboxes of sender and/or recipient. Except for very rare instances of hacking, the main way that the latter happens is by:
- Leaving yourself logged in at a computer, such as the open access facilities, after you have finished using it
- Allowing someone else to use your username and password.
- Someone forwards on a message without your knowledge or consent.
Please ensure that all emails have the correct address for the intended recipient. Please be careful when using auto-completion features for filling in names. It is very easy to send mail to the wrong person, especially where there is more than one person with the same name working / studying in the University. Where there are multiple entries for a name, you will be prompted to choose a name from a list. Do not assume that the first name which is auto-completed is the correct one.
Or use the People Search facility to find the email address of staff and researchers at Cardiff University.
Leaving yourself logged in to open access computers and allowing someone else to use your username and password are contrary to Cardiff University's Regulations, and disciplinary action may be taken against any user who compromises the security of the system by doing so.
The best way to guarantee that unauthorised persons do not read an email message is encryption. If the material is of a sensitive nature consider using another communication method.
It is impossible to prove that a normal email message has in fact come from the person or organisation it appears to come from. It is also not possible to prove that a message has in fact been received and read by the intended recipient.
Email should, therefore, not be used in relation to contractual or disciplinary matters where such proof may be important.
Be wary of phishing scams. Phishing is the name given to the practice of sending emails at random purporting to come from a genuine company operating on the Internet. The emails attempt to trick the recipient into entering confidential information, such as credit card or bank details.
If you receive mail that you have reason to believe comes from someone other than the apparent sender, you should report this immediately to the INSRV IT Service Desk, insrvConnect@cardiff.ac.uk .