What does IU do to protect users from spam and virus-infected email?
Important: UITS is preparing to retire the Cyrus (Webmail) service, and users can no longer create new Cyrus accounts. Current users are not affected at this time, and will be given at least six months' notice before Cyrus is discontinued. For more information, see About the Cyrus (Webmail) retirement.
On this page:
To protect against viruses, worms, and other malicious programs spread by email, UITS blocks certain attachments, filtering them from the Indiana University email system. For more, see At IU, what types of attachments are blocked from my email account?
UITS offers a spam quarantine service that
analyzes all mail delivered to IU Cyrus/Webmail
and IU Exchange accounts. Any spam messages you receive are
quarantined for five days in a
Spam (Cyrus/Webmail) or
Junk E-mail (IU Exchange) folder in your account. After
five days, the spam service deletes these messages automatically. For
more, see At IU, what is the spam quarantine service?
IU limits each host to sending only several hundred messages per minute. If someone is trying to send email to you from a non-IU host that has exceeded its message limit, then that email may very likely not get through to you.
As the high volume of spam on the Internet continues to increase, servers belonging to some popular email hosts are sending IU thousands of messages per minute, and the vast majority of those messages are undeliverable (i.e., from domains that don't exist). These hosts quickly and repeatedly exceed their bandwidth thresholds with illegitimate mail, much to the detriment of their customers who are trying to send legitimate mail to IU users.
IU email system architecture separates its internal university mail flow from the rest of the Internet. This provides a layer of protection that allows IU email to flow reliably between its students, faculty, and staff members. For this reason, it is expected that all official university email is sent via the IU system, and not through external, non-IU hosts. For more, see At IU, what is the policy about official communications from the university to students?
UITS is continuing to explore other systems that can block spam and email harvesting without disrupting legitimate use of IU systems. The following are some current ways that IU helps reduce the amount of spam you receive:
- On the central IU Exchange email system, UITS limits the number of visible
addresses (i.e., those on the "To:" and "Cc:" lines) and the number of
individual recipients for each email message.
- Users of the IU central Exchange system also benefit from the
implementation of a virus tool called Microsoft Forefront. This tool
stops known viruses from being delivered to users.
- UITS enables mail relay filtering for common virus subject lines
when it determines that words in the subject line are unique to a
- To search the online IU Address Book, the searcher must enter at least two characters of the last name, and search results are limited to 50.
IU computer users commonly wonder why an email address on a web page is spam-inducing, while an email address in the online IU Address Book is not. This is true because it is relatively simple to create a program that harvests email addresses from static web pages and then program it to browse sites for hours or even days, gathering email addresses. To harvest addresses from form-based address books, such as the IU Address Book, the programmer would have to create something smart enough to interact with different search engines on each address book.
For tips on protecting your web pages from email address harvesting, see How can I protect my web pages from email address harvesting?
Policies for IU internal mail
Note: At Indiana University, if you are considering mass mailing, be aware that the University Information Policy Office (UIPO) distinguishes between administrative mailings and mail that is for interpersonal communication, and treats the two differently. For details, see What is IU's policy concerning mass mailing via email?
Last modified on March 25, 2014.