FAQ - Spam, phishing and other suspicious e-mails

All e-mails that reach the RWTH Aachen are checked for virulent attachments. The same goes for e-mails that leave the RWTH Aachen via the servers relay.rwth-aachen.de, relay-auth.rwth-aachen.de or smarthost.rwth-aachen.de.

If a suspicious code is detected in an attachment, the attachment is replaced by the following text:

  This attachment contained a virus and was stripped.
     Filename: Dateiname
     Content-Type: Dateitype
     Virus(es): Virentyp und Name

Additionaly, the text  "***** VIRUS REMOVED / ENTFERNT *****" is included at the beginning of the subject line. 

All e-mails that reach the RWTH Aachen are checked for SPAM mail.

If such an e-mail is detected, the text "***** SPAM *****" is inserted before the actual text of the subject line.

Please forward spam e-mails, which have not yet been identified as such,as an attachment to the following address:
spam@access.ironport.com

This will help us improve our SPAM filters! 

"False positives", meaning e-mails that were falsely marked as SPAM (HAM), can be reported by sending it as an attachment to the following address:

ham@access.ironport.com

When forwarding information to this external e-mail address, please take into account any existing non-disclosure agreements (NDAs) and data protection regulations that may prevent the forwarding of information.

Spam is a term for unwanted nuisance or promotional e-mails. The IT Center uses a spam detection software which marks over 90% of the spam emails arriving from outside as spam, resp. does not accept them.

We have all received e-mails with a similar content at some point: "Virus warning!!! If you receive an e-mail with the title "bonus buy" do not open it under any circumstances! It will destroy your harddrive! Please inform all your friends and affiliates about this threat!"

Trustful people, then, send this "warning" to all the contacts in their address register. That is exactly what the sender of the e-mail aimed at. Minutes of valuable working time are destroyed since these sorts of e-mails are virtually always a hoax.

Hoaxes are troublesome but harmless. Downright distasteful are chain letters about children suffering from cancer who can supposedly be saved if you send as many e-mails to friends and acquaintances as possible. It can be expensive and even dangerous if you give credence to obscure farms in Simbabwe or alleged tradespeople in Lagos. There are neither firewalls nor virus protections against hoaxes, so the only way to deal with it is common sense or as they say on the Usenet: the "Program Brain 1.0".

A list of the most common hoaxes can be found, e.g. at  Sophos.

A commercial spammer keeps a database with sometimes several millions of addresses. He may receive these e.g. by performing a targeted (automated with a program) scanning of newsgroups, homepages or e-mail directories, but also by trying out common addresses. Sending of e-mails is also automatic. Since sending e-mails costs almost nothing it doesn't matter if many addresses are invalid.

Spam emails are always commissioned by someone. By using promotional e-mails, the client seeks to achieve that his website is visited or that his hotline is called. The spammers get paid for this.

You do not receive spam e-mails from the IT Center. The spammer often applies a simple name as an address, without the "@" character. In this case our mail server adds its own name to the address.

Unfortunately it is relatively easy to forge sender addresses and other header lines. The spammers use this method to prevent confrontation with tedious returns, amongst others. Therefore please always have a look at the complete header first in order to verify where this promotional e-mail actually comes from.

The sender address is a text field in the Simple Mail Transfer Protocol (SMTP) which can be filled in freely. As such, the SMTP does not contain any security measures to ensure the authenticity of the entered address. A spammer can therefore enter any sender address without the mail account of the pretend sender having to be compromised.

Replies to an e-mail are normally sent to the sender's address, but as the spammers are not interested in receiving a reply, this is not a consideration for them.

Some phishing e-mails display the recipient as the sender in order to trick the recipient into thinking that the spammer has gained access to the recipient's e-mail account or computer.