Respite FAQ

Wed, 04/10/2013 - 13:01 -- admin

Frequently Asked Questions about Rensselaer's RESPITE (Anti-Spam) system.

Open All | Close All

  • My email to RPI was rejected - what do I do?

    If your email was rejected with the message: ``Message failed anti-spam test...'' you will need to contact the intended recipient and ask them to adjust their RESPITE settings to accept your messages. You should compose a brief new message which does not include text from the rejected message.

    If you cannot contact the intended recipient with a simple message it is possible they have inadvertantly configured their RESPITE settings in a way that also rejects legitimate messages. If you suspect this is the case, and can not otherwise contact the recipient (for example, by telephone), send details to postmaster@rpi.edu. Include the incident ID quoted in the rejection message. Please note that the postmaster does not manage recipient whitelists, or maintain a global whitelist.

  • What if I am using my gmail/AOL/Hotmail/etc account?

    Email sent from non-Rensselaer accounts are treated by Respite like all email from non-Rensselaer accounts. If this causes problems, then use your Rensselaer account to send email. When traveling use the appropriate web-based email service.

  • What if the message says my computer is blacklisted?

    In order for the recipient to receive your messages reliably they should add your newsletter or service their "always allow" list in RESPITE. Contact the recipient as outlined above asking them to change their customized settings.

    It is also important to check that your service is not inadvertently inflating it's spam score due to miss-configured server settings. For example, if you are using an ISP that publishes SPF (Sender Policy Framework) records, ensure the the records for your domain are correct. Likewise, your email should have a valid sender address, recipient address, message IDs, and so on, and, generally, conform to Internet email standards.

  • How do I use the daily notification email?

    Each day in your inbox, you will receive an email listing all quarantined messages. These are only the messages that have accrued since the last day’s notification. (If no messages have been quarantined, there will be no notification email that day)

    R4email

    This message has several features:

    1. Subject. Clicking this field will open a browser window/tab to view part of the quarantined message.
    2. Action. Only available for some clients, this is a pull-down menu of actions. Select the appropriate action for each message separately, then click the [Submit] button below.
      Outlook does not display this field properly and instead shows “Do Nothing V”;
      Thunderbird displays the pull-down menu, but the submit button will fail to complete the actions (a browser window will open and display an error).
    3. Quick-Action. These actions take immediate effect when clicked and will launch a browser window/tab to view the completed action. These actions are taken on each individual message, one at a time. Mobile clients may wrap text, so beware of which selection is being made. When selecting “Whitelist Sender”, the sender email address will be whitelisted AND the message will be accepted.
    4. View Quarantine (Requires Login). This is a link to the RESPITE 4 website, where you can login to complete other tasks, such as whitelisting other email addresses.
    5. [Submit]. This will submit all actions selected under #3, Action.
    6. Reject All as Spam. This will reject ALL quarantined messages, not just the ones listed in the daily notification message.

     

  • How do I whitelist an email address?

    1. Log into RESPITE at http://respite.rpi.edu with your RCS userid and password (the same credentials that are used for email)
    2. Select Rules from the toolbar.
    3. Select Senders from the menu on the left.
    4. Enter the email address in the field provided. (Enter a specific Sender's e-mail address:)
    5. Click Add Rule button
    6. On the next page, select Always allow from the pull-down menu.
    7. Click Submit Changes button at the bottom of the page.

     

  • I inadvertently blacklisted/whitelisted an address; how do I change that?

    1. Log into RESPITE at http://respite.rpi.edu with your RCS userid and password (the same credentials that are used for email)
    2. Select Rules from the toolbar.
    3. Select Senders from the menu on the left.
    4. Find the email address in the list (use the Filter:Sender field to search, if needed).
    5. Select the appropriate action from the pull-down menu:
      • Always allow = Whitelist
      • Always reject = Blacklist
      • Delete from table = clear the entry, removing all rules regarding that sender.
    6. Click Submit Changes button at the bottom of the page.

     

  • How long are messages kept in RESPITE?

    Quarantined messages are held for up to 45 days; messages older than that are purged from the system. Log information about messages that were marked as spam or non-spam is kept for approximately 7 days.

  • RESPITE is letting too much spam through/not enough legitimate email. What do I do?

    Just as with the previous version of RESPITE, individuals can adjust the parameters for how RESPITE categorizes messages.

    Some important notes:

    If you are forwarding email off-campus, the thresholds for quarantining/rejecting messages can NOT be adjusted. You can still use the RESPITE system and daily notification emails to whitelist addresses and accept messages that are quarantined, so no messages will be lost. (when spam is forwarded to external addresses, and is then marked as spam, there is an increased risk that Rensselaer will be considered a source of spam, which can result in email providers blacklisting Rensselaer and ALL email that is sent from our servers.)

    If you choose to have RESPITE reject messages, any rejected message will not be available in the daily notification. A record is kept in the logs under Quarantine -> Spam, with information about the content and sender of the message, and for up to 7 days the message can be recovered by resetting it in the trap and accepting it.  Adjusting the spam threshold to a more lenient number will allow more messages through to your inbox. A lower (stricter) number will keep more messages in the quarantine.

    To change these settings,

    1. Log into RESPITE at http://respite.rpi.edu with your RCS userid and password (the same credentials that are used for email)
    2. select Preferences from the toolbar
    3. select Quarantine settings from the menu on the left.
    • Automatically reject messages scoring more than this amount: any message that scores ABOVE this value will be rejected and cannot be recovered.
      If you choose to adjust this, we recommend starting with a moderately high value like 30, to reduce the risk of rejecting legitimate messages.
    • Spam threshold: messages that score BELOW this value will be delivered to your inbox. Anything scoring between this and the reject threshold will go to the pending quarantine. 5 is the default number for our system; a lower number here is more strict and a higher number is more lenient.
      If you choose to adjust this, we recommend starting by just increasing/decreasing by one or two.
    1. Click Submit Changes button at the bottom of the page.

    threshold

  • Can I tag messages, rather than use the quarantine?

    At this time, the system does not allow for tagging of messages. We have contacted the vendor to indicate our interest in this feature, so this may be available in a later release.

     

  • I already check the RESPITE website, can I disable the daily notification?

    This feature cannot be disabled.

    If there are no newly quarantined messages since the previous day’s notification, no email will be generated.

  • I whitelisted an address, but emails are still being quarantined...

    This can occur when the email provider uses what are called SPF records; these basically confirm that an email was legitimately sent by their server, but that confirmation in this case was not successful.

    Usually an SPF failure is due to a misconfiguration on the part of the originating email domain, and is something their admins need to fix.

     

  • What is phishing? Or, Is this email for real?

    The Problem

    "Phishing" (pronounced 'fishing') is the term used for fake email sent to gather personal information information or passwords; to trick someone into going to a web page or buying something; or, installing malicious software on their computer. For example, email may be sent purporting to come from eBay, saying they need to verify your credit card information. The web page you are directed to, however, is owned by criminals who will use the information you provide to make fraudulent credit card purchases.

    Recently phish has been targeting universities and colleges in an attempt to gather account passwords. The accounts are then used to send advanced-fee-fraud spam, lottery spam or other so-called Nigerian 419 spam. Compromised accounts are also used to send more phish in an effort to gather more accounts for later use. Often accounts are used within hours of a password being given out.

    "Spear phishing" is the term for targeted phish. The phish sent to campuses is often spear phishing, in that the sender has studied the target systems in an effort to make the message more realistic. Some of the phish sent to RPI has made reference to "Webmail" and "RCSIds", and directs recipients local web pages. Despite this local coloring, the messages are fake. The return addresses are other stolen accounts. By responding to these messages you are potentially giving a criminals access to your personal information. Note: under no circumstances will DotCIO ever ask for your password or other personal information in email..

    Examples

    The following are examples of phish sent to RPI. These are not real messages, they were sent to RPI email accounts in an attempt to gather passwords. They are quoted verbatim. The first example appeared recently and resulted in 6 accounts being disabled for responding.


    To: <redacted>@rpi.edu
    Subject: NOTICE EMAIL USER
    From: UNIVERSITY WEBMAIL <help_desk@redacted-but-not-rpi.edu>
    Reply-To: <redacted@live.com>

    Dear Customer,

    Our investigation of spam complaints shows that your email address is compromised and was used to send spam message through our University Webmail system. Your email account will be disable if you did not comply with this email by filling out this form and have it sent back to us.

    CUSTOMER BILLING FORM.

    First Name.:
    Middle Name.
    Last Name.:
    Email Address.:
    PASSWORD.:
    RETYPE PASSWORD.:
    Student ID.:
    Date Of Birth.:


    Dear RPI Subscriber.

    The reason for this message is because of the Email Scams & Phishing going on the RPI Network. We have decided to contact all our students and staff to provide their password so that we can confirm the active users and to de-activate the inactive user. We regret the inconvinieces this might have cost you.

    Please provide us with the below details.

    RCS ID:
    Password:

    With the above details we can verify active rpi.edu account.

    Copyright (c) 2008,Rensselaer Polytechnic Institute, 110 Eighth Street,
    Troy, NY, 518-276-6000


    Subject: Comfirm Your RPI.EDU Webmail Account !!!

    Dear RPI.EDU Webmail Account Owner,

    This message is from RPI.EDU messaging center to all RPI.EDU email account owners. On Saturday, 19 July, 2008, from 10:15 AM until 6:05 PM, all Mailhub systems will undergo regularly scheduled maintenance in RPI.EDU Access to your e-mail via the Webmail client will be unavailable for some time during this maintenance window. We are currently upgrading our data base and e-mail account center - see homepage. We are, deleting all RPI.EDU email account to create more space for new accounts.

    To complete your RPI.EDU Webmail account, you must reply to this email immediately and enter your CORRECT PASSWORD here (*********) immediately for upgrading, Failure to do this will immediately your Email address here(***************************) deactivated from our database. Once we have updated your account current records will be sent your Online Account and your service will not be interrupted and will continue working as normal.

    Your Email Address Here *************
    Correct Password Here *********
    Date of Birth ***********

    Final Notification, Please Protect Your RPI.EDU Webmail From Being Closed. To provide easy access to all your account administration functions, we have moved these functions to easy Webmail at http://webmail.rpi.edu you can also confirm your email address by logging into your webmail account.

    Please accept our apologies for the inconvenience.

    Thank you for using RPI.EDU!


    Again, We will never ask for your password in an email.

    What do do if you receive a phish?

    Delete the message. If you know how to view full message headers, you can forward a copy to abuse@rpi.edu. Do not respond to any phish email. Responding may result in your account being disabled.

    Why was my account disabled?

    When a new phish message arrives on campus the log files are scanned for responses. If any are found, the account sending the response is disabled. Note, the logs do not show the content of the response. They only record that account A sent a phish message, and afterward account B sent a message to account A.

    Accounts that respond to phish are disabled to prevent RPI's mail service from being used to send spam. In some cases, the account disabling is automatic. If you have come to this page because you cannot read email or log on to your account, and you responded to a phish, chances are your account has been disabled To must contact the helpdesk to have your account re-enabled.

    But I didn't give them my password.

    We have no way of knowing that. The email logs show that email was sent to an address used by a phisher. Once there is a chance that a password was given out, we must take steps to prevent the account from being used to send spam. Spam sent from RPI can result in all email from RPI being blocked by the major ISPs. Also, if the password was sent all personal information in the account is at risk. Since we cannot know if a password was or was not given out, the account must be disabled to protect the data.

    How can I tell Real System Messages from Phish?

    On occasion DotCIO will send real email messages about system status, and system changes. But, this is rare. The most common case is to remind graduating students that their account will expire, and that they should take steps to save email, or temporarily forward their account. Less commonly we will inform people uniquely affected by system changes, such as when the old POP3 server was retired in July of 2007.

    However, in no case will we ask for passwords, or other personal information such as date of birth, or social security number. Asking for this information by itself is a strong sign the message is fake, and should be ignored. Also, any real message will be posted to the RPInfo web page, or to the Kiosk newsletter. If you cannot find the official posting in either of these two places, then be suspicious of the message.

    Note the last phish example above directed recipients to Webmail. But, there is no information on Webmail confirming the message. Also note that it would be easy for a spammer to create a fake web page with a plausible sounding name. If it is not Rensselaer's official web page, then the message is suspect.

     

  • How can I stop my own e-mail from being blocked as spam?

    If you have been issued an RCS account, use that account, configured to use SMTP-AUTH, to send email.

    We also suggest using Webmail when off (or on) campus. Or, Outlook Web Access, for Exchange accounts.

     

  • What is the Nigerian or 419 scam?

    There are so many versions of this very old scam that it warrants its own category. Known as the the Nigerian Scam, the 419 Scam (after the relevant section of the Nigerian Criminal Code) or the Advance Fee Fraud, this scam has made the transition from letters to faxes and now to e-mail, and has been around since the 1980s. According to the National Fraud Information Center, this scam ranks third in percentage loss among the Top 10.

    The US Secret Service has a task force that keeps a data base of such reports, so if you receive such a solicitation, the only recourse recommended is to forward the message to the US Secret Service, including full header information and the words "No Loss" in the subject area. (Please note that The Secret Service will not contact you if you have not suffered any financial loss as a result of this scam.)

    Additional Information

    Please refer to the following websites for additional information about this scam:

    Excellent information is also available at the Federal Trade Commission website, including hints on how to minimize spam, and remedies available for you to pursue, including a link to file a formal complaint.