Judy Richards IT/DIS
Since November last year we have been actively trying to reduce the
amount of unsolicited electronic mail, commonly known as SPAM mail, that
arrives in CERN mailboxes. Unfortunately this is not an easy job since the
spammers are constantly finding new ways of breaking our defences! Gone are
the days when you could block spam mail with a simple filter on the
`From:' address of a sender.
Today spammers are "forging" addresses in the
headers and envelopes of mail in such a way that it is difficult to
distinguish between legitimate mail and spams.
An additional problem, that does not directly affect most CERN users but does use CERN resources and affects the reputation of CERN, is caused by the spammers who try to make mail look as if it comes from a CERN machine. They either try to route the mail via a CERN machine or simply forge the mail headers to a CERN address so it will have less chance of being blocked by the recipient's anti-spam defences.
Although some anti-spam measures can be automated, for most someone has to look at the system logs and spam reports from users and make a human judgement as to what should be blocked. This of course takes time and so there is a limit as to what we can do. In addition it is difficult to measure how effective our anti-spam measures are. Although we know how much mail we are rejecting at the CERN gateways, each of these could be "fanned out" to multiple recipients at CERN, but it is prohibitively resource consuming to find out how many. And of course we have no way to measure how much gets through the filters into your personal mail boxes.
Since it is difficult to distinguish between spam mail and genuine mail, "innocent" people may occasionally be affected by our anti-spam measures. These are summarized below so that you are aware of what we are doing.
`From:'address for every spam.
`firstname.lastname@example.org'sends mail to
`user2'has an automatic forward to
`email@example.com', the mail will be rejected since the
`aol.com', but the relay address is
`in2p3.fr'. Automatic forwarding from within CERN is not affected.
`smtp.cern.ch'. If you are outside CERN you must change this to the SMTP server of your Internet provider or the lab where you are physically.
A list of the domains that are currently banned can be found at URL:
This list is updated once per day and today contains only the "banned domains". When the next version of the software is introduced it will also contain addresses falling into the other categories.