Reducing Email Spam – a Draft Policy and Best Practices

By Karen Tang and Mary Cloutier

Did you realize that approximately 1/3 of the email the State receives is unsolicited, unwanted spam? Given the growing problems with spam, effective June 9, CIO Dick Thompson provisionally directed that messages sent from entities listed by three spam lookup services be “returned to sender” and not delivered.

To better manage the spam flood, the Office of Information Technology (OIT) has started drafting a POLICY TO MINIMIZE DELIVERY OF UNWANTED COMMERCIAL ELECTRONIC MESSAGES THROUGHOUT MAINE STATE GOVERNMENT. In the late June timeframe, this policy will be distributed for comment; it will include several best practices for minimizing unwanted electronic messages.

In the meantime, Chief Information Officer Dick Thompson has provisionally adopted a best practice which requires any electronic message sent by an entity whose computer address is included on

• SpamCop ( http://www.spamcop.net ), or
• Spamhaus ( http://www.spamhaus.org ), or
• who uses a relay ( http://en.wikipedia.org/wiki/Open_mail_relay )

not be accepted by the Maine State Government e-mail system.

SpamCop and Spamhaus are internet services that “blacklist” known spammers by publishing their IP addresses. The published list – which is constantly being updated – enables the State of Maine to check, and subsequently block, email sent from these sources. Each time State email servers identify a message as originating from a “blacklisted” entity; they will reject delivery of the message generating a non-delivery message to the sender. Blocking messages based upon internet blacklisted services was a recommendation to the CIO from the Enterprise Messaging Stakeholders Group.

Although it is the latest technique used to reduce spam, checking lookup services is not the State’s only way to thwart spammers. After the sender of a message has been verified as not on a blacklist, OIT’s Xwall software applies two additional tools – the Bayesian filter, which is a spam filtering method that classifies mail using information it has learned from previous mail, and specific word/use filters, which tag other potential messages. Tagged messages can be directed to the Deleted Items or other specified folder in Outlook, provided individual computer users have established a rule. (Instructions for implementing this rule can be found under Helpful Information at: http://inet.state.me.us/oit/services/electronicmessaging/index.html .)

Using these three tools will dramatically reduce spam delivered to Maine state employees, and we hope you notice the change.

Although unlikely, it is possible that a legitimate email will not be delivered. If this occurs, the sender will have to call you – or send a snail mail via the US post office. Whenever email is not delivered, chances are good that the sender’s company has been added to a spam lookup service’s “blacklist” – and you should tell them to check this possibility. In this case, non-delivery is indicative that the email system is working just fine!