4. Some questions and answers

Can OUCS delete messages above a certain junk mail score on my behalf?

The central mailserver, Nexus, provides facilities to automatically filter or delete messages above a specified junk mail score via its Nexus account settings page. Many email clients provide similar options.

However, it must be emphasized that great caution should be used when setting levels for automatic deletion as these emails can never be restored.

The automated process by which an email message body is scanned cannot provide a definite result in the same way that a human reader would be able to. There are what are known as "false positives" and "false negatives" whereby the scanning software wrongly identifies legitimate email as junk or vice versa. For this reason OUCS will not delete mail unless you request it by activating the features mentioned above.

How do I configure my email client software to filter using these new Headers?

The [Rules] options are typically found within the [Tools] or [Edit] menu in your email client program. For specific instructions please contact your local IT support officer in the first instance, or contact the Help Centre using the Web Help Pages and Form. Briefly, however, you would want to create rules to match on the Header names if you can, or the content of any available Header if you can't be specific. For example you could match on the text " **********" to set a score of 10.0 or above.

What junk mail score threshold should I choose?

If you decide to use the X-Oxmail-Spam-Level Header as the basis for a filter, you need to decide the threshold above which to act. If you choose a number that is too low, some of your legitimate email (with a low score) will be classified as junk mail. Similarly, a high threshold may protect all of your legitimate messages but will let more junk mail slip through into your Inbox.

The software we use to scan your messages is called The Apache SpamAssassin Project and its developers recommend a default threshold of five. However, if the concept of mail filters and junk mail scoring is new to you we recommend you begin with a more conservative setting of ten, in order that you don't get caught out. Over time you can reduce the threshold to a value that suits the type of email you receive as you become more comfortable with the system.

Why have I been told that OUCS is not able to scan my email?

The Oxmail relays handle a lot of the University's email, but by no means all. Some departments or colleges have opted out of using our relays completely. Others may use the Oxmails for their incoming, but not their outgoing mail, or vice versa. Email that does not pass through the Oxmails will not be scanned. If this is the case you should consult with your local IT support to arrange alternative means of scanning your email messages for viruses.

Will email messages take longer to reach me now they are being scanned?

No, this should not be the case. OUCS has put considerable monetary expense and design effort into making sure the new scanning system will cope with the current volume of email for the University, as well as the inevitable future increases. The system will gracefully handle periods of excessive throughput of email messages, and hopefully also the malicious mail-bombing attacks that we receive from time to time. Currently well over ninety per cent of email messages are relayed within a few seconds, and our tests have shown that the new system performs equally well even though it is scanning for viruses and junk mail.

Can I avoid having an attachment scanned?

Yes, this is possible. The antivirus software is not able to expand Zip files that have been created with a password. If you therefore add a password to the Zip file (even if it is something simple such as a single character or small word), that part of the message will not be scanned.

Which legislation covers the interception of email messages?

Primarily this is attended to by the recent Regulation of Investigatory Powers Act 2000, which concerns communications on a private or public telecommunications network. This of course includes an individual's email communications via the Internet.

Specifically, the Act provides that communication by individuals may not be intercepted or monitored unless, amongst other things, the interception is permitted under the Telecommunication (Lawful Business Practice) (Interception Of Communications) Regulations 2000. These Regulations provide for circumstances where an employer or institution is able to intercept and monitor communications to protect against viruses. The institution must make all reasonable efforts to inform individuals that interception may take place, even though express permission is not required.

Other legislation such as the Data Protection Act 1998 and the Human Rights Act 1998 have been incorporated into our policies. You should also be aware that by using University provided IT facilities (not only an email account but also the network itself) you are subject to Oxford University's own Regulations Relating to the use of Information Technology Facilities which can be found at the following location:

which of course forbid the introduction of a virus into the University network.

Will you be keeping any records about the senders of viruses?

Not in any meaningful or organized way, or any way that we plan to make use of. As part of the natural function of mail relay software, logs are produced detailing messages that have arrived and messages that leave the relays. The additional software that scans messages for viruses will log the name of the virus and the supposed sender and recipient of the message.

Because a number of Internet worms forge the sender address when they distribute themselves, and also because we expect that Sophos will be widely installed within the University, we do not plan to collate or publish any lists of virus senders (or recipients). For administrative purposes we do track the number of each type of virus caught but this data is anonymized.

I still don't understand! Who can help me?

If this document has not answered all your questions, or you are still confused by some part of the new system, please feel free to contact the Help Centre, using the web Help Pages and Form, with a description of your problem. Again we stress that there should be no adverse affects from the scanning processes. You will be safer for not receiving viruses, and email client programs will ignore the additional Headers if they are not configured to respond to them.

Do you have more information on ....?

Up: Contents Previous: 3. How to take advantage of these features