Email Statistics and Spam Checking

Mail Flow Diagram 350px

You must receive too much email, like most people. And spam? Forget about it! We're awash in it. But what may surprise you is how little of that tide really washes your way.

ITS recently improved the way our mail servers work to filter out spam and phishing messages, and here we'll explain some of the steps taken by these mail servers to reduce spam and phishing from making their way to your inbox. Here you'll also find some surprising statistics about the number email messages received and filtered on a typical day. If you want to skip the section on our mail systems and how mail is processed, you can jump to the section on statistics.

Mail Systems

In order to have this discussion, it is important to understand the three major components of the NAU email systems. One component is the faculty and staff email system. This is a Microsoft Exchange system often called IRIS or iris.nau.edu. For the rest of this article it will be simply called Exchange. Faculty and staff typically use Outlook or Outlook Web Access (OWA) to connect to Exchange.

A second component is the student email system. This is a hosted service through Google or Google Apps for Education (GAE). GAE provides many other services besides mail, but this discussion will focus only on the mail component and call it Google.

Finally, there are a group of servers called mailgates. These are mail gateways that accept email from the Internet and then send it on to either Exchange or Google. All mail sent from Exchange to the Internet also passes through these mailgates.

All three systems, mailgate, Exchange, and Google perform some manner of of spam checking. Previously, Exchange and Google have always looked at the content of the message to determine if it is spam and the mailgates have until recently only checked where the email is coming from to determine if it is spam. It also scanned for viruses. 

What has changed is that ITS has added some additional content checks at the mailgates to look for spam and suspicious links or URLs in the messages in the mail coming into our systems from the Internet. The effect is that with two different systems—either mailgate and Exchange or mailgate and Google—checking for spam, we identify more email as spam. Even though spam and phishing are discussed as two different types of messages, the systems treat them pretty much the same and take the same actions to keep you from having to read them.

Above you'll see a simple diagram showing how mail flows between the Internet and our mail systems.

What happens to spam?

As mail comes into our systems, mailgate checks first to see where it is coming from. If it is coming from a known spamming site we drop the network connection and don’t accept any further mail from them. If a site is not a known spammer but has been sending us mail at a high rate, we slow them down and will only accept mail messages at the slower speed. Sites that send too much mail too fast may also be spammers.

After mailgate accepts the message, it then checks to see if it contains a virus. If it does, the message is quarantined. It also performs content checks to see if it is likely spam or a phishing message. If mailgate does think it is spam or phishing, it marks the message in a couple of ways. The most obvious way to mark the message is by adding the text ***Spam*** to the front of the subject line.

After all of its checks are complete, mailgate then passes the message on to Exchange or Google, depending who is the intended recipient. Exchange and Google both do additional spam checks.

Exchange takes anything that is marked by mailgate as spam (***Spam*** in the subject line) and anything Exchange thinks is spam and places it in your Junk Email folder. If you are using Outlook to read email, Outlook makes a few more checks and may also file the message in your Junk Email folder.  So it is possible for you to see some messages in Junk Email marked with ***Spam*** and some that are not.

Google does its own spam checking and anything it thinks is spam will get filed in the Spam folder. Google does not know about mailgate’s ***Spam*** flag so it is possible that you will see some ***Spam*** messages in the Google Inbox.

Statistics

So how much email and spam do we process? We don’t have numbers for the Exchange and Google email systems, but we do have counts of the messages coming from the internet into mailgate. The following numbers are for the February 5, 2014 and represent a typical day.

Connections blocked – 744,926

These are connections blocked because the mail is coming from a known spamming site.  There is no way to tell how many mail messages this represents because more than one message can be sent in a single connection and a single message can be sent to multiple recipients.

Connections rate limited – 210,473

These are connections that were temporarily blocked and slowed down because they were sending mail at too fast of a rate.

Messages scanned for spam, phishing and viruses – 373,669
Results from this scan:

  • Messages that were clean - 332,595 (89.01 %)
  • Messages marked ***Spam*** 36,377 (9.74 %)
  • Messages quarantined because they contain a virus or malware 200 (.05%)

The numbers above represent unique messages, but a message can be addressed to multiple recipients.

Total messages passed on to Exchange and Google - 822,078.

This number counts one message to multiple recipients as multiple messages.  That is a lot of mail getting delivered to NAU faculty, staff and students every day.


Spring 2014
Published:
2/13/2014 1:17:57 PM