Campus installs new anti-phishing measures on March 3

Remember the disruption that phishing caused to UC Davis email in January? On Tuesday, the campus will install three new measures to help minimize any repeats.

Information and Educational Technology--after evaluating data, reviewing practices elsewhere, and consulting with campus IT advisory groups--will:

1) Limit excessive amounts of email messages sent from Geckomail accounts (a practice known as "rate limiting"). Geckomail is the Web interface to the campus email system for faculty and staff.

2) Remove some .gov email addresses from the allow list. Messages bearing these addresses will now be scanned for spam, the same as most email.

3) Start filtering outgoing email messages for spam. Previously, the campus filtered only incoming messages. (Any group concerned about a specific email message should contact the IT Express Campus Computing Services Help Desk at [530] 754-HELP [4357].)

Details of all three changes, including a list of 70 government addresses that will stay exempt from spam filtering at this time, are available on this email update page.

The new changes look for activities typical of spam. The Geckomail rate limit, for example, prevents attempts to send a single message from one account to more than 249 recipients, and conforms to the Mass Electronic Messaging policy (PPM 310-18). Volumes that high probably mean the account has been hijacked to send spam. This limit will not affect messages sent to lists, regardless of the number of subscribers.

The removal of some government addresses from the allow list means messages sporting those addresses will still come through, but will now be filtered for spam. Major funding agencies, such a s the National Science Foundation (NSF), Department of Energy (DOE), National Institute of Health (NIH), Department of Defense (DOD), and Department of Agriculture (USDA), will not be affected; IET worked with the Office of Research to identify government sites that originate legitimate messages.

Removing some .gov addresses from the allow list should help block common phishing scams that pretend to come from government agencies, such as the phony tax messages from "" common this time of year.

Phishing happens when a scammer, pretending to be legitimate, emails you a message asking for your account log-in name and password. If you comply, the scammer uses your account to spew spam to other email accounts. UC Davis endured several outbreaks of phishing in January, leading to gushers of spam that prompted some Internet service providers (Hotmail, AT&T, and others) to temporarily block email from all email accounts as suspect.

The frauds often sound plausible, but the red flag is the request for your account name and password. UC Davis will never ask you to confirm or verify your computing account by providing your password via telephone or email. If you receive an email that asks for that information, delete it.

IET is also developing a security awareness campaign for this fall, to educate all faculty, staff and students about key cyber-safety practices, and about the costs incurred when safe and secure computing practices are not followed.

If you have questions about phishing, your email account, or other campus technological services, call IT Express.