E-Mail filter

Our central spam- and securityfilter focusses on the classification of unwanted advertising mails (spam) and rejection of potentially malicious mails which can contain viruses, trojans or phishing attempts in order so secure your DESY account and our DESY network.

Preface

All incoming and outgoing e-mails are redirected to our central spam- and malwarefilter in order to analyze them.

Filtering of mails upon viruses, potentially malicious content and spam take place due to a resolution of our DESY computer security council.

It is common to use the term spam in the internet as a synonym for unwanted, like commercial, mails. As a opposite all wanted mails are called ham. We are going to use both terms in the following sections. More detailed description about spam can be found on these websites:
'What is spam?' on SpamAssasin
About spam on Wikipedia

Due to continious evolution of spam- and phishing mails there is no guarantee that we can filter one-hundred percent of these mail successfully.
Thats why we recommend to be careful if you receive unexpected mails with unknown origin. Well-considered actions are also necessary if you receive attachments or links in such mails. In case you receive a mail where you are requested to type in your login credentials or redirected to such a wegpage under a certain pretence (what we usually would never send), please dont bother to contact the UCO in order to verify if it is an official DESY mail or not.

Filtercriterias

Our e-mail filter blocks all incoming and outgoing e-mails which contain viruses or other potentially malicious content.

If a e-mail was blocked the sender or recipient will get an automatic notification about it depending on the cause for the block.

  • If you get a mail to your DESY address from a third party which was blocked, you and our D4 departement will get a notification about that. The sender won't receive anything.
  • In case you send a mail from DESY with your mailaddress which was blocked from our filter you and our D4 departement will be notified about it. The initial recipient will not get any information about this failed delivery attempt.

Problematic content

Problematic content can consist of various attachments, e.g. ActiveX components of office documents, java-class-files (.jar, .class), javascrip-files (.js) or linux-/unix-binaries. Such attachments are also detected from our scanner if they are in a archive-files like .zip or .rar.

Other executable or as corrupt classified archive-files are also marked from our scanner as problematic content.

Following you can find some of the most common file-ending which are also blocked from our scanner:

  • .com
  • .bat
  • .cmd
  • .scr
  • .dll
  • .exe
  • .cpl
  • .lnk
  • .pif
  • .pi

Passwordprotected attachments

As a try to trick and avoid centralized virusscans of mails some sender attach passwordprotected archives. Such files can not be classified from our central filter and due to this they will be blocked automatically, to avoid any possible security risks.

In case such mails have been send from a attacker with criminal intention, the sender tries to persuade the recipient of the mail to open and extract the protected attachment, which may contain malware. Furthermore they try to raise the authenticity of the mail with the usage of known mailadresses, which can be faked or have been obtained in previous attacks from addressbooks. Such methods try to lower the suspicousness of the recipent in order to install malware on the machine where the attachment has been opened.

Thats why you should be generally sceptical if you receive password protected and excrypted attachments, like archives, especially if you dont expect them!
As a sidenote: If these mails should really contain sensible and confidential information it is definitely not a good choice to send them by mail if the password has been told in the mail itself as well.

SPAM - unwanted advertising mails

Spam mails are e-mails which are not wanted and have been automatically send to millions, usually in connection with massadvertising and suspicious background, as a try to get access to specific information or to spread malware.

Since 2003 all mails, which were send to your UEM - name.surname@desy.de - are automatically scanned wheather they include spam-characteristica or actually are spam. All mails will be rated with points and if a mail reaches five points it will be classified as spam. The system will automatically add the prefix tag '[SPAM]' to the subject of the mail. This tag will help you recongize spam-mails more faster.

Due to the continious evolution of spammails it is not possible to guarantee that all mails are correctly filtered and classified. It is possible that some spam-mails still reach your DESY inbox. If this is the case please let us know. Forward the spam-mail to abuse@desy.de, so we can update our database.

Wrongly as SPAM marked E-Mails

In case e-mails are wrongly marked as SPAM, please also forward them - with a corresponding hint - as attachment to the   mailmaster team.

Outlook: Forward spam as attachment

To forward spam mails as attachment please select the specific mail and to the tab 'Start' in the upper menu bar. Here you can find, beside the regular button to forward mails, the button 'More'. Click on this to open the dropdown menu and choose 'Forward as attachment'. Now we receive the complete spam mail incl. header in order to adjust our spam filter more accurate.

Outlook: Forward spam as attachment

Zimbra Web-Client: Forward spam as attachment

To forward spam as attachment in our Zimbra web-client please select the specific mail and click on 'Forward'. In the new window select 'Options' and choose 'Include Original As Attachment'.

ZImbra Web-Client: Forward spam as attachment

Thunderbird: Forward spam as attachment

To forward spam as attachment in Thunderbird right click on the specific mail and choose 'Forward as ->  'Attachment'.

Thunderbird: Forwarding spam as attachment