Spam and Virus Detection

E-mails addressed to DESY e-mail mailboxes are checked for unwanted or harmful contents before they are delivered to the designated receiving mailboxes.

At DESY, the central checking of e-mails has been carried out by the mail support of the German Research Network (DFN) since June 2022. See also:
https://www.mailsupport.dfn.de/

In this context, e-mails sent to recipients as part of a mass advertising campaign with a dubios commercial background or e-mails with the malicious intent of spreading malware (e.g. viruses / Trojans), extracting data or other secrets such as passwords (phishing) are unsolicited.

The latter category of e-mails in particular can jeopardize the security of the IT infrastructure. The filtering of e-mails for viruses, potentially dangerous or unwanted contents is therefore carried out on the basis of a resolution of the DESY computer security council.

Note: It has become common practice on the Internet to refer to unsolicited advertising e-mails as spam. In turn, desired e-mails are called ham. Both terms are used in the following sections on this website.

Evaluation and Treatment of Emails

Each email is checked for characteristics of spam. The result is a score indicating how likely the message in question is to be an unsolicited e-mail.

Since June 2022, the checking of mails has taken place via the DFn Association. Along with this, there are changes in the treatment of emails detected as SPAM. The following table provides an overview of what classification the scores mean and what central action follows in each case. In the future, e-mails classified as spam are no longer be marked with "[SPAM]" in the subject.

Score

Classification

Action

< 6.2 No Spam (Ham) Normal delivery
>= 6.2 Probably Spam Delivery to the "Spam" or "Junk" folder of the receiving mailbox
>= 10 Certainly Spam Refuse to accept (block)


Note: Emails in the "Spam" or "Junk" folder older than 180 days are continuously deleted.

Which emails are blocked?

In addition to emails that have received a spam rating of 10 or more points, emails with certain attachments are generally refused. This is the case with file attachments that may contain potentially dangerous code or that experience has shown to be used for attacks.

Blocked in this context means that the sender address receives an automatic reply with the information that the e-mail was not delivered to the receiving mailbox. In this respect, the e-mail is rejected and the sender is informed of this.

File attachments to be always rejected

  • Office Documents with Macros (e.g.: xlsm, docm, pptm, ...)
  • Encrypted Office Documents
  • Encrypted files in zipped formats (e.g.: zip, rar, ...)
  • Other potential dangerous file types (as referenced in the DFN documentation website (only available in German)): https://www.mailsupport.dfn.de/dokumentation/checks/anhaenge)
     

How can I (have) such files transmitted alternatively?

Please prefer to use the central data cloud service DESY Sync & Share to share files. This also allows external persons to upload data from outside into your data area. You will find information and instructions on the following websites:
https://it.desy.de/services/storage_services/desy_sync__share

Procedure for unrecognized spam

Despite continuous further development of the checking methods, a complete detection of the incoming spam e-mails is not possible. Therefore, you may still receive spam e-mails in your DESY mailbox that have not been automatically sorted into your spam folder. If this case occurs, you have several options to deal with these e-mails. All options shown help to improve the central checking methods and thus make spam detection even more accurate.

Please refrain to mark e-mail as SPAM which is legitimate in principal, see below.

Option 1

  1. Open the E-Mail using the Zimbra Website (https://mail.desy.de)
  2. Click on the Spam Button on the Head line of the opened Email
     

This procedure results in the email being moved to your inbox and a copy being sent to ham@desy.de. With this mail, the Mailmaster team can then also train the spam filter so that this email is no longer detected as spam in the future.

Option 2

In all other e-mail programs, forward the e-mail itself directly to abuse@desy.de. Make sure that the original is attached (forward -> options -> forward as attachment) so that the header with all necessary information can be processed semi-automatically. It is possible to attach several e-mails to the message sent to abuse@desy.de.

 

 

Falsely detected as SPAM

In individual cases, it can happen that e-mails were mistakenly recognized as spam e-mails despite trustworthy content and sorted into your spam / junk folder. If this occurs, you have several options for dealing with these emails. All options shown help to improve the central checking methods and thus to classify trustworthy emails as such in the future.

Option 1

  1. Open the e-mail on the website of the DESY e-mail service (https://mail.desy.de)
  2. Click the "Not Spam" button in the header of the opened email
     

This procedure results in the email being moved to your inbox and a copy being sent to ham@desy.de. With this mail, the Mailmaster team can then also train the spam filter so that this email is no longer detected as spam in the future.

Option 2

In all other email programs, the email must be sent manually as an original attachment to ham@desy.de.

Unsolicited legitimate Emails

Please note that spam emails are basically to be distinguished from unsolicited but legitimate emails. There may be emails which you do not want to receive for some reason, but which you receive for legitimate and possibly necessary reasons.

Unwanted but legitimate e-mails should not be marked as spam or moved to the junk folder, as this will result in a notification being sent to abuse@desy.de, even if filters are used. Despite careful checking of the notifications, the risk that legitimate e-mails are inadvertently trained as SPAM cannot be ruled out.

 

Dealing with unwanted mail that is not SPAM:

Variant 1: If you do not want to receive these emails, please contact the responsible persons.
Variant 2: Move the mails with a configured mail filter for automatic handling on receipt.

Examples of such legitimate emails are:

  • Mails from DESY mailing lists and mailing list systems of partner institutes like UNIHH, CERN, XFEL, etc.

  • Automated notifications from central DESY IT services (e.g. DESY Sync & Share or Monitoring Tools such as Icinga)

  • Notifications of the UCO about maintenance of DESY IT systems

  • Mails of the Zimbra mail system like:

    • Notifications about releases

    • Appointment notifications

Of course, there are exceptions here as well, since these systems can also be misused to send spam. If you are unsure, please contact the central DESY IT helpdesk (e-mail: uco@desy.de, Tel: 5005) in this case as well.

Criteria for SPAM Detection

All incoming e-mails are routed through the DFN Mail Support servers for spam and virus detection, where they are subjected to various checks and tests. If required, you can find technical details on the test criteria on the following DFN web pages (only available in German language):

Essentials about Spam and Phishing

Due to the continuous development of spam and phishing, one hundred percent protection is impossible. Therefore, we recommend a healthy skepticism towards unexpected and unknown emails and especially a thoughtful handling of attachments and links in such messages.

If you receive, for example, an e-mail asking you to enter your DESY access data or to log on to a website under a pretext, please do not hesitate to contact the central DESY IT helpdesk (e-mail: uco@desy.de, Tel: 5005). The IT Helpdesk can assist you in verifying the origin of the message and, if necessary, its legitimacy. In this way, you can avoid becoming a victim of a phishing attack in case of doubt.

If required, further details and information on the subject of SPAM and phishing mails can also be found on the websites of the German Federal Office for Information Security (BSI) (only available in German language):
https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Spam-Phishing-Co/spam-phishing-co_node.html