E-mail, SPAM & Phishing


Photo of a hand on computer mouse on top of a stack of moneyPhishing is when an e-mail, website, or instant message attempts to trick a victim into revealing personal information such as account logins, billing information, or identity. The attacker attempts to disguise their identity by assuming the identity of a trusted website, business or entity. Often times, the intent is to make an individual feel comfortable and more likely to oblige the request, especially when there is a threat of account closure, a false security breach, or to win or receive something for nothing. It is NEVER good to provide your account information or personal information to an e-mail request. When you are in doubt of the identity of the requestor use other means to contact the institution or person such as visiting the website or calling on the phone. Often if a phishing e-mail is imitating a financial institution, that financial institution will post a notice of the false attempts on their website. DECS attempts to prevent Phishing e-mails from reaching your Engineering mail, but it is best to be prepared to identify and ignore Phishing. DECS can also help you determine if a notice is legitimate or not.


Screen image of spam email folder

Internet Service Providers, IT departments and users have been fighting SPAM, or unsolicited bulk e-mail, from the beginning of the Internet. SPAM requires constant attention, updates, and rule revisions. It is difficult to accurately block all SPAM, but we are able to significantly reduce the amount of SPAM you receive.

Enabling SpamAssassin on your account will help reduce unwanted advertisements, promotions from business, or general junk e-mail filling up your Inbox. When SPAM is received in your Inbox, or when false positives cause legitimate e-mail to be trapped as SPAM and not delivered to you, please forward the e-mail with headers to abuse@egr.msu.edu. Be sure to include the complete headers so we can more effectively track and stop the origin of the SPAM message.

Spammers often use false names, addresses, phone numbers, and other contact information to set up "disposable" accounts at various Internet service providers. Others engage in spoofing of e-mail addresses, pretending to relay a message apparently from any e-mail address. To help prevent this, DECS has enabled the use of SMTP-AUTH, allowing positive identification of the specific account from which an EGR e-mail originates.

SSL/TLS Encryption

DECS Mail server supports SSL/TLS encryption for all connections. This includes sending, receiving and checking e-mail. An encrypted connection to an e-mail server makes it far more difficult, if not impossible, for another individual to capture your password or e-mail contents by electronically listening to the connection. The DECS Mail server enforces a secure connection for all forms of authentication and will not accept any logins attempted with an insecure method. If you are not sure that your e-mail client is properly configured to use encryption, check with our configuration how to page for the appropriate client.