Voir en


Computer Security: STOP Spam!

Some ideas to identify sophisticated spam


Did you know that about 83% of all messages destined for CERN are flagged as spam and rejected? The IT department’s e-mail service works hard to overcome the permanent wave of spam messages trying to pour into CERN… just recently, we deployed a dedicated appliance that automatically analyses our e-mails for malicious content. But in the end, some spam, particularly the most sophisticated messages, makes it though. At this stage, it is up to you to identify it. Here are some ideas to make your lives easier.

Of course, there is our usual advice: “STOP – THINK – DON’T CLICK” (“Protect your click”) and our campaigns for spotting malicious e-mails (“One click and BOOM… (Reloaded)”). On the other hand, why not reduce e-mail traffic in general and make our lives easier when we are trying to identify genuine and valid e-mails?

* First of all, let’s stop spamming ourselves over and over again (see also “Save our inboxes! Use e-mail wisely”). While the “CC” and “BCC” fields leave plenty of space to fill up, do we really need to add everyone and his or her dog? Shouldn’t we limit ourselves to sending e-mails to those that have a need-to-see? Do we really need to click “Reply All” just to say “Thank you” to the sender – in particular if you “Reply All” to an e-group with hundreds of members! Also, 100 people in the “To” or “CC” boxes does not make any sense and might be an invasion of privacy. Here, the “BCC” box is better. And, is the e-mail (and any ping-pong e-mail exchange!) necessary at all or wouldn’t it just be nicer to visit the recipient and buy him or her a coffee?

* Signing e-mails using your CERN certificate would help too. On the basis of your digital signature, the CERN recipient can be assured that the e-mail has really been sent from your CERN e-mail address and not been spoofed by a malicious attacker… You can easily enable e-mail signing by following these instructions. The only limitation is that, as CERN certificates are currently not recognised outside CERN, this signature only works for CERN mailboxes…

* Finally, if you manage a system for sending automatic e-mails (on behalf of CERN), don’t make them look like spam! The sender should clearly point to your service (and not be an obscure tag). Ideally, the sender should be listed in CERN’s phonebook; the subject should be clear and precise; the introduction should directly address the recipient by his or her name used at CERN (as listed in the phonebook); the message text should be flawless, contain no typos, and be precise; embedded URLs and web links should be written out in full and should point to websites hosted at CERN (starting with “HTTPS://cern.ch/...”); attachments should also have clear titles and should be introduced in the text; and your e-mail should have a signature that makes it clear from whom and why this e-mail has been sent.

While these steps won’t eradicate external spam, they could reduce internal “spam” and allow us to focus on “real” e-mails. If you still receive spam, please report it to spam-report@cern.ch (or submit a ticket).

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, visit our website or contact us at Computer.Security@cern.ch.