Information Security Procedure for User Reported Spam

Email sent to report-spam@tufts.edu will automatically create a ticket in the TechConnect system. TechConnect will notify the Information Security team of the creation of a new ticket.

The Standard Operating Procedure for such user reported spam tickets is:

The staff member who will attempt to resolve the issue should immediately assign the ticket to themselves.
1. In TechConnect, press the 'Take' llnk.
If the ticket is in the 'abuse' queue, click on the "Basics" field in TechConnect and move it to the "uit-user-spam-reports" queue.
Check to ensure that the forwarded message includes all message headers.
1. If the message does not contain message headers, skip to step 6 and stop once you get to step 8.
Within the ticket, click the "resolve" link.
Remove all recipients except for the requester.
Fill in the following template into the Message field:
1. (Recipient),
  Thank you for notifying us that this piece of spam made it past the Proofpoint detection algorithm. We record such escapes and report major offenders to Proofpoint for manual inclusion into their spam detection database. If you continue to get this kind of spam, or any other kind passes the filter, please let us know. Reporting spam doesn't just save yourself future hassle, it helps everyone else at Tufts.
  Thank you,
  Tufts Information Security Team
Set the ticket status to "Resolved" and click "Update Ticket."
From the main ticket page, right click and save the spam message via the "Download" link.
Open the downloaded spam message. Note the first line of the message body
1. For example, "Hello there, I'm Anglica,"
Rename the saved spam message to a filename that contains the first line of the spam message, minus any special characters.
1. The example in step 5 becomes "Hello there, I'm Anglica.txt"
Transfer the saved and renamed spam message to//homedir.tufts.edu/Departmental/Security/Operations/User Reported Spam

on the UIT Network Security MS LAN share.

If you see another file with the same or very similar name in the folder, proceed to step 13. If there are no other archived messages with a similar name, stop here.
Craft a new email to Kendall.Libby@tufts.edu asking very politely to notify Proofpoint that the attached messages are making it past their spam filter.
1. Attach all archived spam messages to the email and send it!

Notes about this procedure:

This is a course first draft.
It will not scale if we start receiving a higher volume of spam notifications.
It is adequate for the 1-2 notifications per month we receive at the time of writing.

Browser not supported