[SPAM] Emails Delivered to Inbox And How To Manage Them

Threat Level: Low
Threat Type: Spam Email Messages
Advisory Date: 07/13/2023

Description

There has been an increase in email messages marked as spam being delivered to email inboxes rather than junk mail folders for GroupWise email users.  These emails are correctly identified as spam and marked with [SPAM] at the start of email subject lines.

However, in some cases, these messages identified as spam are still delivered to the GroupWise inbox. 

Example Subject Lines include:            

[SPAM] Final Notice for Email Account
[SPAM] Congratulations!
[SPAM] You've been selected to participate
[SPAM] You're on our list

We suggest deleting the messages with a [SPAM] tag if they arrive at your inbox, as they are indeed spam. 

If you want to take action to have these removed automatically, please review the resolutions section below.  This will provide a configuration of a rule for preventing these messages marked as spam from being delivered to your inbox.  

This scenario is caused by attackers who send spam messages as spoofed uregina.ca addresses.  This is properly marked by the spam filter as SPAM.  These messages are sent to inboxes by GroupWise, as email from contacts in your frequent contact/address book is not blocked/sent to junk mail folders.

Impact

While properly marked as spam, these emails can often cause confusion among users because of subject lines that include the user's own name, or may appear to be sent from the recpient's email address, and appear in the inbox rather than junk mail folder.

Messages delivered to inboxes are normally considered legitimate, however, when they are tagged with '[SPAM]' at the start of the subject line, they can be considered to junk mail, even though it resides in the inbox. 

Users will be required to delete these messages, or to create a rule in GroupWise.

It is important to manage thes messages, as messages marked as spam can be malicious messages which can lead to account compromises, or loss of data when following links present in the emails.

Resolution

One option for dealling with [SPAM] messages is to create a GroupWise rule to automate removing [SPAM] emails from your GroupWise inbox to junk mail folder:

Step 1: In GroupWise, go to Tools -> Rules

rule1.png

Step 2: From the Rules window, click "New"

rule2.png

Step 3: From the New Rule window:

a) Name your rule i.e. "Spam Rule"

b) Check And items are: "Received"

c) Select Item types: "Mail"

rule3.png

 Step 4: Define Conditions

 Click "Define Conditions"

rule4.png

From the Define Condition Window:

Create a condition/row to select messages with [SPAM in the subject:

Select "Subject", "Contains" and "[SPAM]" and "And".

 rule4a.png

Create an additional condition/row to select messages which are spoofed messages from your email addresses:

Select "From", "Contains" and "firstname.lastname@uregina.ca" and "Or".  Subsitute your email address for firstname.lastname within firstname.lastname@regina.ca.

rule4b.png

Create an additional condition/row to select messages which are spoofed messages from your the email addresses of your username:

 Select "From", "Contains" and "username@uregina.ca" and "End".  Subsitute your username into username@uregina.ca.  This will be your uregina.ca (Novell) username.  

rule4c.png

If you have any additional aliases, or generic accounts, you can optionally add these as a new row similar to the previous two rows. 

Press "OK"

The Define Conditions field should now appear to the following:

rule4d.png

Step 5: Add Action

Click "Add Action"

rule5a.png

Selectet "Move to Folder..." from the drop down:

rule5b.png

Select "Junk Mail" folder by checking:

rule5c.png

Click Move.

The field listing actions should now appear as below ("Move To Folder: Junk Mail").  

Press "Save".

rule5d.png

Once completed, you can close the Rules window and all emails marked with [SPAM] with spoofed addresses will automatically go to your Junk Mail folder.

Resources

If you have reviewed the configuration provided under the resolution section and would still like some guidance setting up rules to filter your GroupWise inbox, please contact the IT Support Centre.


Email: IT.Support@uregina.ca
Phone: 306-585-4685
Toll-free in Canada: 1-844-585-4685