The check for malicious code, unwanted attachments and malicious links is carried out for all external emails sent to RUB email addresses and all outgoing emails sent from RUB email addresses. Incoming emails are also checked for spam and given a spam score that quantifies the probability that they are unwanted spam.

Internal mail traffic between RUB email addresses is not checked for spam.
 

• Users whose mailbox is located on the "RUB Mail" mailhost can activate/check the spam-filter via their LoginID settings at https://rub.de/login. To do this, select "Spam aussortieren:an" and click on "Änderungen übernehmen". The default name of the junk/spam folder is "UCE-TMP".
• For mailboxes on our "RUB Exchange" servers the spam filtering is activated by default. Spam mails are marked and moved to the junk/spam folder "Junk E-mail".
• Users of other decentralized RUB mail servers may ask their local admin team about the settings and have them changed if necessary.

Please note that the foldername of your junk/spam folder always depends on your inidividual settings in your recent mail client.

In purely technical terms, currently all email with a spam score of 5.0 or above is considered as spam. Such a mail is provided with an additional so-called mail header (X-Spam-Flag: YES). The mail is then forwarded to the respective mail server, where it is handled according to the server and user settings.

• RUB Mail: If spam filtering is switched on, the mail is moved to the junk/spam folder (UCE-TMP). In the evening, you will receive an email summary of mails moved to UCE-TMP during the day. If spam filtering is switched off, the mail is placed in the inbox.
• RUB Exchange: The subject of the email in question is supplemented with *** SPAMVERDACHT *** and it is moved to the junk/spam folder (Junk E-mail).

Please note that most email clients have got an additional spam/filter mechanism of their own. You may ask your local admin about the settings and configuration.

• RUB Mail: The email can be moved from the UCE-TMP folder directly to the inbox or any other folder. Depending on the retention period you have set on the LoginID page, emails in the UCE-TMP folder are permanently deleted after the retention period has expired.
• RUB Exchange: Right-click on the relevant email in the Junk-E-Mail folder and select Junk-E-Mail -> No Junk E-mail. The email is moved to the inbox after confirmation. However, the ***SPAMVERDACHT*** mark remains in the subject line.

If an email is deleted or moved to any folder, it is considered "superfluous but harmless" by the mail system. However, you can train spam detection yourself by performing certain actions:

• RUB Mail: An email in question should be moved to the junk/spam folder (UCE-TMP). In addition, a mail address or the domain of a sender can be added to the list of unwanted senders (blacklist) in the LoginID settings at https://rub.de/login.
• RUB Exchange: Right-click on the email in question and move it to the junk/spam folder (Junk E-Mail). Please note: no ***SPAMVERDACHT*** mark is set. In addition, the sender of the email or the domain of the sender can also be blocked via the context menu of the mail.

Spammers use email lists or user profiles that have been gathered from freely available websites or that originate from intrusions into IT systems and are published or sold on the Internet. By replying to spam mails, you either reach the wrong people (victims in whose name spam is sent) or you even confirm the validity of your own email address (and thus increase its resale value). Some spam mails look like newsletters and offer an unsubscribe button. If you end up on such a spammer newsletter list through no fault of your own, the unsubscribe function will probably have a rather doubtless effect. We therefore recommend moving such emails to the junk/spam folder or adding the sender to the spam blacklist (see also: How to train the RUB spam filter).

Some email programs, apps or clients also carry out spam processing. But in the process of receiving mail the RUB spam filter acts before an email is processed by your server followed by your client. The RUB spam filter flags and protects against spam emails with known phishing or malware content as well as against emails that just pretend to be from a RUB sender. You may configure your individual email program to add further processing as you wish.

Obviously unwanted emails, commonly referred to as spam, from unknown senders, with abstruse content or requests are often easy to recognize. However, emails that “tell a plausible story” or come from presumably harmless or known senders can be particularly dangerous. This applies in particular to phishing emails whose aim is identity theft. We recommend paying critical attention to all incoming emails.

We explain the recommended 3-second security check, other important tips for detecting malicious links and attachments and preventive tips in our Top-Tips: Together for more IT security at RUB.

If you are unsure about the legitimacy of an email, consult your local IT administration and/or colleagues if possible. The IT.SERVICES helpdesk can usually also provide you with reliable information about official emails from central organisations. If you suspect that it is an email with malicious content, please report it to the abuse team.

Spam from your own or another known address is nothing unusual. Such sender addresses are easy to forge. Background information on this can be found in our article Fake emails. Emails that use a forged RUB sender address usually end up in the spam folder.

The email addresses used and often also the names/addresses of existing communication partners were either captured during break-ins in online services or simply collected on public websites. As the attackers/attackers usually use illegally acquired resources - often abroad - or email accounts of other spam victims, it is not usually possible to take effective action against such misuse of one's own email address.

In some cases, however, compromised RUB accounts are also used to send spam. Users have then themselves become victims of phishing mails or infections of their computers. If RUB accounts become conspicuous in this way, they are blocked immediately so that no further damage is caused to users. Those affected should contact us as soon as possible.

For security reasons, visiting websites that spread dangerous content or try to steal data via social engineering or through fake RUB pages is blocked from the RUB network.

Computers are protected,

• that are located in the RUB network (on campus, in Eduroam or at HIRN ports) or
• that are connected to the RUB via RUB VPN for mobile working, and
• have configured the central name servers operated by IT.SERVICES (ns1.ruhr-uni-bochum.de and ns2.ruhr-uni-bochum.de). Configuration adjustments should be made by the responsible admin teams.

When classifying websites, false positive entries may occur. In this case, please contact its-helpdesk@ruhr-uni-bochum.de for further clarification.

If you suspect malicious code in emails, but also to investigate new or complex spam/phishing emails, please send them to abuse@rub.de. In order for us to be able to analyze the email, we must receive the complete email, i.e. with the so-called email headers. Depending on the mail program you use, send the complete email as follows:

• Thunderbird: Select the email in question and click on “Forward as” -> “Attachment” in the “Message” menu
• Outlook: Highlight the email in question and click on “More” -> “Forward as attachment” in the “Reply” ribbon
• RUB Webmail: Click on the small triangle to the right of “Forward” and then “Forward as attachment”.