NoSpoofMail

Email-spoofing refers to the act of sending email using a fake identity. This is a problem faced not only by NUS, but the world over. The weakness lies not in any particular email software but the industry protocol that enables email delivery. Meanwhile, all actions taken by NUS IT can only reduce spoofed emails, not eliminate them.

NUS, being an open learning environment, relies a lot on emails for communication. As such, it is important that we safeguard the email infrastructure so that we can have reasonable trust in the integrity of emails we receive. To achieve this, one of the steps that NUS IT will take is to require that all users authenticate to the system before sending emails.

Essentially, all incoming emails to NUS sent by non-authenticated senders will be quarantined by Proofpoint and listed in End User Digest, if the emails claim to originate from an NUS community member (eg. xxxx@nus.edu.sg where “xxxx” can be any text). The only way these emails can be successfully delivered to the recipient’s Inbox is for the sender to first authenticate to the NUS Email system.

NOTE: Sending emails to NUS from Yahoo, Hotmail and the like is not affected by our implementation as these emails do not carry an NUS address in the FROM field.

Users of Microsoft Outlook and Outlook Web Access (OWA)

If you are using Microsoft Outlook or Outlook Web Access (OWA) to send emails, nothing has changed, as authentication has always been required.

Users of Other Email Clients

If you are using email clients such as Outlook Express, Eudora, Netscape, just to name a few, you will need to configure the email clients to authenticate with your NUS-ID account.

We understand that some of you might have other problems with this new anti-spoofing system, which is not foolproof for authentic messages, in fact, the system is unlikely to have any built-in intelligence whatsoever that it cannot distinguish between a bonafide mailing list posting versus a real spoof.