Ken Rushing: Viruses, Spamming, Spoofing and More

Editor’s Note: Technology changes rapidly. The following article was originally posted in 2007. Much of the material remains relevant today and so we’ve re-posted the article on the new iteration of the IWS website and simply noted where there are any major changes to be aware of.

The majority of this material has been adapted from many web resources and abbreviated or reworded for the purpose needed here—to make the IWS community aware of some things that can be done, individually, to combat unwanted viruses, spamming, spoofing and more.

Receiving Spam

Even with the best anti-spam software, systems and procedures in place, there is still a chance that you may receive spam. You should treat any email you receive with caution. There is a recommended five-stage test you can apply to incoming email that will aid in reducing unwanted viruses, spamming, spoofing and more:

  1. Know test: Is the email from someone that you know?
  2. Received test: Have you received email from this sender before?
  3. Expect test: Were you expecting email with an attachment from this
  4. sender?

  5. Sense test: Does the contents as described in the subject line and the name of the attachment(s) make sense?
  6. Virus test: Does this email contain a virus? Always check it using anti-virus software.

Even if you can answer yes to the first four questions, proceed with caution. Email addresses can be spoofed making it appear that it has come from a known and trusted source (even from yourself), and viruses can attach themselves to emails without the sender’s knowledge.

If you do receive spam, never reply to it, even if the message offers an “Unsubscribe” link. This just confirms to the spammers that the email address is live, and can result in yet more spam. Likewise, never forward spam, as this just increases the problem. Some particularly nasty strains of spam take the form of chain letters, promising great rewards for passing the email on, or dire consequences for failing to do so.

Keep Personal Things Personal

You should treat your email address in the same way that you would any other form of personal information. You should limit the number of sites on the internet with which you register your email address, but if you do need to register, you should read the terms and conditions and privacy statements carefully to ensure that you know exactly how your information will be used. You should always look for opt-out opportunities, and use these to prevent your details from being displayed on member directories or profiles. Where possible, you should also opt-out of receiving any marketing communications.

You may wish to consider using two email addresses: a personal address which you can give to known and trusted friends and family thereby minimizing the risk of receiving spam, and one which you use for online registrations or competitions.

You might carry out a search on your email address from time to time to check that it isn’t being displayed on any websites unknowingly, which makes it vulnerable to being harvested for spam. If your email address is being displayed, you should contact the owner of the site and request that it be removed.

Choosing a Provider

Additionally, if you are creating new email addresses or changing an address, be sure to select your ISPs or webmail service providers with care. You should investigate what steps the service providers are taking to protect their users from spam, and how they deal with reported abuse. They should also make use of inbuilt filters which can automatically sort potential spam into a junk folder. There are also a number of dedicated anti-spam programs available, and you need to be sure that you have adequate firewalls and virus protection on your machines.

Odds and Ends

Remember this: There are only a few IWS email addresses that are real and they belong to only a few faculty and staff members—all others are redirects (or forwards). If you receive an email from a student (e.g., it is a spam, because is a redirect to this person’s primary email address. Editor’s Note: Since IWS transitioned to a new e-mail system in February 2009, this is no longer true. All faculty, students, staff and alumni have a legitimate account, which may or may not be forwarding to an alternate address.

Similarly, if you received an email that is addressed to someone else’s IWS address, it is not to be trusted and is probably spoof email.

One more thing, please turn off your preview pane or reading pane. There are new schemes that allow sites to receive notice of live email addresses if the preview pane is on and your cursor selects the offending email. Do a search for beacon sites for more information on this subject. In Microsoft Outlook, click on View and then Reading Pane. Click “Off”. Editor’s Note: Modern versions of e-mail clients handle these types of attacks much better–for example, hiding images from unknown senders. Whether viewing messages through an online system (like or or on your own computer, be careful of allowing images to be displayed unless you know the message is genuine.

Be assured that our IWS email host is aware of the waves of spam/spoofing that some of you have reported from time to time. All of the necessary safeguards are in place and are regularly updated on their end. Our combined efforts should minimize the frustrations that come with unwanted email.

As always, if you have questions about your emails, viruses, spamming, etc. please let me know. I am here to help in any way I can.


The Rev. Dr. Ken Rushing, DWS 2002
Director of Information Technology
The Robert E. Webber Institute for Worship Studies
October 2007

Final Editor’s Note: On our websites, IWS uses email address obfuscation technology which hides them from address-harvesting robots.

About the author

Director of Information Technology and graduate of the DWS program.