Skip to main content
University of California San Francisco Give to UCSF

UCSF IT Technology

Main navigation

  • Status
    • Security Announcements
  • Services
    • Projects
  • How To
  • News & Events
  • About Us
  • Log In
Open Close Search
Open menu
Give to UCSF

Breadcrumb

  1. Home
  2. How To
  3. Avoid Spam

This content is viewable by Everyone

Avoid Spam

Save

Log in via MyAccess to save.

  • Audience: Technical Partner
  • Service Category: Security
  • Owner Team: IT Security
  • Service:
    IT Security Outreach and Training

Overview

Most of us have received unsolicited email at one time or another. Most of the time, we just delete the message and get on with our lives. However, there may be times when some of the content of this email is so offensive or so obviously an illegal scam that we ask ourselves, "How do these people get my address, and what can I do to stop this?"

Good question. Let's first examine how spammers may get your address.

How do spammers and marketers get my address?

  • Usenet groups (also known as newsgroups, bulletin boards or discussion groups): When you post to these discussion groups, your email address is included. This information is readily available and collected by advertisers.
  • Websites: If your email is listed on a website, advertisers will use scanners, also known as "harvesters," to collect your address along with others.
  • Download sites: Often, when you download a piece of software from a legitimate business, they ask for your personal information, including your email address. Sometimes these sites will share their mailing lists with other companies or sell it to other businesses.
  • Your friends: How many times have you read a joke and forwarded it to a group of friends? If the joke really is funny (or more often, if it's a bad joke), those friends probably share it with others. Eventually, an advertiser may get in the loop and grab all those legitimate addresses for its database.

So what can I do?

  • Never give out your legitimate email address.
  • Use a bogus email address when asked for an email address by a discussion group or vendor.
  • If a vendor will not allow you to download a piece of software without first submitting an email address, again, give a bogus address.
  • If you are required to post an email address on a website, use a different email address. Consider creating one specifically for that site. You can also use a free email address provided by a third-party service such as Yahoo or Hotmail.
  • If a vendor you do business with provides you with the option of  being removed from their mailing list, do it. Usually you will be instructed to put "Remove" in the subject header of a reply email.
  • If you do not know the vendor, never reply! This is usually a ruse; even if they include a "Remove" option on the solicitation, it's still usually a ruse. They want to find out if you are a legitimate respondent, and you will receive more solicitations if you respond.

    The "Reply to" address is often bogus, anyway. If you really want to find out where the email originates, you need to analyze the email header. There is help: The page published at http://www.arclab.com/en/amlc/how-to-read-and-analyze-the-email-header-fields-spf-dkim.html can help explain the message header, or you can use this tool from MXToolbox to analyze your message header. When you find out the real domain name, contact the ISP to notify them of any scams or abuse of their customers. Be warned, however: Many of these spammer ISPs originate from overseas, and they couldn't care less what their U.S. victims think.
  • If there's a chance that a spam email is also a phishing attempt, be sure to click on the Phish Alarm button   from within your email. For more information, go to the page What is Phish Alarm?

Why can't the email administrator filter out these spammers?

The answer is that we can and do filter out most potential spam, using a filter that allows users to receive all the emails sent to them. We use this filter because the University of California Office of the President (UCOP) has an official Electronics Communication Policy stating the University's intent to not be an arbiter of the content in electronic communications. As a result, each user can see everything sent to him or her and make the decision to receive it or not. When the choice is "not," we can then filter it out.

Related Information

  • “Report Phish” button is now available
Section Menu
IT Security Outreach and Training
  • Information Security Is Everyone's Responsibility
  • IT Security Awareness - Stay Sharp to Stay Safe
  • IT Security and Awareness Champion Program: Overview
  • View IT Security Awareness Videos
  • Request IT Security Awareness Posters
  • IT Security Orientations and Education
  • IT Security Educational Meetings and Webinars
  • Advanced IT Security Training on the UCSF Learning Management System
Home

Footer Col 1

  • Status
  • Services
  • How To
  • News & Events

Footer Col 2

  • About
  • IT Directory
  • Standards & Guidelines

Footer Col 3

  • Get Help
  • Recognize IT Staff
  • Submit a Support Inquiry

    For emergencies and high priority issues please call the IT Service Desk (415) 514-4100

    • Facebook
    • Twitter
    • YouTube
    • Instagram

    © 2025 The Regents of the University of California