National Cyber Security Awareness Month: Spam emails

Did you know LCC receives 10 million emails a month, but only 300,000 are legitimate? The rest are spam.
The term “spam” refers to unsolicited email, often containing advertisements for services or products. Some people refer to this kind of communication as “junk email,” to equate it with paper junk mail. Unlike paper mail, email spam costs the sender very little to send; almost all of the costs are paid by the recipient and carriers, because the spammer does not have to pay for all the internet bandwidth tied up in delivery. Because they have no incentive to be efficient in their mass emailing, spammers usually don’t put much effort into verifying email addresses. Instead, they use automatic programs called bots to scour the web, collecting addresses, or buy them in bulk from other companies. Spammers also guess at addresses using name generation programs and send thousands of messages that bounce.
Every time you communicate on the internet or browse a website, there are opportunities for spammers to intercept your communications to obtain your email address and other personal information. Otherwise reputable companies may sell or exchange your email address, and this information may eventually find its way to a spammer.
LCC has IT systems to monitor email coming into the network. Using artificial intelligence, the systems dynamically categorize emails as spam based on the senders, reputation, content, recipients and various header information, currently stopping 10 million threat messages per month. Unfortunately, fraudsters are able to rapidly change the sender, content and other information to bypass our filter and deliver a small number of messages until the filter can compensate for the changes. Although it’s impossible to eliminate all spam, technology has made it more effective to eliminate a majority of spam, and it is now unnecessary for individuals to report spam.
However, if you receive emails that you believe are illegal, abusive, disruptive, in violation of LCC policy, or asking for your network credentials, credit card or bank information, please send them to the Information Security Office at
What else can you do about spam? Think twice before offering your LCC work email address to a website or using it to register for an account. You might want to check sites’ privacy policies, to be sure the company does not share your email address with others. We recommend you create a personal email address at one of the many free providers that you can hand out more freely.
When you receive spam, you have several options for dealing with it:

  • If you are receiving only a negligible amount of spam, you may want to simply delete the message and forget about it.
  • Don’t reply or unsubscribe to spam. If you reply to spam or open the unsubscribe link, the spammer or the automated program on the other end will know that your address is connected to a live person, and the spammer will then bombard you with even more spam, and circulate your address to other spammers. Remember: Don’t open any links in spam. They may contain trackers. One exception: If the unsubscribe option is marked as being run by Constant Contact’s SafeUnsubscribe, then click away. That reputable service is provided to more than 500,000 businesses and organizations that pay to remove recipients from mailing lists.
  • If the message appears to come from a legitimate company, the company may have obtained your email address from some transaction between you. In these cases, it is usually safe to reply and ask to be removed from the mailing list.
  • For persistent spam senders, we recommend blocking the sender or creating a rule to prevent these future emails from getting into your inbox. To block a sender in Outlook, simply right-click on the email message, select “Junk,” then “Block Sender.” This will send future emails from this sender to your Junk folder. The email will stay in your Junk folder for 10 days for you to review before it is permanently deleted.
  • Setting up your email account to generate automatic responses while you are away can have the unfortunate side effect of verifying your email address to every spammer who sends you spam. Consider configuring your out-of-office replies to not send to external email addresses, or to only send to addresses in your contact list.

If you have questions or would like further information, contact ITS Director of Information Security Paul Schwartz at