Is the message real?

• System-administration messages from Columbia CUIT or Nevis will be sent from an e-mail address ending in .columbia.edu.

  For example, in a recent fake message, the (faked) From address ended in .state.md.us (the Maryland state government).

• The names in any "From" e-mail address and in any signatures will match.

  For example, in the recent fake message, the faked From name was Carl Reaves, but the faked signature was Susan Townsend.

• The message will be sent to you directly, or to a Columbia-related mailing list whose address ends in .columbia.edu.

  For example, the only "To" address in the recent fake message was info@notice.com.

• In any e-mail message, do not click on a link unless you are certain of its source. In any system administration message from Columbia CUIT or me, such a link will end in .columbia.edu.

  For example, the link in the recent fake message ended in .9hz.com. Notice how this does not agree with any other address in the message.

• If a mail message asks you to download an attachment, that attachment may contain a computer virus. Look over such messages carefully; were they sent to you directly, from a source you recognize?

  For example, I receive many fake messages that claim to be from Fedex that contain attachments. Such messages are never sent from fedex.com.

Is the message real?

The spammers are becoming more sophisticated in how they craft fake e-mail messages. Here are some tips to judge whether a e-mail message, especially one that involves system administration, is legitimate

• System-administration messages from Columbia CUIT or Nevis will be sent from an e-mail address ending in .columbia.edu.

  For example, in a recent fake message, the (faked) From address ended in .state.md.us (the Maryland state government).

• The names in any "From" e-mail address and in any signatures will match.

  For example, in the recent fake message, the faked From name was Carl Reaves, but the faked signature was Susan Townsend.

• The message will be sent to you directly, or to a Columbia-related mailing list whose address ends in .columbia.edu.

  For example, the only "To" address in the recent fake message was info@notice.com.

• In any e-mail message, do not click on a link unless you are certain of its source. In any system administration message from Columbia CUIT or me, such a link will end in .columbia.edu.

  For example, the link in the recent fake message ended in .9hz.com. Notice how this does not agree with any other address in the message.

• Neither Columbia CUIT nor Nevis will ever ask you for your password to be sent via e-mail. Any message that does so is fake, no matter how realistic it seems.

• If a mail message comes from a source that you do not recognize, do not click on any links in the message.

• If a mail message asks you to download an attachment, that attachment may contain a computer virus. Look over such messages carefully; were they sent to you directly, from a source you recognize?

  For example, I receive many fake messages that claim to be from Fedex that contain attachments. Such messages are never sent from fedex.com.

• Advanced trick: A message sent from WilliamSeligman will have a digital signature attached. The indicator for a digital signature varies between mail readers; for example, in Thunderbird it's a small icon of an envelope with a red dot in the center. Clicking on this icon will verify that the message was sent by WilliamSeligman. (I pay $20/year for the privilege of having a digital certificate, so please feel free to use it to check the validity of my e-mails.)

Our mail server contains anti-virus and anti-spam filters, but they are not perfect. Please be careful.