SLAC Computer Security
Search SLAC



Stanford Community:


Over the Presidents' Day holiday weekend many Stanford email users began receiving fraudulent messages asking them to verify their email accounts by replying with account details, including passwords. These messages do not come from Stanford. Their "Reply-To" addresses were (and are) anonymous accounts in non-Stanford domains such as "" and "". The messages continue arriving, despite our attempts to block them.


Unfortunately, a number of Stanford users complied with those spurious requests, and that has resulted in Stanford email accounts being compromised. Those compromised accounts are then used to send spam from Stanford, which in turn has caused some Internet Service Providers (Hotmail and AOL, among others) to block all incoming email from Stanford (because our email servers are sending so much spam).


This means that legitimate emails from the Stanford community are being blocked, and that we are responsible for contributing to the problem of spam on the Internet. Over the past week, almost half of the email sent from the Stanford community has been marked with an 80% or greater probability of being spam.


Because of the disruption to necessary communications this is causing for the campus community, the University has approved the tagging and deletion of email *outbound* from Stanford if it meets the same spam-identification criteria we use to discard *inbound* spam email to Stanford (see

for details).


This change will be made at 5:00pm today, Friday, February 29.  We are exploring additional technical options that strengthen our programs to manage spam and phishing schemes.


We are taking this action to preserve the University's capability to send email without interruption. We apologize for any inconvenience this causes, but the disruption caused by not taking this action is much greater.


NOTE:  Stanford does not send emails which request that you provide your password via email. If you receive email purporting to be from Stanford which requests your password, check first before providing any information. In addition, Stanford provides online security training, now available through STARS, which covers such scams among other important security topics.


If you have any questions or concerns, please contact Chris Lundin (<> If you have an issue with your email which you believe resulted from this change, please file a HelpSU ticket at

Below is a sample of the email being sent.


Owner: SLAC Computer Security
Last Updated: 07/22/2010
Feedback: Please send to
Computer Security Feedback