Spam and Virus Filtering

Columbia University's mail server began filtering against viruses and junk mail system-wide in 1999. In 2003, CUIT started using software to identify and reject junk mail. CUIT uses several methods to filter mail that arrives on our mail system to remove as many unwanted messages as possible.

Email filtering at Columbia

CUIT carefully maintains spam filters that prevent most unsolicited mass emails from reaching Columbia inboxes, however phishing scams are more likely to pass through the filters because they are designed to look very legitimate to scanning software. Please forward any suspected spam messages you receive with full headers to If you think you have clicked a phishing link, please contact the CUIT Service Desk at 212-854-1919.

If you'd like, you can set up a personal spam filter that is less tolerant than the one used by the whole University. 

CUIT also blocks most viruses from reaching your account by filtering out emails that contain executables (files that may look like links but actually install a program when you click on them) and "zipped" attachments. However your other email accounts may not take this step and no filter is perfect. Always be suspicious of file attachments that are sent to you, even if you know the person sending it. Sometimes a person in your contacts will be infected with an email worm that sends copies of itself in an infectious email attachment to everyone in the person's address book.

CUIT takes several steps to identify and reject as much spam as possible without interfering with legitimate messaging. Messages are scored by software for spam-like characteristics, and those that score above the threshold score are rejected. When a message is rejected, Columbia's mail server sends back an error code stating that we do not accept the message. This causes a "bounce notice" to go back to the sender.

Email viruses spread by mailing themselves as file attachments. Some mail-reading software executes or offers to execute attached files, making it extremely easy for the virus to spread. Viruses may claim to be mail from someone you know, or mail you sent that could not be delivered, or even anti-virus software, whatever it takes to entice you to open the attachment.

Windows uses the three-letter extensions on files to determine the type of file. Many of the standard file types are executable files, meaning that Windows will automatically start running them as a program as soon as they are 'clicked' on. Following Microsoft's recommendations, CUIT has blocked the transmission of the following standard file extensions through our email system:

ade adp app bas bat chm cmd com cpl crt csh dll exe fxp hlp hta ini ins isp js jse ksh lib lnk mda mdb mde mdt mdw msc msi msp mst ocx ops pcd pif prg rar reg scr sct shb shs sys vb vbe vbs wsc wsf wsh xsl 

Zip files are accepted from outside of Columbia's email systems, as long as the zip file does not contain any executable code.

Files with certain other extensions such as doc, txt, xls, rtf and others are also allowed. These may still contain malicious code, but it will not automatically run when you click on them.

Delivery of legitimate mail could be affected by the filters. CUIT's goal is to make this as rare as possible. When it happens, CUIT studies what factors caused filtering and work with the sender to solve the problem. For fast resolution of such problems, CUIT needs as much detail as possible about when the message was sent and the sender and recipient addresses. If this has happened to you, please send the message with full headers, and a copy of the bounce notice (if you have it) to