Changes to the Spam Filtering Thresholds for UofT email

1) Due to large increases in spam emails arriving at the central UofT mail servers (UTORExchange, UTMail+, and UTORmail) they have decided to more aggressively filter email by default.  This may result in an increase in false-positives so people should check their junk email folders to ensure that no important email is being filtered.  More information is available at:

UofT Memo: Changes to Spam Filtering Thresholds

2) This does not affect our departmental email system (email addresses ending in or  For information about spam filtering here please see:

Departmental Email and Spam Filtering

New phishing email

A phishing email with subject line:

        Migrate to The new Outlook Web app for Staff

has been sent to some people in our department.  Please just delete it if you receive it.

Phishing email with Subject line “Department of Mathematics Activities”

Spammers are trying to phish Departmental usernames and passwords with emails with Subject lines:

Department of Mathematics Activities

The body of the message is:

We just concluded all University of Toronto Department of Mathematics Webmail account upgrade,follow the link below to confirm if your account is active and  upgraded.

Please delete this spam.

Phishing email with Subject line “Email Service Alert”

Spammers are trying to phish UofT UTORids and passwords with emails with Subject lines:

Email Service Alert

This message is particularly poorly written (at one point the message says to “enter your details incorrectly”) but the main clue that this is spam is that the link is not to the domain (you can determine the link by hovering on it in most browsers and email clients).  Do NOT click on links that you do not know to be legitimate.  Delete that email.


Our email system now greylists incoming email from many sites.  Currently we only delay for one minute but that may change as we adjust things to minimize spam.  We have a number of greylisting exceptions and if there is a particular site that you would like to be exempt from greylisting please let us know at

Email blacklisting for IOSR

Due to the repeated unsolicited email originating from the following senders:


we have started automatically directing email from those sites to the SuspectedSpam folder, with a label that says [BLACKLISTED].  If you need to receive email from that site please let us know and you can whitelist the required addresses (see our Email and Spam Filtering webpage for more information).

SpamAssassin email filtering to be added in early afternoon today

After more testing we have decided that SpamAssassin is ready to be deployed.  Starting in the early afternoon today we will put in this new filtering.  The SpamAssassin filtering is currently not aggressive, but as mentioned in an earlier post you should check your SuspectedSpam folder for the next little while to verify that things are working well for you.

As usual you please let us know at if you observe any problems with this.

Additional spam filtering with SpamAssassin

In order to lessen the number of spam emails making their way into users’ mailboxes and to have a fallback should our current system fail or is removed by the University, we will soon be adding another spam filtering mechanism, called SpamAssassin, to our email system.

SpamAssassin modifies the Subject line of messages that it thinks are potentially spam by adding “[SPAM <number>]” where <number> is larger than or equal to 5.  In our tests, with the default system settings, SpamAssassin did a very good job of detecting spam (of course, no spam filter is perfect).

SpamAssassin will use the same SuspectedSpam folder as our current spam filter (Puremessage) uses.  The Subject lines of most messages will have SpamAssassin’s and Puremessage’s estimate of the likelihood that that email is spam.  You should check your SuspectedSpam folder when this is first deployed to check that it is not too aggressive for your needs.

Manipulating the aggressiveness of spam filtering will remain the same, see our Emial and Spam Filtering  page for more information.

Another announcement will be made on this website when the filtering is implemented.

SquirrelMail and Roundcube Webmail Servers

There were a few smaller issues with SquirrelMail that were discovered and fixed earlier this week including a security token expiration problem (we have configured the program to generate a new key for each access, but they expire after two days, so please do not Compose a single message for more than that time).

In order to have another webmail choice for people in case there are any further problems with SquirrelMail we now have a second, unsupported, webmail server on our system, Roundcube.  Roundcube has some advantages (it looks nice, it has a mobile interface, it is newer, etc.) and some disadvantages (address books would have to be recreated, some icons can be poorly rendered, some text may be partially obscured, refreshing large folders can result in constant refreshing, etc.), however for most users it seems to work reasonably well.

Squirrelmail updated

The squirrelmail webmail server for departmental email was updated this morning and it appears to be functioning well.  Please let know if you observe any problems with this update.