University networks already stressed by file-sharing programs, viruses and hackers now face a new threat: students who sublet their network access to spammers for as little as $20 per month.

Tufts University, a 151-year-old school in Medford, Mass., last month discovered spammers were paying students to offer up their PCs as relay points that helped mask the true source of the spam. While university network executives interviewed were not aware of other cases on U.S. campuses, the phenomenon has cropped up in Israel.

The problem came to light at Tufts after the school received a flood of complaints that its domain was the source of spam, says Lesley Tolman, director of networks and telecommunications at Tufts. The practice isn't so much a bandwidth hog as it is an image problem for universities, she says.

University IT executives say they hope to minimize their exposure to this spamming technique based on the relative ease of tracking the offenders and through strict policies forbidding students to use PCs as servers, a measure instituted after Napster paralyzed college networks.

"Paying students to spam is a relatively new phenomenon so we don't know the extent of the problem," says Steve Worona, director of policy and network programs for EduCause, a group that promotes the use of IT in higher education and includes thousands of schools around the world. "We'll try to put people together so they can come up with some best practices."

Those practices might not have to be confined to schools, experts say. It's possible that the mail relay program could be slipped onto corporate PCs without users noticing via rogue Web sites or spam packed with a virus.

Tufts currently is deciding on the best practice for punishing one student after discovering he agreed to install what amounted to a message-transfer agent on his dorm room computer that served as a spam relay in exchange for $20 a month.

After admitting to the arrangement in which the student relayed thousands of e-mails offering services for burning CDs and DVDs, the student said a handful of others were involved in the same payola that took advantage of the school's gigabit connection to the Internet.

"We had complaints from people saying our domain was the source of spam," Tufts' Tolman says. "We checked the logs, identified the IP address the spam was coming from, matched that with a [media access control] address and went to the kid's dorm room."

Whitepapers

• Selecting Effective Virtual Directories
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users
• IT Departments on Data Security: A Research Concepts Survey
• Laptop Security Tool Helps Allina Hospitals Track 97% of IT Assets

View more SOFTWARE whitepapers

Webcasts

• Managing the End User Experience-A Real World Example of Success
• Lowering the Cost of Email Archives
• Google Webcast: Why archive email? Top challenges and best practices
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SOFTWARE webcasts

Special Reports

• Application Performance Management Executive Guide
• Executive Guide: Building a Service Oriented Architecture
• IT Buyers Guide To: Collaboration

View more SOFTWARE special reports