The email protocol has existed since 1982 and today's email software is still compatible with the original specification. Although this is practical for users, it involves considerable effort in securing e-mail communication.
SCC continuously optimizes reception and sending of emails while considering security principles and adapts them to new circumstances. This is necessary to protect KIT users from spam, phishing and malware. It is also important to prevent sending of malicious emails from KIT in order to maintain the good reputation of the KIT mail servers. Poor reputation caused by sending unwanted or even malicious emails leads to temporary rejection of emails sent from KIT to external mail servers.
Examples of malicious emails are emails containing phishing or malware. The designation of an email as spam indicates that it is not a targeted email, but one that has been sent in bulk and is unwanted by the recipient. It is not automatically malicious, but it can be. The KIT spam filter is used to detect spam in general and phishing in particular. Several heuristics have long been in place on the KIT mail servers to detect malicious emails and automatically handle them accordingly. The widespread security functions SPF, DKIM and DMARC have also been used at KIT for a significant time. This has considerably improved the reputation of the KIT mail servers and thus the deliverability of emails from KIT members.
The customizable spam filter rules are constantly being expanded by the mailhost team. The KIT-CERT in particular plays a supporting role here. The feedback from KIT users is taken into account and incorporated into the rules. Unwanted e-mails can be conveniently reported via the spam reporting procedure. If phishing or malware is suspected, the email should also be sent as an attachment to cert∂kit.edu.
The previously used spam filter "spamassassin" was replaced by the more modern and significantly more powerful product rspamd in September 2021. Due to the positive experience with rspamd, paid data sources for this software are also in use since the beginning of 2026. This further increases email security and supports the open source project at the same time.
In the past, phishing emails sent using compromised KIT accounts have regularly put members of KIT at risk, as internal email traffic was only checked for malware. To remedy this serious problem, since April 2024, KIT-internal email traffic has also been routed through the spam filter and malware check of the KIT mail servers. Since September 2024, external emails with non-existent domains in the sending address are no longer being accepted. Since May 2025, this is also applied to internal emails. Such sending addresses are often used by spammers and are not useful anyway, as replies are not possible.
In February 2026, the use of non-KIT sending addresses via the KIT mail servers was prohibited as well. This was necessary to prevent sending emails with forged sender addresses via compromised accounts, which damages the reputation of the KIT mail servers. To stop compromised KIT accounts from sending spam, stricter rate limiting was implemented on KIT's outgoing mail servers in April 2026, slowing down a single sender trying to send large volumes of spam. This enables the mail host team and KIT-CERT to react to rate limits that have been exceeded and, if necessary, to completely block sending addresses before a large amount of spam can be successfully delivered.
The measures described make it clear that reliable and secure operation of the email infrastructure is subject to constant challenges. The mailhost team is already planning more changes that will be implemented to further increase the security of KIT members.
Contact at SCC: Mailhost team