Cybersecurity photoRAC’s Cybersecurity Efforts

To date, there have been no direct successful attacks on the RAC computer system or the RAC email alias system.

Unfortunately attempts to defraud people through email messages and phone calls are a part of the world we live in today.

We will continue to take measures to ensure that our computer system is as safe as possible and that our members are provided with information.

Radio Amateurs of Canada is continuing to increase our cybersecurity. We do not keep any financial information and only widely available personal information (such as name, call sign and dates relating to current membership) is available in our system so our risks are considerably less than compared to commercial systems.

Note: Radio Amateurs of Canada collects personally identifiable information about you when you voluntarily provide it. When you apply for membership and subscription services, or provide your personal contact information for publication or product orders, every effort will be made to ensure that the information provided will be securely maintained. For more information please see our Privacy Policy.

We continue to stay abreast of any changes in cyberthreats and their responses. We are also planning on making available to members the use of security systems you may already be aware of in other systems – such as providing for the use of complex passwords (requiring at least eight characters, capital letters, numbers and special characters) as well as Two-Factor Authentication to log in to our website. We will provide additional information on security updates on this webpage as they are made.

We have been informed that a small number of @rac.ca alias users have received threatening scam/ransomware emails apparently both sent from their @rac.ca address and sent to their @rac.ca address. All of the individuals who have contacted us recognized the email as being a scam and several have forwarded a copy to us so that we can alert our members. If you receive one of these emails, the simplest thing to do is to ignore it and delete the email: receiving the email and then deleting it should not cause any problems. Here are some Q&As to help you understand the RAC email alias system and also some helpful tips in avoiding email scams.

The RAC email alias system: Q&As

Note: Due to ongoing issues involving communicating with Hotmail-based email accounts, we do not recommend setting up a RAC alias or main user account pointing to a Hotmail-based email address.

What is a RAC email alias?

A RAC email alias is an email address of the form , where callsign is your Amateur Radio call sign. When somebody sends an email message addressed to , the message is first delivered to the RAC computer. That computer then looks up your real email address, and re-delivers the message to your regular mailbox. You receive the email as you normally would, but the sender never has to know your real email address.

Why would I want an email alias?

The primary reason is that among Radio Amateurs call signs are familiar and easy to remember. If you speak to someone on the air (especially on the Amateur Radio satellites) it is far easier and less error-prone to tell them “my callsign at rac dot ca” than to spell out most real email addresses.

Other possible reasons include:

  • You wish to let other Amateurs know that you are a member of Radio Amateurs of Canada.
  • Your real email address changes from time to time and you want an address that stays the same “forever”.
Why would I not want an email alias?

Someone who wants to send you an email may be able to guess that you have an email alias at rac.ca. If you don’t want to receive any messages from people you don’t specifically authorize, you may not want to get an email alias.

Who is eligible to have a RAC email alias?

Any member of Radio Amateurs of Canada. This is a service we provide free of charge to our members.

How do I obtain an email alias?

Send a request to the RAC webmaster by completing the online form by clicking the following link: Webmaster

How do I change or delete my existing email alias?

Send a request to the RAC webmaster by using the online form at webmaster.

Do I need to change any settings on my computer?

No. The RAC system will forward your email to your regular mailbox, as you specified when you set it up. You’ll receive that email when you check your regular email. No changes are needed.

Unless you check the email header you will not know whether the email came to you directly or through the RAC email alias system.

What if I want replies to come to my email alias?

Your email client may provide a way to set a “Reply-To” address in your outgoing messages. If so, you may want to set that address to your email alias address. This could be useful if you anticipate that your real email address may change soon. Otherwise, there’s really no point.

What if messages appear to come “From” my email alias?

No emails can originate from the RAC email address. It is possible to make email appear to come “From” the email alias address but this is not recommended. The exact procedure for doing this depends on your email program. Be aware that some email providers may not permit this type of address forgery. In general don’t attempt this and be suspicious of any email that appears to come from a RAC email address.

How do I receive email sent to my email alias?

You only need to check your regular email and any messages that have been sent to your email alias will be in there too.

How should I start using my email alias?

The first thing you should do is to send yourself a test message to your email alias address () and wait for it to come back. If it comes back, you’ll know that everything is working properly. If you receive an error message instead, please read the error message to see what went wrong. If it doesn’t make any sense to you, please contact the RAC webmaster at by completing the online form at webmaster and provide a brief explanation of your problem. A volunteer will respond within a few days.

Some email providers will block messages that go out from their system and then also come back into their system from the outside, so it is possible that your test message may fail as a result. If this is the case then you may still be able to use your email alias, but note that other users of the same email provider will not be able to send you email using your email alias.

The second thing you should do is to decide how widely you will publish your email alias address. You may wish to keep it fairly private and only tell specific people you meet (on the air or otherwise). In that way, it is unlikely that your email alias address will end up on any commercial “spam” mailing lists. Or, you may decide to use your email alias address as your primary address and put it on your webpage, on your QSL cards, in the “signature” at the bottom of the email messages you send, and so on. It’s up to you.

Once you’ve told people about your email alias address, you don’t have to do anything special. Just wait for email to arrive. Don’t forget to change your email alias if your real email address changes.

Can I receive large email messages or attached files via my email alias?

Yes. There is no limitation imposed by the email alias system. However, if you expect to receive a lot of large messages or attachments from one sender, it would be quicker and more reliable if you gave him your direct address.

Actually, there is a limit, based on how much disk space is free to store your message. But it’s a really big limit, and generally you won’t have a problem.

Can I use my email alias to receive large numbers of email messages?

Yes. There is no limitation imposed by the email alias system. However, if you expect to receive a lot of messages from one sender, you may want to give him your direct email address. It will be faster and more reliable.

Can I count on the email alias service to be around forever?

We expect to operate the email alias service indefinitely, but of course there are no guarantees.

Can I rely on the email alias service to be reliable?

Generally yes, but network outages and local problems at the RAC server can cause occasional disruptions. We make no promises about that, although we try to correct any problems as quickly as we can. Our system is maintained by volunteers and we may not be as quick recovering from problems as commercial email systems.

Is the email alias service private?

Generally yes, but not absolutely. The RAC system logs sender and receiver address and message length. The message content is stored briefly on the RAC system before being relayed to your mailbox. The system administrators generally do not look at specific messages, but reserve the right to do so when necessary. We take reasonable precautions to prevent others from having access to the system.

Will the email alias service protect me from receiving spam?

We do use a spam filter but it’s not really possible for the RAC system to do a perfect job of determining which messages are spam and which are not. Some spam may slip through and some some legitimate email messages may be blocked. Members will be notified that a message sent to their @rac.ca address has been caught by the filter and the RAC system tags the email with its judgement of how spam-like the message appears to be and marks the offensive email messages with *****SPAM***** in the subject line .

The best place to filter spam is where you have personal control over it, and where you can check up on how well it’s doing – on your own computer.

I seem to be receiving spam from another email alias user. Can you stop it?

No. As mentioned above, users of the email alias service do not send email through the RAC system, they only receive email that way. Since the RAC system is not involved in sending the message, there’s no way it can prevent any type of abuse.

Note that it’s very likely that the message you received wasn’t sent by the alias user at all. It’s quite common for spam to be sent with a forged “From” address.

For more information please visit: rac-alias-email-address-targeted-by-scammer

What’s the best way to protect myself against spam?

The only way to protect yourself is to make sure your email address never goes out to anybody you don’t trust to keep it secret. That’s really hard, and pretty much impossible if you want to be able to receive email from people you dont know.

A complete tutorial on all the ways your address can get out is beyond the scope of this FAQ. There are some services out there that try to block spam. They probably work most of the time. Sign up for one if its worth the money to you. Note that spam-blocking systems invariably risk blocking some messages that are not spam. Better ones minimize this problem.

Whats the best way to react when I receive spam?

Just delete it. Don’t waste any time getting angry. Dont reply or use the supposed “remove me” address that might be in the message (that might be taken as confirmation that your address is real). Dont bother reporting the spam to anybody; somebody else will have already done so.

You may find, as I have, that if you give each spam message only two seconds of your time, spam isn’t really a very big problem after all. If youre filtering out spam email, you may also want to tune your filter to reject similar messages in the future.

Will the email alias service protect me from viruses or worms?

No. The email alias service makes no attempt to filter out dangerous messages.

I have received a virus or worm from another email alias user. Can you stop it?

No. As mentioned above, users of the email alias service do not send email through the RAC system, they only receive email that way. Since the RAC system is not involved in sending the message, theres no way it can prevent any type of abuse.

Note that its very likely that the apparent sender is himself a victim. If you think he might not have been otherwise warned, you may want to let him know hes infected.

Whats the best way to protect myself against viruses and worms?

Don’t open attached files from email messages. It’s only safe to do so if you know the sender, are certain that he meant to send you the file, and are also certain that he himself (and anyone else who uses his computer) is also extremely careful. This is a tough set of conditions to meet. If you aren’t really sure that the sender is very careful about safe computing, at least run the file through an up-to-date virus scanner before you open it. Some virus scanners can work with some email programs to do this automatically.

Some email programs can be configured to open attachments automatically. Don’t let yours do that. Check the documentation or the author’s web site for information on how to use your email program safely. You might even need to install some patches or upgrade your email software in order to be safe.

Some attachments are pretty benign. It’s probably safe to open a JPEG or GIF picture, for instance.

What’s the best way to react when I receive a virus or worm?

If it hasn’t infected your computer, just delete it. If it has, you’ll need to look into some antivirus software to restore your system. Until you do, dont let your computer connect to the Internet.

Tips on Avoiding Email Scams:

Here are a few tips on how to avoid email scams:

  1. Filter spam.
  2. Don’t trust unsolicited email.
  3. Treat email attachments with caution.
  4. Don’t click links in email messages unless you are confident you know who the sender is.
  5. Install antivirus software and keep it up to date.
  6. Install a personal firewall and keep it up to date.
  7. Configure your email client for security.

In closing, any email claiming to have your @rac.ca address and password is a scam and should be deleted.