Security

How to stop spam and keep e-mail moving

Spam is more than a nuisance; it is a serious threat to your network. Managed properly, e-mail filtering software can reduce the risk. Here is how to tune your filter so it stops spam without choking off enterprise e-mail.


Spam is not only a nuisance, but it can also be hazardous to your network. Many computer systems are increasingly vulnerable to viruses and cyberattacks, many of which arrive by unsolicited e-mail.

The National Research Council estimated that U.S. businesses spent about $12.3 billion to clean up the damage from spam in 2001 and predicted even higher costs in 2002. How can IT managers stop the proliferation of spam without hindering internal communications?

The Computer Science and Telecommunications Board, part of the National Research Council, blames the growing problem on firms that are not implementing available security measures. Researchers from the group urged companies to make use of available technologies, such as e-mail and Web filtering software, to reduce the risks to corporate networks.

SurfControl is also tracking the growth of spam with its RiskFilter database, part of the SuperScout Email Filter software. The RiskFilter database is a constantly updated Signature Database List of junk e-mail.

“Companies are seeing a huge increase in spam and junk e-mail,” said Kelly Haggerty, SurfControl's vice president for Global Product Development. "This kind of traffic can seriously pollute a network, and there are a few simple steps systems managers can take to alleviate many of the headaches,” said Haggerty.

Here are Haggerty's top five antispam tips for IT managers:
  1. Tell users never to respond to spam e-mail messages. Sending a reply, even if it's a request to be taken off a list, confirms a user at an address and encourages the spammer to send more mail.
  2. Include guidance in your Internet use policy forbidding the use by employees of their company e-mail addresses when surfing or shopping online.
  3. Subscribe to "real time black hole" list services that block delivery of e-mails from known spammers.
  4. Subscribe to a Signature Database List, which prevents the delivery of known spam and other digital junk. And make sure you update the subscription list regularly to ensure the most complete protection.
  5. Install content filtering tools that scan and block e-mail messages that include suspect text like "Get Rich Quick" or similar subject words and phrases, and those with multiple forwards or huge distribution lists.

Scouting antispam services
There are plenty of antispam services on the market. Brightmail is just one example of many. It currently serves eight of the top 11 ISPs with antispam technology. Brightmail reported that over the past month, there has been a 16 percent increase in spam attacks.

To fight the increase, Brightmail has a spam attack analysis center staffed 24 hours a day by e-mail experts. When a new spam attack is launched, Brightmail picks it up through its hundreds of thousands of e-mail addresses placed at strategic domains across the Internet.

The spam experts quickly analyze the spam and write filtering rules that will block it out before the attack can reach most e-mail users among its clients.

MessageLabs’ SkyScan Anti-Virus service is another provider that intercepts offending e-mails at the Internet level, before the spam reaches customers’ networks. MessageLabs estimates that U.S. inboxes will receive more than 62 billion spam e-mails this year.

SkyScan stops unsolicited e-mail from entering a business's network by checking all incoming mail against recognized public blacklists, which detail e-mail addresses for known spam offenders. In addition, customers can create their own blacklists.

John Harrington, director of marketing at MessageLabs, said it is also important for IT managers to educate end users. He said a lot of the problems could be overcome by implementing the simple tips noted earlier and by implementing a managed service.

Rick Romkey, general manager and chief operation officer at Activis acknowledged that these managed services may not be able to stop all spam, however. Activis also provides IT managers with a service called e:)scan. It also traps spam before it hits the company servers.

“First and foremost, don't expect that this will stop all spam. It is a best-effort to reduce the amount of noise that reaches an employee's desktop, and e:)scan can allow an administrator to set the sensitivity threshold used when scanning e-mails for spam,” said Romkey.

“If a high level of sensitivity is selected, e:)scan will block and quarantine more potential spam e-mail than at lower levels.”

Let users help manage spam
Yori Nelken, chief technology officer and founder of Banter Inc. said that it is important for IT managers to talk with the users before implementing these types of services. Banter Server provides a system that uses language-processing technologies to manage incoming e-mails.

“What one person may believe to be spam may be deemed by another in the same organization to be informative,” said Nelken.

“Survey your users or employees and figure out exactly what they perceive as spam. From that survey, create a map of what it is exactly you're trying to block.”

With Banter Server, an IT manager could decide whether to block material on a corporate level, department level, or personal level. The ability to fine-tune the process on each level is done by constantly providing feedback to the system.

But even with spam blocking services and programs, IT managers still have to deal with spam that sneaks through the system undetected. Ted Brockwood, IT manager at KVO Public Relations said he deals with this problem on a daily basis.

He uses a product called Trend Antivirus to scan incoming mail. “I generally archive anything that might be spam; then, I sift through the archive every day to ensure the filter hasn’t inappropriately blocked a message,” said Brockwood.

“Blocking spam is very time-intensive. We're blocking anywhere from 100-400 pieces of junk mail a day while we only have 45 active mailboxes here. And even with a product as solid as Trend's, we're still finding spam gets through as the spammers find more creative ways.”

Kaitling Duck Sherwood, author of Overcome Email Overload, said that the main problem with filtering technology is that it is a pass-fail system. 

“Unfortunately, while a given feature may mean that something is ‘usually’ spam, that doesn’t mean that it is ‘always’ spam. A better strategy is to use fuzzy logic,” said Sherwood.

“Scoring is one way to do this. For example, if the message is from someone I know, add 200 points. If it's got an embedded image, subtract 100 points. If it doesn't have a ‘real name,’ subtract 50 points. Then, kill anything lower than a certain value.”

 

Editor's Picks