By Mike Mullins
Unsolicited e-mail, better known as spam, is a hot topic these days—and not just in the IT industry. Dealing with spam has become a daily task for most users, and it's become such an issue that Congress recently created the first federal law regulating spam—the CAN-SPAM law.
Spam doesn't just consume bandwidth, processor time, and storage space on your servers. It also reduces user productivity and has served as the delivery method of viruses and other harmful attachments to unsuspecting users.
Controlling spam has become a nightmare for most organizations. Let's look at some ways you can win the war against unwanted e-mail.
The first step in fighting spam is making sure you're not a part of the problem. Turn off SMTP relay.
Open the Exchange Administrator Program, go to Connections for your site, and open the properties for the Internet Mail Service Connector. On the Routing tab, make sure that mail relay is disabled.
Note: If you're allowing POP3 or IMAP4 clients to retrieve mail, you must enable mail relay, and you should also enable authentication.
Know your options
There are a multitude of products designed to integrate with local e-mail clients. However, many are inefficient and can block legitimate e-mail. This approach places an enormous burden on end users.
There are several enterprise solutions that integrate with various e-mail servers. However, the mail server is the wrong place to filter spam.
The mail server must accept a message before it can process it through the spam filter. This increases processing time and storage requirements while the server checks the message.
This is the ideal location to block spam. There are several enterprise antispam gateway products that provide excellent identification of spam and deny delivery to the enterprise mail system.
User education and a little ingenuity is another good starting point. By educating your users, you can keep them from posting their e-mail address across the Internet. Spammers and hackers harvest addresses from other systems and use posted addresses to bombard servers.
Most Web sites require a valid e-mail address for registration. But many of these sites sell or trade e-mail addresses to spammers.
You can mitigate this practice by creating a mailbox that's accessible to all users and adding it to their profiles. Tell them to use this mailbox address if they need to enter an e-mail address on a Web page. Disable sending from this common mailbox, and clean it out every day.
Defeating spam requires a combination of approaches. User education, diverse filtering, and automation of your antispam solution are the key.
Don't run open mail relays, and implement a solution that fits your enterprise budget without increasing the burden on your administrators and mail servers.
Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.