Many organisations that implement an email anti-spam solution will apply a multi-layered approach.  They will implement a system that includes content filtering, IP block lists, quarantine of suspected spam items, Bayesian detection, and other important features.

Unfortunately all too often they will forget the last and most important line of defense against spam – the end user.

Spammers want to fool computers first

Spammers will use many tricks which evolve over time to try and bypass the sophisticated anti-spam systems protecting email servers around the world.  The spammer will misspell keywords, stuff email messages with harmless looking text around the malicious content, hide text within images, forge sender email addresses, relay through insecure email servers, and blast spam messages out to millions of recipients as quickly as possible to try and get past the filters before they are updated for new spam techniques and signatures.

Only the most aggressive anti-spam system configuration can prevent 100% of spam content from reaching end users.  This level of protection is usually impractical for businesses because of the resulting number of false positives (genuine email treated as spam) which may disrupt important business communications and cost thousands or even millions of dollars as a result.

This risk means that most businesses will tune an anti-spam system to prevent false positives, the end result of which is usually a small number of false negatives (spam treated as legitimate email).

Spammers want to fool people second

Although bypassing spam protection is one goal of the spammer, their main goal is to trick the end user who receives the spam into taking some action that generates revenue for the spammer.  This can range from enticing the end user to buy fake or counterfeit products to requesting that they send money to the spammer or participate in money laundering schemes.  Sometimes the goal of the spammer is to fool the user into installing malicious software so that their computer can be used as a bot or zombie to send even more spam to other people.

At any time of year you will usually find spammers exploiting current world events in their efforts to fool people.

Recent spam schemes

Over the last three months we have seen the following spam that tries to use current events to trick email users.

• Holiday greeting card spam leading up to Christmas
• Spam targeting people who have lost their jobs in the global economic crisis
• CNN spam about the Israeli-Palestinian conflict
• Spam claiming US President Obama resigned on inauguration day
• Identity theft spam during Canadian tax season
• Valentine’s Day spam to trick users into installing malicious software

How to maintain a defensive mindset for email users

Spammers rely on this type of end user thinking:

“Spam is all about Viagra and fake Rolexes … oh look a nice Valentine’s Day message… *click*”.

A savvy end user thinks this instead:

“Spam can appear to be anything from anyone. This does not look like a genuine business email, so I won’t click on the link”.

There are some steps you can take to maintain a spam-aware mindset in your end users.

• Educate users on proper use of the business email system.  Encourage them not to share their email address with non-work related websites or by participating in joke and chain letter email forwarding.
• Make users aware of the anti-spam system that is in place, what a false negative is and what a false positive is.
• Provide regular cues to users on the workings of the anti-spam system.  Use a daily digest email summarising the spam that has been blocked for that user in the last 24 hours.
• Involve users in the tuning of the anti-spam system by educating them in the use of personal white lists, block lists, and end user accessible quarantine.
• Announce via newsletter or bulletin email the latest spam threats (such as those listed earlier) as they begin proliferating.

End user education is key to preventing successful spam attacks.  Always consider end users as your last line of defense against spam.  Implement training programs, regular communications, and an anti-spam solution that permits end user involvement in order to maintain a high level of awareness of the threat of spam.