Anti-Spam is Not One Size Fits All

Anti-spam technology encompasses a lot of different practices, techniques, and systems for detecting and blocking spam emails.  Customers sometimes look for a turnkey, push button, set and forget anti-spam solution that will “just work”.

The reality is that not all anti-spam techniques are suitable for all occasions, and often require specific configuration or tuning to suit a given environment.  Here are some examples:

Recipient Filtering

This technique makes the assumption that email that is sent to a non-existent address is likely to be a spammer trying a dictionary attack, and should therefore be rejected.

However that assumption does not take into account some valid scenarios, such as:

• Email servers that are accepting email for other organizations and relaying it to them. In these cases the recipient does not exist in the first organization, but does exist in the second organization.  The first organization therefore must accept emails even for recipients that are invalid in its own organization.  This is quite common for two organizations going through a merger process.
• Companies that want to make use of a “catch all” mailbox to receive misspelled or incorrectly addressed email that might be critical to their business, such as sales and customer service enquiries.

Content Filtering on Specific Keywords

About 10 years ago it was very common to do anti-spam filtering by using a list of specific keywords and phrases.  Some organizations try to continue this technique even today, and it can work well, but in some industries it is impractical or impossible to block certain keywords that most people would associate with spam.

• Pharmaceutical companies and their partners would not want to block the names of certain products, even though those product names are frequently used by spammers selling counterfeit versions of them.
• A jewellery business cannot treat the word “Rolex” in emails with the same level of suspicion as other businesses.

Blocking Top Level Domains

There are statistics that show that certain top level domains are frequently used when sending spam emails.  A business that deals only within their own city or country has little to lose by blocking those top level domains from sending them emails; however a global corporation cannot do the same thing without potentially cutting themselves off from entire markets.

Worse, if a global corporation are themselves using multiple email domains they could potentially cut off parts of their business from communicating with each other, if this sort of blocking was applied too strictly.

One Size Fits All

Instead of looking for a “one size fits all” anti-spam solution you should instead look for a flexible, highly configurable product that can be tailored to suit your specific business environment.  When a solution is properly implemented and configured it is far more effective than blindly following other people’s version of “best practice” for preventing spam.