How not to be an Unwitting Purveyor of Spam

For all the talk about the eradication of spam and ways to filter or mitigate the impact of this unrelenting e-mail malice, there is one important question that we rarely ask ourselves – Is your company an unwitting purveyor of spam?  After all, the deluge of spam has to originate from somewhere, with a fair share of it coming from legitimate business entities who are probably none the wiser about the problem.

Today, I want to examine some measures that you can put in place to ensure that you do not become an unwitting purveyor of digital trash.

Outbound email monitoring

This could be done by reconfiguring an existing Intrusion Detection Solution (IDS) to track outbound e-mail connections.  In lieu of that, a cheaper implementation might be to tap into the Internet connection with a PC-based network sniffer via a mirrored port or Ethernet tap.

So what should the system administrator watch out for?  Primarily, a disproportionately high volume of outgoing e-mails from certain workstations could be the “smoking gun” that signifies nefarious spam activities.  Note that additional managerial oversight for the latter setup would probably be necessary, since it essentially opens the doorway to company-wide monitoring of Internet traffic; also, compliance laws might stipulate that actual e-mail contents cannot be stored to disk.

Check for your company’s IP address in blacklists

I remembered trying to solve a problem involving a surge in undelivered e-mails in my early days as a system administrator.  It was a bizarre case as I determined the root cause to be the blacklisting of my e-mail server’s IP address for purported spam activities.  To cut a long story short, the investigation found nothing wrong with the e-mail server, but eventually unearthed a malware that had transformed a client computer into a zombie node quietly sending out copious amount of spam messages.  This culminated in the affected IP address being blacklisted.

While not useful alone, I would advocate monitoring for your company’s IP address in popular repository of blacklists as part of a muti-layered defence strategy.  It’s better late than never, as they say.

Use a different IP or domain name for your mail server

This pre-emptive idea involves making use of a separate IP address or even a different e-mail domain for hosting the e-mail server.  The idea here is simple: a non-hosted e-mail server should never share the same IP address as the main office network.  The logic behind that is to prevent any damage to the reputation of the server (or IP address) from a malware infested workstation.  The alternative could result in the automated blacklisting of your e-mail server by spam appliances and filtering software, delaying or blocking important e-mails.

Mind your Wireless APs

It might appear a little strange to be talking about protecting your wireless access point (AP) on a blog dedicated to combating spam.  As I pointed out earlier though, the fight goes both ways, with one vital way of stymieing the flow of spam is to not become an unwitting distributor of spam.  Unlike traditional wired local area networks, a wireless infrastructure can be remotely compromised – possibly at great distances – for the purpose of sending spam.

And where wireless APs are concerned, I have seen way too many corporate and personal networks that either don’t implement any form of security, or use already compromised protocols such as WEP.  In addition, a number of tools to make an AP out of ordinary Windows 7 workstations with a wireless adapter; employers might also set up their own physical APs for convenience or to circumvent company restrictions.

There are too many vectors to be covered effectively here.  At the end of the day though, I would advocate that companies steering clear of consumer offerings, but instead settle for a business-grade Wi-Fi solution such as those from Ruckus Wireless and HP.

Periodically check that the unsubscribe functionality works

Nothing irks users more – and compels them to blacklist a company, than e-mail newsletters or mailing lists that they are unable to unsubscribe from.  This could be due to the absence of an unsubscribe link, or more commonly, a non-functional one.  Periodically check that the unsubscribe feature is working and not broken due to a server upgrade or security patch.

Do you have any other suggestions to add to the above list?  I would love to hear your suggestions.