Spamfighting Bootcamp Week 9: Good To GoWritten by Casper Manes on April 5, 2012
Well good morning recruits. Recruits? No, that’s not right. You’re not recruits anymore. You’re lean, mean, spamfighting machines! For the past nine weeks you’ve been trained, educated, molded, and formed. You now have the knowledge, the skills, mental skills, and intestinal fortitude to take the fight to the enemy. Let’s review how far we have come since day one.
We welcomed a bunch of raw recruits to the program. You were so green, but also, so full of promise.
How can you overcome what you do not understand? Here we got into the mind and the motivation of the spammer.
False positives are the bane of our existence. This week we learned how to make sure we do not get mistaken for the enemy.
Sometimes you have to make the best with what you have in hand, and here we looked at some of our mailservers’ built-in defences.
Try as we might, the enemy might just manage to slip through, so this is where we discussed how critical it was to ensure our clients have their own protections.
This is where we learn about how to win the hearts and minds of our users.
Third party software solutions for anti-spam are often the best choice for our defences. Whether to run them on their own hardware, or add them to our mail servers is a choice that requires careful consideration.
Then there’s the appliance option. They can be a strong ally or a serious challenge to your success, depending upon how you go into the arrangement.
Moving the fight to the front lines, and as far away from our borders as possible, is an effective tactic worth consideration.
But before we cut your orders and ship you out to the big show, let’s review some last words of wisdom from your ol’ Gunny. You can live by them, or you can die by them. Well, okay, that might be overstating things just a little bit, but your if your quarantine folder fills up and your users go over quota in their inbox, and someone clicks the wrong link or falls for a phishing scam your boss may want to kill you, which is close enough to count.
- Spam is a fact. There will always be spammers out there who are sending their junk, because it costs them very little, and even when their success rate is a thousandth of one percent, it’s still profitable for them.
- There is no single defence against spam.
- Combatting spam requires a layered defence, constant vigilance, and the educated cooperation of your users.
- No matter how hard you try, no matter how good or how many layers of defence you have, something is still going to get through. That’s why your users must be able to recognize spam for what it is, and not fall for phishing scams. That’s also why you want to have web monitoring software in place to block access to those phishing sites, but that’s a topic for another blog.
- You owe it to your users, your customers, and you company’s reputation to filter outbound email just as diligently as you do inbound. Outsource email marketing campaigns to a third party, and use a subdomain to minimize any negative impact to your production email systems and domains.
- Users will access their personal email accounts from their work computers. Stop trying to block that, or pretend it doesn’t happen, and make sure you give them protections on the client PC to make up for any shortcomings at their ISP. That means antimalware software, a mail client that they can use that doesn’t include web mail, and education to help them stay safe.
- Support well written legislation in your country that seeks to combat spam, but speak out clearly and contact your elected officials when poorly written legislation is proposed. Remember very few politicians come from a technical background, so don’t assume that they will recognize when a law is too broad, or too narrow.
The fight against spam will be a campaign to rival the Hundred Years War. But we’re in it to win it, and together, we can make a difference. You’re not green recruits, FNGs, nuggets, or fresh meat any more. You’re ready. Go out there, engage the enemy, and make me proud!