Spamfighting Bootcamp Week 9: Good To Go

Written by Casper Manes on April 5, 2012

Well good morning recruits. Recruits? No, that’s not right. You’re not recruits anymore. You’re lean, mean, spamfighting machines! For the past nine weeks you’ve been trained, educated, molded, and formed. You now have the knowledge, the skills, mental skills, and intestinal fortitude to take the fight to the enemy. Let’s review how far we have come since day one.

Spamfighting Boot Camp: The Mission

We welcomed a bunch of raw recruits to the program. You were so green, but also, so full of promise.

Spamfighting Boot Camp Week 1: Know Your Enemy

How can you overcome what you do not understand? Here we got into the mind and the motivation of the spammer.

Spamfighting Bootcamp Week 2: Beware of Friendly Fire

False positives are the bane of our existence. This week we learned how to make sure we do not get mistaken for the enemy.

Spamfighting Bootcamp Week 3: Improvise, Adapt and Overcome!

Sometimes you have to make the best with what you have in hand, and here we looked at some of our mailservers’ built-in defences.

Spamfighting Bootcamp Week 4: A Well Regulated Militia

Try as we might, the enemy might just manage to slip through, so this is where we discussed how critical it was to ensure our clients have their own protections.

Spamfighting Bootcamp Week 5: The Last Line of Defense

This is where we learn about how to win the hearts and minds of our users.

Spamfighting Bootcamp Week 6: Gearing Up

Third party software solutions for anti-spam are often the best choice for our defences. Whether to run them on their own hardware, or add them to our mail servers is a choice that requires careful consideration.

Spamfighting Bootcamp Week 7: Allied Forces

Then there’s the appliance option. They can be a strong ally or a serious challenge to your success, depending upon how you go into the arrangement.

Spamfighting Bootcamp Week 8: Forward Operations

Moving the fight to the front lines, and as far away from our borders as possible, is an effective tactic worth consideration.

But before we cut your orders and ship you out to the big show, let’s review some last words of wisdom from your ol’ Gunny. You can live by them, or you can die by them. Well, okay, that might be overstating things just a little bit, but your if your quarantine folder fills up and your users go over quota in their inbox, and someone clicks the wrong link or falls for a phishing scam your boss may want to kill you, which is close enough to count.

  1. Spam is a fact. There will always be spammers out there who are sending their junk, because it costs them very little, and even when their success rate is a thousandth of one percent, it’s still profitable for them.
  2. There is no single defence against spam.
  3. Combatting spam requires a layered defence, constant vigilance, and the educated cooperation of your users.
  4. No matter how hard you try, no matter how good or how many layers of defence you have, something is still going to get through. That’s why your users must be able to recognize spam for what it is, and not fall for phishing scams. That’s also why you want to have web monitoring software in place to block access to those phishing sites, but that’s a topic for another blog.
  5. You owe it to your users, your customers, and you company’s reputation to filter outbound email just as diligently as you do inbound. Outsource email marketing campaigns to a third party, and use a subdomain to minimize any negative impact to your production email systems and domains.
  6. Users will access their personal email accounts from their work computers. Stop trying to block that, or pretend it doesn’t happen, and make sure you give them protections on the client PC to make up for any shortcomings at their ISP. That means antimalware software, a mail client that they can use that doesn’t include web mail, and education to help them stay safe.
  7. Don’t make spammers’ jobs any easier. Make sure the enemy cannot conduct directory harvesting attacks against your MTA, and don’t put email addresses on your website in a format that lets any simple spider find them. Think contact forms, Javascript, etc., to hide in plain sight.
  8. Support well written legislation in your country that seeks to combat spam, but speak out clearly and contact your elected officials when poorly written legislation is proposed. Remember very few politicians come from a technical background, so don’t assume that they will recognize when a law is too broad, or too narrow.

The fight against spam will be a campaign to rival the Hundred Years War. But we’re in it to win it, and together, we can make a difference. You’re not green recruits, FNGs, nuggets, or fresh meat any more. You’re ready. Go out there, engage the enemy, and make me proud!

Comments

Justin Harvey April 6, 2012

Nice recap, are there any similarly planned series like this one we can expect in the future? I personally would like to see something similar geared more towards the consumer environment that I could share with friends and family.

Casper Manes April 11, 2012

Glad you liked it Justin. Thanks for the inspiration; I’ll see what I can come up with!
Cas

  • (required)
  • (required)