Why You Need to Pamper Your Spam FilterWritten by Malcolm James on November 8, 2012
If you send emails frequently (and we assume you do), then it’s a safe bet that you know how to work with spam and spam filtering. The savvy emailnaut knows the tricks, recognizes the tactics and generally knows how to react when an unwelcome email pokes its ugly little head out.
But protecting email inboxes from spam is like playing whack-a-mole. If it was always the same sender, always the same subject and always the same malicious attachment, it would be a relatively simple matter to, er, whack the nasty stuff. But like the frustrating carnival game, the emails come in a frenzy, wearing disguises that aren’t always easily deciphered, carrying payloads that pretend to be harmless photos or monthly progress reports. Suddenly, you wish you had more hands to wield whacking sticks, and the keen eye and lightning-quick reflexes you boast about around the company water cooler seem more like myopic attempts at running through waist-deep mud.
Spam filters need to be pampered, because spam, like life, isn’t static. Even with enterprise grade spam filters, which are fantastic for protecting a network’s perimeter, end users are still faced with the tempting ability to train Outlook through Rules and Alerts. In the wrong hands, that can have disastrous results.
Take, for example, Howard Jordan, soon to be the former Chief of Police for the Oakland Police Department. The head of law enforcement for San Francisco’s neighbor across the bay recently came under an immense amount of scrutiny because he admitted that for more than a year, his spam filter has been depositing certain emails – ones containing phrases like ‘police brutality’ and ‘occupy Oakland’ – in the trash. The department has been under fire for allegations of excessive force that date back to last year’s Occupy protests, and Mr. Jordan’s desire to filter out the moles had the unintentional effect of filtering out legitimate emails relating to the ongoing police abuse scandal.
According to the reports, Jordan “was sent several official messages about the case, but never responded.”
After an investigation, it was discovered that Jordan had instructed his IT staff to filter out unsolicited emails from the public so he wouldn’t have to read them. Hmm. For the Chief, whose fate will be decided in December by a judge who will rule whether to turn the department over to a federal receiver, his jig was up when a court-appointed monitor emailed Jordan with the subject “Disciplinary actions – Occupy Oakland.” According to the Independent:
“The Chief did not apologize for using the email filter, but said he regretted that the important email had gone astray. “It was never my intention to ignore the monitor,” he claimed.”
How to pamper your spam filter
It seems pretty obvious to us, but users don’t always understand the significance of their actions. In many instances, they’re like kids on Christmas day, proud of themselves when they figure out how to manipulate a piece of technology. There are some rules of thumb that can help users understand how and when to use blocking technology:
1. Check the junk folder frequently – no matter how good spam filters are, they rely on heuristics and rules to assess the validity of email, and sometimes legitimate mails get relegated to the junk folder. It may not seem like a huge deal, but in a world where non-repudiation is an important part of doing business, emails from clients outlining contractual obligations or delivery schedules are time-critical. Just as important, when people don’t receive a reply to an email, they assume they’re being ignored, and that can result in lost business.
2. Watch your phrases – end users don’t always think of the implications, but the phrases one chooses to identify illegitimate email must be chosen very carefully. In the example above, the Oakland police chief was quite indiscriminate in the phrases he chose to flag emails. The best rule of thumb here is, if you can imagine a phrase being used in a legitimate way (for example, ‘improve your business,’ or ‘on sale now’), then don’t add it to the filter.
3. Ask IT – encourage end users to ask IT staff when they’re not sure. It’s probably the case that emails with offending messages are already being filtered on the network periphery. If a user detects that something bad has gotten through, tell them to advise IT so the professionals can massage spam filters. Most users are very good at helping when they understand the playing field. Even though Chief Jordan is still to blame, the IT staff should have advised him of the dangers of his directive.