You might have been considering implementing a hosted spam filtering solution such as GFI’s Max MailEdge service, but are unclear as to how it works, and what reprecussions it might have on your existing IT infrastructure.

Simply put, the majority of hosted or cloud-based spam filtering works by redirecting incoming e-mails directly to the appointed service provider instead.  This is achieved by appropriately modifying the IP address listed under the MX configuration of the company’s domain. As a result, e-mails that come in are forwarded to the service provider’s servers first, before being rerouted to the “real” e-mail server.

Today, I’ve listed some important factors of a hosted spam filtering deployment that the technical manager will be interested in.

Freedom from the burden of processing spam

One of the key advantages of using a hosted provider to tackle spam is how it allows businesses to offload the computational and storage demands of eliminating spam to a service provider.  Unlike the hard to predict costs of operating and maintaining servers over any length of time, hosted spam filtering providers charge a fixed rate per protected mailbox, which serves to eliminate hidden or unanticipated costs.  Ultimately, this allows businesses to better track and budget for the cost of properly equipping each employee in the company.

Continue reading Some Reasons to Consider Hosted Spam Filtering»

One aspect of spam has to do with trickery, where users are cajoled or tricked into performing an action, usually in the form of clicking on a specially prepared URL link.  While the best way to stop the proliferation of spam would of course be the implementation of a good spam filter, the inevitable junk e-mail slipping is often an inevitable state of affair.

Rather than having to sort through the mess after the fact, one way that IT managers can turn the situation around is to train non-technical staffers to complement and enhance technical methods of identifying spam. Teaching employees how to identify spam is a good idea on a few fronts, such as allowing spam administrators to better refine or tweak existing spam filters.  In addition, savvy users dramatically reduce the possibility of malware being introduced through spam.

Continue reading Five Ways to Train Your Users to Identify Spam»

Fan noise, at least in the United States, can’t be too loud. For years, the faithful of the Minnesota Twins baseball club brought opposing teams to their knees with the ear splitting decibel levels they could reach in the now-defunct Metrodome. In fact, fans and the cacophony they create give clubs such an edge at home, they’re considered an additional player–the so-called 10th man in baseball or the 12th man in American football. So it’s puzzling to read about there being too much noise at World Cup soccer games.

When critics grouse about the noise levels at World Cup games, their favorite target is the vuvuzela. It’s a long horn that reminds one of those trumpets seen in movies about medieval times and is responsible for this eternal din that can be heard in the background of every World Cup match. The noisemaker has become so prominent of late that Amir Lev, spinner of the Security Levity column at Computerworld, decided to add his voice to the crescendo condemning the horn by comparing it to spam. So, in the tongue-in-cheek spirit in which that column was written, we submit for our readers’ consideration 10 reasons why vuvuzelas are not like spam.

10. Noise from vuvuzelas is continuous, but avoidable

It’s undeniable that the noise level from the vuvuzela is constant, just as constant as the stream of spam sprayed daily at our email boxes, but unlike the cynical senders of spam, vuvuzela players are celebrating a joyous event. Has anyone ever described the arrival of spam in an inbox as an event worth celebrating? In addition, avoiding vuvuzela noise is easy. Become a fan of nice quiet sports like golf and tennis.

Continue reading 10 ways vuvuzelas aren’t like spam»

Spamhaus won a legal victory late last week when a judge slashed a $11.7 million judgment against them to a mere $27,000. Judge Charles P. Kocoras of the Eastern District of Illinois ruled that the plaintiffs in the case, a marketing company called e360, had failed to make a credible claim for such high damages in its case against Spamhaus, which it accused of “tortuous interference with prospective economic advantage” and defamation for blacklisting them, causing 3 billion of the over 6.5 billion advertising emails it sent on behalf of their clients to be blocked.

The company first demanded $135 million in damages, and then dropped that figure to $122 and then $30 million. All were rejected by the court. The $11.7 million figure was entered and then promptly thrown out by an appeals court.

          “None of these figures was the product of expert testimony or use of a scientific or reliable methodology, nor based on relevant or supportable factual premises,” the judge wrote in a decision issued on Friday. “As a result, none of the above amounts can be relied on or be a reasonable basis upon which to base a damage award.”

He then awarded e360 just $27,000 for contract interference and rejected the company’s demand for a court order banning Spamhaus from blacklisting them ever again.

It’s not known just what was in the emails e360 was sending for its clients but it is interesting to note the company was sued in 2007 for violating the CAN-SPAM Act. According to its company profile, it does $130,000 in sales a year and has a staff of “approximately 1”. There is no website listed and the company has not publicly commented on the ruling.

Technically it wasn’t them but a third party marketing company they hired, but the irony remains. According to an article on The Register, a few months ago security firm Sophos was red faced after discovering the marketing company they hired was flooding blogs with comment spam. They quickly apologized and promised to give the company a stern talking to. It’s unknown whether that marketing company is still on the company’s payroll.

I find it incredible that this was allowed to happen in the first place. You’d think part of the agreement with the marketing firm was that all campaigns and ideas needed to be approved by Sophos before being put into action? If not it was a foolish mistake on their part. If the marketing company was supposed to get approval but didn’t bother, shame on them!

This illustrates the importance of really checking out any company you hire to do advertising, marketing or PR. These companies will be representing you and any mistakes they make will reflect on you. A good reputation takes a while to build but can be shattered in an instant. If you decide to work with a company, do your homework. Research them and get recommendations from colleagues, and have your legal department go over contracts carefully. Make sure you make it very clear the kinds of advertising and publicity techniques you are okay with and which ones are forbidden, and make sure you approve all campaigns before they are launched. Finally, make the consequences of any kind of spamming or SEO attack activity crystal clear.

Could your business become financially liable for spam that comes from your network?  It might sound far-fetched, but it could one day become reality.

The Email Security Matters blog notes a German court has ruled that home users could be fined for malicious or illegal acts that take place on their unsecured wireless network.  The focus at the moment seems to be on illegal downloads, but other issues such as spam could just as easily be thrown into the spotlight.

Fined for Being a Victim?

The implications for business are serious enough to take some notice.  Even the lawmakers who do make an effort to combat spam face the massive difficulty of enforcing their local laws across numerous international jurisdictions.

Faced with those challenges law enforcement may turn their attention to homes and businesses that are, by ignorance or laziness, allowing their computers and networks to be used as spam conduits.

I do sometimes wonder if spam would be taken more seriously if a server owner could be fined for their server being overtaken by spammers, or an ISP fined and shut down (not by upstream providers, but by legal or regulatory intervention) for sending spam.

Criminal liability is one thing, but precedents for civil liability could also be set.  Imagine a world where one company sues another for the malware or spam outbreak that originated from their networks and cost time and resources to combat.

Who is Really Liable for Spam?

But in reality where does the liability begin, and where does it end, if not with the spammer themselves?  Is the home computer user responsible for their computer becoming part of a botnet?  Or is the browser developer who allowed the cross-site scripting attack, the operating system maker for permitting the machine to be taken over, the antivirus vendor for not stopping the malicious code from executing, or the ISP for not detecting and blocking the resulting spam? Continue reading Will Businesses Need Spam Insurance One Day?»

A popular security term is “defence in depth”.  It sounds really clever and evokes images of multiple layers of protection from a threat.

An example of defence in depth would be a perimeter network firewall, a secondary firewall, third tier firewalls at branch offices, and maybe even client firewalls.  If one firewall fails, or is circumvented somehow, another one potentially saves the day.

It is a good concept but it naturally adds complexity to any environment.  And when applied to email spam and virus protection the complexity sometimes undermines the effectiveness and efficiency of the system.

Why Defence In Depth for Email Threats?

Quite a few years ago IT departments had a problem.  Email viruses would sometimes get through their servers and infect the network.  It happened when your server did not receive a new signature database from the vendor in time to stop the infection.

There were two underlying weaknesses with the older generation of email security products.  Firstly, they updated usually only once per 24 hours.  Secondly, they utilised a single engine for scanning emails for threats.

Under those conditions it made sense to deploy more than one product in a multi-tiered fashion, so that more than one detection engine could inspect the content.  If an outbreak did occur, you hoped that one of your vendors would get an update out fast enough to stop it. Continue reading Should You Use More Than One Anti-Spam Product?»

Anti-spam technology encompasses a lot of different practices, techniques, and systems for detecting and blocking spam emails.  Customers sometimes look for a turnkey, push button, set and forget anti-spam solution that will “just work”.

The reality is that not all anti-spam techniques are suitable for all occasions, and often require specific configuration or tuning to suit a given environment.  Here are some examples:

Recipient Filtering

This technique makes the assumption that email that is sent to a non-existent address is likely to be a spammer trying a dictionary attack, and should therefore be rejected.

However that assumption does not take into account some valid scenarios, such as:

• Email servers that are accepting email for other organizations and relaying it to them. In these cases the recipient does not exist in the first organization, but does exist in the second organization.  The first organization therefore must accept emails even for recipients that are invalid in its own organization.  This is quite common for two organizations going through a merger process.
• Companies that want to make use of a “catch all” mailbox to receive misspelled or incorrectly addressed email that might be critical to their business, such as sales and customer service enquiries.

Content Filtering on Specific Keywords

About 10 years ago it was very common to do anti-spam filtering by using a list of specific keywords and phrases.  Some organizations try to continue this technique even today, and it can work well, but in some industries it is impractical or impossible to block certain keywords that most people would associate with spam. Continue reading Anti-Spam is Not One Size Fits All»

We talk a lot about the importance of detecting spam in business email, and the challenges in maintaining a high detection rate with low false positives.  But we don’t often discuss the best way to take action on spam once it has been detected.

Typically an antispam product will offer four ways of dealing with spam once it has been detected:

• Deliver it
• Quarantine it
• Redirect it
• Drop it

Each action has its own benefits and drawbacks in an Exchange Server environment, so let’s take a look at those here.

Deliver It

This action delivers the email to its original intended recipient.  While this might seem like a pointless option (why would you want to deliver spam once it has been detected?) usually it is used in conjunction with some other action, such as tagging the subject line or message header with a spam tag.

The tag then allows spam messages to be identified by other servers or applications that can filter based on that tag.  For example, Outlook has Inbox Rules that can be configured to handle all items tagged as “spam” in a certain way, such as moving them to a special folder.

One scenario in which this is beneficial is when the anti-spam system does not have an end user self-service quarantine feature.  With this technique spam can be checked and false positives can be recovered by the end user out of their own accessible area, reducing administrative effort in responding to queries from users about missing email.

The downsides to this are that it puts potentially malicious spam within reach of the end user, who may click a link to a phishing site or take other undesirable action.  It also makes it necessary to store all spam in the Exchange Server databases, rather than keep it separate (or block it entirely).  This wastes storage not just on the server disks, but also in backups as well.

Quarantine It

This action moves the spam item to a special quarantine area and does not deliver it to the intended recipient.  Most anti-spam systems have some form of quarantine system available in them.

The benefit of this action is that it prevents end users from being exposed to spam emails, and also keeps the spam items out of the Exchange Server databases. Continue reading The Pros and Cons of 4 Ways for Handling Detected Spam»

When you install an anti-spam solution for your network, your first instinct may be to set it to be as strict as possible. With spam at an all time high it makes sense. Spam saps productivity and puts everyone on your company’s network at risk. However, before you tweak those settings, keep in mind that the stricter they are the more likely legit email may be blocked or diverted.

A couple of days ago I attempted to email a colleague. My email immediately bounced back with an error message saying it had been blocked by anti-spam software. The complaint seemed to be about the smiley I used, so I deleted it and re-sent my message. It was rejected again, and this time the complaint was about a link in the message. Deleted it and re-sent again and again it was rejected with a complaint about the fact the email was in HTML format. I converted it to plain text and re-sent and once again it was rejected.  Frustrated beyond belief, I gave up. Fortunately I had an alternate address for my colleague and was eventually able to get in touch but customers and prospective customers won’t have that luxury. If your anti-spam solution keeps rejecting their perfectly legit messages, they’ll give up and take their business elsewhere, and probably share their bad experience with their friends and family. Not the kind of word of mouth any company wants!

This is why it’s important to test your anti-spam solution with various types of emails to see what happens. If it’s rejecting everything you’ve got to make adjustments and fast. Blocking spam is important, but not at the expense of driving away customers and prospective customers!