When I told my wife I was writing a story about stamping out spam she was pretty excited because she never could understand how I could eat that stuff. (Personally I love it!) I know it’s an old joke. What I really want to talk about is email spam, how it is evolving and the steps you can take to reduce it in your organization.

Is my anti-spam solution working?

If you’ve noticed an increase in spam you’re right! There are actually two things occurring. First, the volume of spam has grown by over 15% in the last six months. In fact, it is estimated that over 85% of all e-mail traffic is now spam. Second, spam firms are always looking for and finding new ways to get around spam filters. Until recently you probably saw a lot of emails where the message was actually an image rather than text. However anti-spam technology has evolved rapidly to identify and stop image spam. Within a mere six months image spam has almost stopped.

What’s the latest spam ploy?

Now it’s fake greeting cards or “attachment” spam. You receive an innocent looking message that asks you to open an attachment. In many cases it looks like a greeting card. When you open the attachment, your PC can be hijacked and turned into a “zombie” that can be used to forward more spam without your knowledge. Who knew The Night of the Living Dead was more truth than fiction.

A spammer’s main goal is to get you to go click on a web link or URL. Often it’s to get you to look at a product, call a phone number, buy a stock or order some form of medication (as if any of us really need to be any bigger!) So pay attention. It’s easy to fall prey to an innocent looking e-mail that says “Hey John - click here to see pictures from our vacation!”

Now my filter is blocking good messages!

Yep - here’s the flip side to the issue. As anti-spam filters become increasingly sophisticated, the prospect of a false positive has grown. So what to do? Quite often administrators will “white list” the domain of the sender. However, remember our earlier statement about zombie machines? Who’s to say that the server you trust today won’t be infected tomorrow? Obviously sometimes you will need to white list a domain, just don’t be indiscriminate. Better to white list an individual e-mail instead.

I also see people do things like enter the subject in all capital letters or give a short “Guess what ?????” subject with a string of punctuation. Anti-spam filters use content to identify spam. If your e-mails look like spam, they get treated like spam.

We’ve also noticed that AOL accounts seem to bounce e-mails more than other services. I think they are trying to provide protection to their customers but sometimes it goes a little overboard.

Is there anything else to worry about?

Yes, stopping spam is an ongoing process but the good news is that technology is moving fast to keep up. The best defense is a dedicated anti-spam appliance that sits in front of your email server. You don’t want your email server spending all its time monitoring for spam and slowing down. The anti-spam device we employ at Awecomm monitors for all of the following items:

• Anti-spam
• Anti-virus - Might was well check for viruses at the same time. Don’t let emails get through with viruses that a user might open.
• Anti-phish - protects from schemes often used to gather confidential information about an organization or its users.
• Anti-spy (attachments) - scans attachments for spyware executables and delete.
• Anti-spoof - prevents the use of forged or “spoofed” sender addresses on unsolicited emails.
• Denial of Service protection - use rules to prevent denial of service attacks.

There are also anti-spam services and anti-spam software you can run locally, but a hardware solution is going to be faster. Take a look at your budget and overall requirements. With any solution make sure there is a competent subscription service in place to update the rules and scanning mechanisms on a regular basis.

Here are some additional tips:

1. Never reply to spam messages even if you are given a “remove” option. Instead use your Outlook or anti-spam service to block the message. (Most systems have a plug-in that lets you tell the service whether to mark or unmark a message as spam). The only time you may want to respond is if you know the e-mail is from a reliable source.
2. Do not open attachments from a source you are unfamiliar with. If necessary call the individual to confirm first.
3. Don’t send your email address through chat rooms or instant message services.
4. Don’t put direct e-mail links on your web site. This one is far too easy to pickup. Instead, for example, use a hyperlink from your name. Even better is to use a form that uses a processing script to resolve the email address. It helps to even keep email addresses out of the site HTML.
5. Make sure you “opt out” of receiving free or additional information from a web site. A lot of sites have a flag that defaults to “Send me more information”. Make sure to uncheck it.
6. If you are just checking out a site and aren’t sure if you will go back you can always enter a fake e-mail address if one is required.

There are obviously a lot of issues to deal with when it comes to spam. Complicating this scenario is the fact that the nature of spam is changing all the time. Spam identification and elimination solutions will constantly evolve. However the cost on the organization in terms of wasted time or possible outright damage to your network is too substantial to ignore. You will need to be proactive and don’t be surprised to see spikes in activity. But if you have a good solution in place you should see it adapt to the challenge.

Sources:

Barracuda networks white papers. http://www.barracudanetworks.com/ns/support/white_papers.php

Personal experience fighting the fight!

MSNBC articles on spam

Filed under: Business Articles on September 5th, 2007 |