Corporate SPAM and how to prevent it

[This information was obtained from an article in PCmag]

Fighting Corporate Spam

• 10 Tips for Fighting Corporate Spam
• Corporate Antispam Tools~Know Your Enemy: How Spammers Operate
• Corporate Antispam Tools~Mail Servers Play Catch-Up: Built-In Antispam Tools

• Product: Postini Perimeter Manager

Postini Perimeter Manager is a balanced antispam solution that will please both administrators and end users. The hosted service combines versatile Web-based administration with leading-edge technology for detecting directory harvest attacks.

During our tests, Postini's accuracy was less than ideal. But it does a good job with the realities of administering even complex enterprises by delegating spam-fighting chores to ordinary users and designated administrators.

Directing our mail flow to Postini's spam-filtering servers allowed us to tap a global network of data centers with a different approach to attacking spam. Postini's servers look at raw SMTP packets for telltale patterns of spam activity. One advantage of this is that messages are processed in real time (as they are in the hardware-based CipherTrust IronMail 210). Another advantage is a defense against directory harvest attacks-a technique spammers use to gather addresses of members of your organization by running scripts against SMTP. Postini's data centers rely on Solaris and Intel x86 hardware running Oracle and proprietary software.

The administrative control offered by Postini Perimeter Manager leads the pack. The Web-based console provides good granular control of organizations and users. The solution's support for delegated administration, offering different levels of rights, is unmatched. That said, we found several of the administration screens a bit overcrowded with settings.

For basic configuration against spam, Perimeter Manager let us choose among categories to block, such as bulk e-mail, pornography, get-rich-quick schemes, and special offers. (Postini offers e-mail antivirus protection licensed from McAfee at extra cost.) You can also set whitelists and blacklists manually using the Approved and Blocked Sender features.

Perimeter Manager's reporting is above average though not as powerful as that of SurfControl E-mail Filter. We especially like the graphical snapshot of current e-mail activity. Beyond this, you can view e-mail traffic, blocked e-mails, and stopped viruses by IP address, domain, user, or category. For further traffic analysis, you can download any reports as CSV files via links on the report pages.

One drawback is that the traffic report is not much more than a dump of a log file. We'd prefer to see an HTML presentation of data rather than just raw text. Postini's e-mail alerts, however, are outstanding, with an option to reach wireless pagers and PDAs.

Nonadminstrators can modify their own spam settings using the Postini Message Center, which is decidedly simpler and more approachable than the administrative interface. It shows quarantined e-mail and provides options to deliver or delete messages. Better yet, you can choose to whitelist or blacklist specific addresses.

We also like Postini's support for wireless technology, unique among the products we reviewed. Using this feature, Postini can automatically forward copies of e-mail to your PDA-a basic but useful function.

Postini's solution offers plenty of customization if you need it, but digging into the administrative features is largely optional. The other hosted products in this review are turnkey solutions and don't let you delegate as much control to different groups. And as more and more spammers make use of directory harvesting, other antispam solution providers will have to catch up with a problem Postini has already solved with its innovative technology.

10 Tips for Fighting Corporate Spam

Implementing a server-side spam-blocking product should be your first step toward fending off junk e-mail. Beyond this, the IT department can take steps to reduce the volume of spam entering your company:

1. Write down the company's policies on e-mail and Web usage and make sure employees read them. Provide detailed instructions for how employees should deal with inappropriate e-mail. A good policy also specifies whether employees can sign up for newsletters and Web sites that require e-mail addresses. All employees should sign the policy agreement.

2. Tell employees that they should never respond to spam, even to be taken off the mailing list, as this is often just a way for the spammer to confirm that an address is real.

3. Don't post clear links to your employees' e-mail addresses on your Web site. Instead, mung them, or display them in a way that a machine cannot read. One way to do this is to publish them as John_Doe[at-sign]microblob.com or John_Doe@ microblob[REMOVE THIS].com. Always include instructions on how to use these addresses. Guidelines on how to do this are at http://members.aol.com/emailfaq/mungfaq.html.

4. Limit or even disallow personal e-mails-especially those e-greeting cards! You may consider prohibiting the use of profanity, as this can greatly help with setting up your filtering tool.

5. Require employees to mung their e-mail addresses-or use alternative addresses-in newsgroup discussions and any online chatting.

6. Don't use guessable e-mail addresses like firstname.lastname@company.com. Instead, add a random number to names. This makes it harder for spammers to guess the addresses.

7. Set employees' Web browsers to the recommended security level. If the security level isn't stringent enough, bots may grab employees' e-mail addresses when they visit Web sites.

8. Make sure your firewall is configured to block all unrequested traffic.

9. Install antivirus protection at the gateway, server, and desktop levels. Viruses can mess with your e-mail setup. Use an antivirus product from a different vendor at each level: If one solution doesn't catch an intruder, another may.

10. Make sure your mail server isn't acting as an open relay. Find out how at http://mail-abuse.org/tsi/ar-fix.html.

Corporate Antispam Tools
Know Your Enemy: How Spammers Operate

Spammers gather e-mail addresses wherever they can-Web sites, Internet white and yellow pages, newsgroups, chat rooms, mailing lists, and domain registrations. They trick your browser into revealing your e-mail address without your knowledge, con you into giving it out via chain letters and bogus offers, and dupe you with e-mail containing scripts that send back not only your e-mail address but also your entire address book. Or they simply guess at addresses and eliminate any that bounce. If they're lazy, they just buy a mailing list from someone else who uses these techniques.

A spambot is a tool that starts with a Web search, scrapes all the e-mail addresses from the first page it finds, and then follows links to related sites, collecting more addresses as it goes. Site owners can protect themselves from spambots by redirecting them to a page that's free of e-mail addresses. For details, see www.turnstep.com/spambot.

Chat rooms are paradises for spammers, who use specialized harvester programs for AOL chat rooms and profile lists. AOL names are considered desirable, because the service appeals to Internet newcomers, who are more likely to respond to spam and less likely to have antispam solutions in place. For harvesting e-mail addresses of more sophisticated users, spammers scour public lists of domain registrations.

Browsers can also be tricked into revealing your e-mail address as you surf. JavaScripts can instruct your browser to send e-mail with your address to a specified location. Some browsers give your address to every site you visit. To see whether yours does, go to www.privacy.net/analyze.

Once a spammer has a list of addresses, the next challenge is to send lots of e-mail to all those addresses. The problem is twofold: The spammer has to find an SMTP server that can handle the mail and hide his identity to avoid repercussions. Spam is prohibited by virtually all ISPs, and spammers will lose their accounts if they're caught.

Hiding your identity by falsifying header information is illegal in many states, and several federal laws are being considered to make it illegal nationwide (see www.spamlaws.com for details). But identity hiding is nevertheless supported by many bulk e-mail programs. Using others' mail servers without permission will also be illegal if Congress passes the "Can Spam Act," but spammers can currently buy programs that search the Internet for open relays or buy lists of open-relay IP addresses. Open relays are unprotected servers that send out e-mail from any source. The sender doesn't have to identify himself either through his IP address or the newer authentication technique based on usernames and passwords.

One option is to set up a desktop mail server. There's even a company that offers an address harvester as a companion to its desktop mail server. An easier but more expensive approach is to use one of many bulk mail services with their own mail servers. These companies offer mailing lists for purchase and IP addresses that can't be traced back to a spammer.

With each customer blasting out millions of e-mail messages on a regular basis, how do bulk e-mail services handle the load? Some of them use special-purpose e-mail server appliances that can send out as many as a million e-mail messages an hour-the equivalent of ten traditional servers.

A mass e-mailing can be either perfectly benign or completely offensive. Unfortunately, the tools that are good for the first kind work just as well for the latter.

Corporate Antispam Tools
Mail Servers Play Catch-Up: Built-In Antispam Tools

No room in the budget for a full-fledged antispam product? You can block a modicum of spam simply by changing settings in your e-mail server. The latest versions of the most popular e-mail servers, Lotus Domino 6 and Microsoft Exchange 2000 Server, offer a few tools for blocking spam. Still more tools will be available in Microsoft's Exchange follow-up, code-named Titanium, due this summer.

Domino 6, released in October, lets you block spam using real-time black-hole lists, or RBLs. An RBL, such as the Mail Abuse Prevention System (http://mail-abuse.org), is essentially a catalog of IP addresses from which spam messages have been sent in the past or that currently are open relays, which spammers frequently use as conduits for their messages.

By making a few changes to Domino's configuration document, you can set the program to reject all messages from addresses on a particular RBL. Or, if you're worried about rejecting more than just spam-many legitimate businesses unwittingly configure their servers as open relays-you can take alternative action when e-mail arrives from addresses on RBLs, like creating a log of such messages or tagging each one to warn recipients that it may contain spam. Unfortunately, many industry analysts don't recommend RBLs for fighting spam-especially as the sole strategy.

Exchange can't tie into RBLs as easily as Domino does, but it does let you block spam using other methods. You can set up a makeshift RBL, for instance, telling the server to block all messages that come from certain IP addresses or that are sent to more than a given number of people. And you can perform a reverse DNS lookup on each message, checking to see whether the message's IP address can be matched to a valid host name. For a discussion of how to prevent spam using Exchange alone, go to http://support.microsoft.com/default.aspx?scid=kb;en-us;319356.

Much like Domino, Titanium will let you check messages against public RBLs. It will also provide several hooks into its antivirus API that will let seasoned programmers easily build their own antispam tools. Unless you augment your e-mail server with your own antispam tools, it isn't likely to block much of the spam streaming into your organization. Spammers have learned to work their way around RBLs and reverse DNS lookups. But for those who can't afford a standalone antispam product, Exchange and Domino offer at least some protection.

[Site Map to War on Viruses] [Spam Prevention]