New Tactics in the War on Spam
It’s depressing but true that most of the e-mail directed to your company is e-mail you don’t want. Overall, about 70 percent of the e-mail most businesses receive is spam, but that percentage can vary widely, depending on how well-known your business is, how available its e-mail addresses are, and how often employees submit their e-mail addresses on other websites. For a visible company with widely available e-mail addresses, the percentage can be much higher -- 95 percent or even more. “At one company we worked with 99.7 percent of the e-mail received was spam,” notes Peter Firstbrook, research director at Gartner.
Spam overall continues to grow, experts say, driven by a simple economic reality: spamming is a pretty good way to make money. “The spam industry, if you can call it that, has evolved over time,” notes Bill Kasje, vice president of development for spam solution Abaca. “There are now development programs for spammers and people and organizations who specialize in different areas of enabling spam. There are people who control botnets and rent time on their botnets to spammers.” A “botnet” is a group of computers that have been taken over by malware, usually without their owners’ knowledge, and can be set to secretly send out spam or perform other tasks.
“Spam exists because it continues to provide real economic benefit to spammers,” Kasje says.
Spam-fighting tools have grown more sophisticated as well, with two important weapons now available in the never-ending fight against spam -- these should be components of whatever ant-spam solution you choose:
- Reputation Filter: A reputation filter examines the behavior of a website, automatically blocking those that send spam so that not only e-mail, but even mail connections are blocked;
- Tarpit: A tarpit slows down an incoming message, forcing the sending server to wait and retry after a few minutes. A legitimate e-mail application will do this, but spam generally won’t, since reaching the largest number of addresses in the shortest time is essential to spammers’ success.
When it comes to fighting spam, there used to be three viable options, Firstbrook says: using a hosted anti-spam service, using a gateway device to block spam, or installing spam-blocking software. Though software solutions such as SpamAssassin remain quite popular, the need to constantly maintain the software and update information means software may not be the best approach for a small company, according to Firstbrook. Instead, he recommends either a gateway device that filters all incoming e-mail, or a hosted service, which filters your e-mail at its servers, and passes legitimate messages along.
The advantage of a gateway is that it may give you better control over spam filtering, and may provide some peace of mind if, for security reasons, you’re uncomfortable having your mail on someone else’s servers. On the other hand, you’re responsible for the hardware, and for providing enough bandwidth to handle ever-growing mail volumes. If you’re considering a gateway device, here are some questions to ask:
- How frequently do you update? Gateway devices generally come with a connection to the maker’s servers, which automatically download new spam definition lists. You should find out how often these new definitions go out. Spammers often use the window between when a vulnerability is discovered and when that hole is closed to launch as much spam as they can.
- Real or virtual gateway? These days, virtualization means never having to buy specific hardware, so it might make sense to consider using virtualization to create a virtual email gateway instead.
- What if I increase bandwidth? Limited bandwidth can act as a tarpit, discouraging spam because access to your system is too slow. Therefore, it’s best to make sure spam is under control before increasing that bandwidth. “I’ve talked to companies that scaled up their bandwidth to help handle spam volume -- and their spam percentage immediately went up,” Firstbrook says.
Hosted anti-spam service
The argument for a hosted anti-spam service is that these services can respond to new spam threats instantly, with no delay while new information downloads to your gateway. They take most of the hassle out of fighting spam because you no longer have to worry about maintaining hardware or increasing bandwidth to handle e-mail. On the negative side, their system may not integrate quite as seamlessly with your e-mail application as a hardware solution would. If you’re interested in using hosted anti-spam, here are some questions to ask the provider:
- What are your guarantees? Does the provider offer a service level agreement (SLA) or other form of guarantee? If you can get one, an SLA provides added assurance that the service will work, and keep working.
- Is it customizable? Some services allow you to separately set filtering levels for messages that contain sexual words compared with, say, messages bearing business propositions from Nigeria. Given the particulars of your business, this might be handy: a medical practice, for instance, might not want to aggressively filter out messages mentioning body parts.
- What if I need other services later? Many anti-spam services have ancillary products such as archiving of (non-spam) e-mails, backup e-mail systems in case you are unable to use your usual e-mail software and other services. Even if you don’t need any of these right now, it’s a good idea to plan for the possibility that you might need them in the future, and negotiate option prices for the possible purchase of ancillary products at the same time as you make your original deal. “If you wait two years after you sign your contract, they’ll be less motivated to offer you a good deal,” Firstbrook says.
SIDEBAR: Popular Spam-Fighting Products
Here are some popular gateway appliances that fight spam:
IronPort, now part of Cisco, provides gateway appliances for large corporations, but its lower-end boxes are both effective and affordable for small businesses.
Secure Computing, recently acquired by McAfee, uses multi-layered techniques for added safety.
Abaca’s gateway security comes with a 99 percent accuracy guarantee.
There are also some hostedanti-spam services:
Postini, now owned by Google, offers low-cost and flexible spam solutions for even the smallest of companies, with the ability to scale as your company grows.
MessageLabs, recently acquired by Symantec, can both block spam and enforce company policy. The site keeps a monthly tally of spam percentage overall (69.7 percent in October).
Microsoft Exchange Hosted Filtering (formerly FrontBridge) blocks both inbound and outbound spam, as well as disaster recovery.