5 Things the Boss Should Know About Spam Fighting 168
Esther Schindler writes "Sysadmins and email administrators were asked to identify the one thing they wish the CIO understood about their efforts to fight spam. The CIO website is now running their five most important tips, in an effort to educate the corporate brass. Recommendations are mostly along the lines of informing corporate management; letting bosses know that there is no 'silver bullet', and that the battle will never really end. There's also a suggestion to educate on technical matters, bringing executives into the loop on terms like SMTP and POP. Their first recommendation, though, is to make sure no mail is lost. 'This is a risk management practice, and you need to decide where you want to put your risk. Would you rather risk getting spam with lower risk of losing/delaying messages you actually wanted to get, or would you rather risk losing/delaying legitimate messages with lower risk of spam? You can't have both, no matter how loudly you scream.'"
Nothing lost? (Score:4, Informative)
Their first recommendation, though, is to make sure no mail is lost.
Nice goal, but you are going to lose mail. It is either going to get buried in the pile of spam or misclassified as spam by your software and pitched. What you need to do is pick an acceptable level -- it is all about trade-offs.
I like to REJECT (not bounce!) spam, so when you accidentally mark good stuff as spam, the sender has a chance to get the message to you later.
Five Things Everybody Needs To Know About Spam (Score:5, Informative)
1. Content filtering is not a solution.
I hate to say it, but it's the truth. Filtering mail based on what's in the e-mail message is a never-ending battle that does not work. It slows down mail service, causes legitimate mail to be blocked more often than using RBLs, and violates peoples privacy, costs more money to maintain and makes the mail system inherently less efficient and reliable.
E-mail used to be instantaneous. Now it isn't, because all the major ISPs toss their mail into big queues where they go over it and file it away or pass it on. If you send something to a Bellsouth users nowadays, they *might* get it 6+ hours later! Stupid, content filtering doesn't work and creates worse problems.
2. The Spam problem is mostly a law enforcement issue and not a technological issue.
99.9% of spammers break the law. The reason why spamming is such a problem is because national and international authorities won't get off their lazy asses and prosecute the spammers for the laws they break. In the end, you'll do more to reduce spam by petitioning your local district attorney to prosecute spammers than installing some obnoxious cpu-chewing filter that will become obsolete within two weeks. And no, the jurisdiction issue is bogus. Technology exists to track all these spammers right back to where they are. There are spammers all over the world and especially in the U.S. that can and should be in jail right now, but they're not because the Feds are more interested in going after people like Tommy Chong. Call your D.A. Call your Congressman. Complain that your reps aren't putting these guys in jail.
When I say "spam" I mean the big spam operations. The industry can easily police itself of low-level, incompetent opt-in schemes, but that's not the real "spam" problem we're talking about.
3. Don't listen to the anti-virus/anti-spyware software companies.
These companies make their living off of spam. There is an inherent conflict of interest in relying on Symantec or any other company to be trusted to help deal with the spam problem. They need spam and they'll never do what's necessary to stop spam from becoming more of a problem. This is analagous to why car manufacturers won't build more reliable/efficient cars when they are capable of doing so -- it's not profitable for them. Stop looking to McAffee or any of these other foxes to be trusted in helping you guard your henhouse.
4. Most anti-spam methods do nothing to stop spam, except relay blacklisting.
Spammers steal bandwidth, violate peoples' security, tamper with third-party computers and bog down the Internet. Content-based filtering does not hurt spammers. RBLs do. Relay blacklisting is the single most effective deterrent in the war on spam. PERIOD. No other method both stops spam, and makes it exponentially more expensive and troublesome for spammers to do their job.
Relay blacklisting works. If you don't like RBLs, chances are you just had a bad experience with a bad one. Try a different one or create your own. They work. They work exceptionally well and best of all, they save bandwidth and resources from the spammer's grimy hands. They also have the added benefit of stopping the propagation of worms and punishing irresponsible ISPs who allow their zombie users to pollute the Internet. There is NO BETTER THING CURRENTLY you can do to combat the spam war than by feeding and using RBLs (aside from following #2 and complaining that spammers aren't being prosecuted).
5. There are not that many spam operations. The spam epidemic is not unstoppable.
The amount of spam going around on the Internet has increased but only proportionally to the amount of user and bandwidth growth, and not due to more and more people getting into the spam business. A cursory examination of most spam clearly indicates that there are
Re:It's all doom and gloom, eh? (Score:3, Informative)
That is such a small number of users, that you anecdotal evidence is meaningless.
You don't get spam because you don't have many users sending mail, your users are in a controlled corporate environment that (probably) keeps their machines virus/trojan/spyware free, your users probably are somewhat careful to only use their "work e-mail" for "work-related" stuff, and you have a domain that isn't very widely-known.
Try running an ISP with hundreds of thousands of users, a large percentage of which have viruses on their machines, and with a domain name that is a target of spammers (because you have so many users).
200 users is NOTHING. Until you are processing hundreds-of-thousands of messages per hour, you don't know how difficult it is to stop spam.
Re:Nothing lost? (Score:3, Informative)
I know several people has said it on this thread and on almost all mail/spam threads, but it can't be stressed enough: Reject the message on the SMTP phase! DO NOT accept the message and then bounce it. I guess viruses you can discard if you want, but DO NOT bounce them!
Exchange admins, please configure your server to properly reject unknown users. Thanks.
Re:So, don't use verizon.com, etc.? (Score:3, Informative)
Should CIO's stop using Verizon, ATT and XO until they clean up their act?
Yes
The list . (Score:1, Informative)
1. Lose No Mail.
2. There's No Silver Bullet.
3. It's a Continuous Battle. Budget Accordingly.
4. Understand the Basics of E-mail Technology.
5. People are Making Money on Spam. Respond Appropriately.
#4 is pretty funny: Boss? Understand basic technology? Buahahahahaha! That's a good one.
Re:Nothing lost? (Score:4, Informative)
Just to be clear:
- Eve is a spammer sending mail
- Clueless ISP (clueless.xxx) is being used to send the spam
- Alice's address (alice@alicedomain.xxx) is being forged by Eve
- Bob at bobdomain.xxx is the intended receiver for the spam
Typically Eve sends an amazing offer "from" alice@alicedomain.xxx through clueless.com to bob@bobdomain.xxx. If Bob bounces the spam, it would go from bobdomain.xxx directly to alicedomain.xxx. I suspect this is what you are seeing, and happens because Bob is doing his spam filtering after he has accepted the message from clueless.xxx.If Bob rejects the spam while in the process of receiving it from clueless.xxx, clueless.xxx would get a bad status code. Chances are the mail program is just a bot which would ignore the error (or retry the same message a couple of times). If Eve is using an MTA on clueless like exim or sendmail, and it is badly configured, then Alice might see a bounce message generated by clueless.xxx. Alice can complain to the administrators at clueless, or get clueless added to RBLs. The good news for Alice in this situation is that she isn't dealing with thousands of bots. In any case, Bob didn't send a bounce message, he just didn't accept the incoming mail.
Rejecting spam at the SMTP level is the best practice, and is different than bouncing spam.