Looking for ways to control the spam beast?
Here’s a primer to help you gain the upper hand
- By Maggie Biggs
- Apr 24, 2006
Spam may seem like a trivial nuisance, but it can significantly drain your network and server resources and hamper user productivity. Left unchecked, spam can consume network bandwidth, devour disk storage and lengthen backup times. Productivity suffers as users and administrators grapple with removing unsolicited commercial e-mail messages from mobile devices, chat interfaces, blogs and e-mail inboxes.
Industry experts say spam has increased more than 65 percent since 2002. On average, eight in 10 e-mail messages delivered to an inbox are spam. Why the rapid increase? It’s simple economics. The costs of hijacking e-mail addresses and sending spam are nearly nil for the spammers. Instead, spammers shift the costs associated with sending and receiving their virtual junk to your end of the connection.
Spammers know that no one is consistently enforcing antispam laws. With no pending legislation and no one imposing standards to curb the practice, spammers feel emboldened to expand their efforts, all in the name of making a few bucks.
Beyond the rising costs of controlling spam, another risk looms. Although response rates to spam are generally minuscule, spam is frequently the carrier of phishing attacks, viruses or other malware. If your users are unaware, they might receive, open or reply to such spam without knowing that their actions could open a huge security hole. Spam education is critical and urgent.
To gain the upper hand, best practices dictate the application of multiple techniques enterprisewide. Today’s spam-fighting techniques typically involve three main strategies: content filtering, traffic analysis and manual specification, which lets users establish block lists.
Many of the available tools support multiple techniques, which increases your spam-fighting success rate. For example, open-source antispam solution SpamAssassin uses several spam-fighting techniques, including header and text analysis; Bayesian filtering, which analyzes the
content of a message and assigns a spam probability; Domain Name System block lists; and the use of collaborative filtering databases.
Antispam tools sometimes inadvertently flag a message as spam when it is not — known as a false positive. As you evaluate antispam solutions, check closely for the frequency of false positives. A large number could negatively impact agency communications with the public, contractors and other organizations.
Building your antispam arsenal
Unless you manage only a small organization, you’ll likely need to consider employing a variety of antispam technologies.
1. Desktop PC solutions. Desktop antispam solutions are software-based and limited to content filtering and, in some cases, manual specification. Among other vendors, Trend Micro and McAfee offer some antispam solutions for desktop usage and others for the broader enterprise.
2. Server solutions. Enterprise products and services usually offer a broader array of antispam tools than desktop solutions, including in-depth content filtering, traffic analysis and manual specification. Many enterprise solutions support multiple algorithms to increase the chances of successfully repelling spam.
You can add enterprise antispam tools to e-mail servers, such as Microsoft Exchange and IBM Lotus Domino. You can also deploy one or more antispam appliances at the edges of your network to prevent spam from ever reaching your infrastructure. The latter type of solution tends to incur higher initial costs but reduces your e-mail servers’ load. Symantec’s Brightmail, IronPort Systems’ various solutions and CipherTrust’s products, which work on different parts of an infrastructure, are all solid bets in the enterprise antispam arena.
In addition, using an antispam appliance can be effective because it reduces the impact on your infrastructure. Many antispam appliances and other enterprise software solutions offer another benefit — centralized management.
For example, Webroot Software’s SpySweeper offers a centralized interface in which administrators can deploy and control antispam software on a large number of computers. Centralized administration goes beyond generic deployment tools because it helps execute tasks, such as antispam updates, and enables scheduled e-mail scans when convenient for the agency.
Centralized administration is also useful for reporting. Deploying an antispam strategy is not a one-time project. Because spammers change their methods, regularly reviewing antispam reporting and, in particular, analyzing antispam trends will reveal if your strategy remains effective or if it requires revision.
3. Service solutions. External antispam services, such as Postini or AppRiver’s Secure Tide, are another option. By using a service approach, you can stop spam before it reaches your enterprise. However, agencies must be mindful of service-level capabilities, such as security measures and company stability.
Many companies offer multiple types of antispam solutions, and others offer solutions that blend antispam tools with antivirus and firewall capabilities. Your e-mail server provider may also have suggestions about the best antispam solutions.
As much as spam is a moving, fluid target, antispam solutions are equally agile. Vendors are doing a fairly good job of meeting spammers head-on when it comes to e-mail. Agencies that regularly execute updates from major antispam providers or use a service can expect their e-mail infrastructures to remain largely free from spam with relatively few false positives.
But spammers are beginning to invade other forms of communications, including instant messaging, mobile devices and blogs. As in any good game of cat and mouse, spam techniques and the technologies that fend them off are evolving. So organizations need to continually reassess antispam strategies to ensure successful coverage.
Establishing a plan of action
Three primary concerns pertain to your purchase decisions for an antispam strategy. First, consider the effectiveness of the strategy and its solutions. Second, gauge the impact on your infrastructure. Third, evaluate the costs associated with killing spam before it affects your bottom line.
Because most antispam technologies cover the same ground, you should compare similar tasks on available solutions. For example, you might try implementing an outside antispam service together with an antispam plug-in on your e-mail servers for two weeks.
After the test, examine the quantity of spam that the service collected. Did it produce any false positives? Check your e-mail servers to measure how much spam the plug-in detected. What was the accuracy rate? Did the e-mail server performance monitors show any impact because of the use of the antispam plug-in? You will also want to examine how much spam reached agency computers.
Suppose your e-mail servers support a large number of accounts. In that case, it would likely be less effective to use a plug-in on the e-mail server because the demands of antispam activity could negatively affect users’ access to e-mail.
In such a situation, you would most likely want to implement an antispam service with one or more antispam appliances at the edge of your infrastructure. Then add antispam technology on desktop computers. That setup would be less taxing on your already busy e-mail servers.
Unless you’re dealing with a small network, you’ll likely need a multilayered approach using more than one antispam solution. Differences among deployments will include the location of solutions and the frequency of false positives. Look for solutions with the highest success rate and the lowest number of false positives.
Finally, after examining effectiveness and infrastructure impact, evaluate how the cost of your strategy will meld with agency budget requirements. Overall, pricing for desktop antispam tools is fairly competitive. But costs for server-side solutions, appliances and antispam services can vary greatly. Compare costs with effectiveness and infrastructure impact to realize your best antispam strategy.
Biggs, a senior engineer and freelance technical writer based in northern California, is a Federal Computer Week analyst. She can be reached at [email protected].