Spam fighter shares battle plan

The man who wrote the book on fighting spam said some of today's popular techniques work, but others don't.

This Content Component encountered an error

CHICAGO -- No one-size-fits-all fix solves the problem of unwanted e-mail, but IT managers can find the best way to block spam at their organizations simply by examining a few key aspects of their infrastructure.

To find the right antispam approach, IT decision makers must first gain a solid understanding of their end users' spam load, their e-mail administrators' skills sets and their company's overriding e-mail needs, said John R. Levine, founder of Taughannock Networks and co-chair of the Internet Research Task Force's Anti-Spam Research Group.

Levine, author of the popular book Internet for Dummies and the soon-to-be-released Fighting Spam for Dummies, offered spam-fighting advice to

Everybody who says [e-postage] is a good idea wants 10% of the action.


John R. Levine, author, antispam expert

,
attendees at last week's Enterprise Messaging Decisions 2004 conference.

The author, who has had the same e-mail address since 1993, knows the perils of spam first hand. He said that on a bad day, he gets about 30,000 e-mails -- about 500 of which are not spam. Even on a good day, only 50 of the 10,000 e-mail messages he receives are legitimate.

Levine said companies should also gain a solid understanding of what kind of e-mail needs to be filtered and where that e-mail filtering should take place.

Most often, enterprises are looking to filter e-mail that contains viruses, unwanted mail, unsolicited ads, unsolicited bulk e-mail and offensive mail. Some of the antispam products available today let businesses filter at points all along the messaging infrastructure, including the e-mail receiver's mail server and client-side e-mail program.

The big conundrum in the fight against spam is that the more spam you catch, the more real e-mail you lose, Levine said, referring to the fact that the number of false positives will rise in proportion to the amount of spam that is filtered.

What works, what doesn't

Levine also ran down a list of what he considers to be both good and bad spam blocking techniques.

He said that one of the most effective techniques is the use of e-mail blocking lists, or blacklists, which allow mail servers to automatically block or quarantine e-mail that comes from the addresses of known spam offenders.

Adaptive, or Bayesian, filters are also a proven form of spam filter that actually learns what e-mail constitutes

For more information

Find out why there's logic in moving beyond Bayesian filters

Read projections for the antispam software market

spam from past mistakes, and grow more effective over time, he said.

One of the techniques that made Levine's list of bad ideas for fighting spam is the challenge/response method. This is where unknown senders of e-mail are sent a message asking them to identify themselves. Levine said this method doesn't work very well because people find it annoying and oftentimes won't respond to the message.

Another bad idea, Levine said, is what is known as e-postage. Under this proposal, valid e-mail senders would be required to identify themselves by paying for and placing a virtual stamp on each e-mail they send. Levine said this is a horrible idea because it is unclear where all that money would go.

"Everybody who says [e-postage] is a good idea wants 10% of the action," Levine said.

Outside help

Many in the industry are turning to outsourced services to help keep spam at bay.

Reid Pearlman, manager of operations at Centex Construction Group in Dallas, said that his company outsources part of the job of scanning e-mail to a popular antispam service from Postini Inc. It is also looking at the possibility of outsourcing more of the administrative tasks related to unwanted e-mail.

Those tasks include building "whitelists," which block e-mail from everyone except for known senders, and sending out messages to end users asking them to check quarantined e-mail files for false positives.

One thing Pearlman said he really likes about the Postini service is that IT managers can globally administer the system's default settings to manage where the mail finally ends up.

Donald Pelka, director of IT for Viskase Companies Inc., a manufacturer of artificial hot dog casings in Willowbrook, Ill., said his company uses Microsoft Exchange servers to handle the incoming e-mail for about 450 users spread out all over the world.

He said that outsourcing the task of fighting spam and viruses probably isn't the right route for his company because it has enough manpower and expertise on staff to combat spam.

"Everything that we've identified as spam is now quarantined," Pelka said. "It's pretty effective and I think a lot of people are saying, 'Hey, I'm not getting a lot of spam anymore.'"

Pelka said he is investigating new ways of fighting the problem internally, including blocking user access to Web sites that might lead to more spam.

TechTarget is the organizer of Enterprise Messaging Decisions 2004 and owner of the family of Web sites that includes SearchExchange.com.

Dig deeper on Spam and virus protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close