Spam is universally agreed to be unsolicited bulk e-mail. This mail may or may not be of a commercial nature. The usual purpose of sending out such mail is for marketing.
One of the more recent uses of spam is using it for disinformation. As an extreme case, it can become a tool for corporate or political misinformation. Spam could also be a potential weapon in
cyberwarfare.
Sometimes, spam has more sinister purposes-of bringing down mail servers and networks by bombarding them with useless messages. This is also called 'mail bombing' but the messages sent are spam. Or it could be used in phishing attacks or similar scams.
Though not relevant to this story, the word 'spam' has two other meanings. One
is the attempt by 'search engine optimization' operators (SEOs) to gain higher search-engine rankings by repeatedly submitting the same content with variously disguised URLs.
The other and original meaning has to do with a brand of canned pork, from Hormel stands for 'Shoulder of Pork
And Ham'.
Identifying spam The basic foundation of the idea that you can eliminate spam comes from the fact that spam is identifiable. Further, a mere 200 operators around the world are responsible for about 80% of the spam that lands in your mailboxes. And every one of them in known and documented.
But if all this is true, how come these operators are still around? What they do is register to a set of domains, buy ISP services to spam from, and send out millions of e-mail in about three months' time.
|
Then they set up another set of domains and jump to a different set of ISPs. At a time, each of them have dozens of domains and aliases running.
The best part seems to be that they need not even be in the same area as their ISP and the ISP is either clueless about the whole thing or chooses to turn a blind eye to what's going on.
Anti-spam measures
So, what are the resources and solutions available to you to eliminate spam? We have identified a few key concepts and solutions for you that are both easy to implement and are not very costly either. Anti-spam arsenal can be broadly classified into three categories-prevention techniques that avoid your addresses getting onto a mailing list, solutions that can help you deal with any spam that arrives and resources you can turn to for further research or help.
One way to win the war against spam is to avoid getting it altogether. To do this, your IT policy must strongly state and force implementation of a few simple mechanisms. These are nothing new and have been known and well-documented from the early days of spam. This first of these is: never provide your e-mail addresses on a public 'Web page'. A 'Web page' can be hosted on a website, a forum or a newsgroup. Humans no longer need to physically harvest addresses from a Web page. Automated programs called 'bots' roam the Web, pulling pages and scanning them for e-mail address like patterns. These are logged into mailing lists that are then exchanged with other spam operators. Thus, your biggest problem is eliminated if these bots don't get hold of your e-mail address.
There are situations when you would want someone to read a Web page to contact you. Web forms that allow the visitor to
write back to you is the best way, since the recipient's address is never revealed.
Solutions
All major mail servers have vendor-provided or third-party applications that
filter out the spam. For Exchange, there is Service Pack 1 (on the PCQEssential CD), besides applications from Hexamail, GFI MailEssentials, Cloudmark and BitDefender among others. Domino has (again) BitDefender, SpamEraser and MailFlower. SpamAssassin supports procmail, sendmail, Postfix and qmail among others.
There are appliances like the IronPort C10 (see review in this issue) that specialize in mail filtering. There is software that work with the major mail servers. Notable among these are Symantec BrightMail AntiSpam, Norton AntiSpam and MessageLabs AntiSpam 4.0. An Indian solution, SpamJadoo claims to stop spammers by 'locking' your e-mail address (we haven't tested it yet). SpamJadoo also provides virtual e-mail addresses that you can use to subscribe to newsletters or use for temporary purposes. These addresses can be monitored or even turned off when their need is over. The MessageLabs hosted service claims 100 % filter rates.
|
You and your ISP
Is a lot of your mail is not reaching the recipients? The reason could be that they are bounced as spam, because of previous spam activity. Puzzled? Head over to a block-list and query this IP address. Chances are that you'll find it listed there. Sometimes, your company may do legitimate mailing. Now, if a significant number of your mail recipients report such mail as spam to one of the blocklists, the outgoing IP address(es) start getting blocked by mail servers. A lot of times, you as the IT department are not aware of such mailing. Therefore, it becomes more critical that you check the listings periodically to ensure you aren't listed. If you are, when you take corrective action, you are removed .
When you buy your IP address, check if it is listed in a block list. If it is, your ISP must get the address removed. This brings us to a new issue. How cooperative is your ISP in getting your spam problems solved? As we said earlier, the ISP has a crucial role to play in the war against
spam!
Remember that if they are allowing spammers to freely operate out of their network, they maynot act to solve your spam problems.
Krishna Kumar and Sujay V Sarma