Spam is a growing problem where the net is concerned. Some 40 trillion spam messages are expected to be sent in 2008. However, we've rounded up 8 tips that will help your combat spam more effectively, ensuring you get the message you want and not the ones you don't.
5. Choose blacklists and reputation lists wisely
If your organisation relies on a blacklist or reputation list to stop spam, Jennings urges you to consider carefully which one to use. He points out that many spam filter products let the customer configure the product as to which blacklist, if any, to use.
When choosing a blacklist, Jennings recommends that you check the management policies of the lists. For example, some blacklists and reputation lists are driven purely by user complaints, says GWU's Briggs, and relying on them will invariably lead to false positives.
Not sure where to start? Ask your spam filter vendor for recommendations, suggests Jennings.
It's also important to keep up with the status of your blacklist or reputation list. Jennings cites the example of ORDB, a blacklist that was shut down in 2006, but which nonetheless still received queries from systems following the shutdown. These queries, according to Jennings, overwhelmed the servers that had housed ORDB, preventing the former ORDB administrators from doing other work. (In other words, the queries amounted to a denial-of-service attack, unintentional though it was.)
In early 2008, to stop these queries, the operators brought ORDB back online but set it up to flag every IP address reported to it as a spam source, the only way, they believed, to gain the attention of email administrators and get them to stop querying ORDB. Had these administrators been more alert to begin with, they would have investigated, discovered that ORDB was going away and redesigned their procedures accordingly, without requiring drastic measures from the ORDB operators.
6. Make sure you're not sending out spam
If spam goes out from your systems, even unintentionally, it hurts your reputation and increases the likelihood you'll end up on spam blacklists. If you send enough spam, Jennings says, your reputation may suffer to the point that you will have trouble sending legitimate email.
A three-pronged approach will help keep your reputation intact:
First, suggests Stephen Pao, vice president of product management at security vendor Barracuda Networks, curb your users' questionable web browsing. If users visit dangerous or objectionable sites, malware from those sites could be installed on their computers, which could then be used to send spam from your systems. To prevent this, set clear acceptable-use policies and deploy web monitoring or filtering software from a trusted security vendor such as Websense or Sophos on your users' systems. Note that monitoring your employees' web use could involve legal and privacy issues, so be sure that you are complying with any applicable statutes, giving your users appropriate notice if necessary.
Along the same lines, Pao recommends that you stay up to date with security patches and virus and malware definitions to ensure that spammers can't take over your systems and use them to send spam.
Finally, Jennings recommends using outbound filtering to make absolutely sure no spam is being sent from your systems.
em>NEXT PAGE: Check your own spam reputation