How your business can combat spam

June 27, 2008

There are many common security measures that should be in place on your company’s e-mail servers, but you can help yourself in the fight against “spam” – unwanted e-mail messages and solicitations.

You really need only to be aware of what you are doing online, including:  

1. Do not provide your e-mail address to pop-open browser windows that say you can win something if you put your e-mail address in.

2. Do not respond with a “remove me from your sender’s list.” Doing this just confirms that your address is active and you will increase the amount of spam that you get.  

Instead, contact your IT staff or consultant and have them contact the company or individual who is hosting the mail server where the message originated and report the messages as abuse. You can also add the sender to your e-mail filters “black list” and have the mail filter block it before it reaches your inbox.

3. When you sign up on message boards, be sure to check the box that alludes to “keep my e-mail address private.” This prevents bots (automated programs that search the Web for information) from locating your address off a Web page and then placing it into a spammer’s known e-mail database.

4. Do not put your e-mail address on a Web forum or review page (or anywhere public on the Internet). The spammer’s bots will search the Web for e-mail addresses on pages and then add them to the spammer’s known e-mail database.

5. Do create an account using a free e-mail service (there are many available, so take your pick) and use that when registering on forums or in places that you need to provide an e-mail address for communication. Use this account to communicate online where you do not need to keep in close contact.  

A good example of this is if you are signing up on a message board or registering for another service that requests your e-mail address.  If you need to communicate with someone about something serious (business relationship, family, etc.) provide them with your actual e-mail account but only after you are sure you can trust them.  

If this free e-mail account is spammed you can simply delete it and create a new account and start over.

6. Do know what you are agreeing to when signing up for a service. Read the entire acceptance and agreement policy that is stated. Look out for language suggesting that your e-mail address may be resold or shared with others. If it is, or even seems like it might be, do not sign up.

What’s new in spam filters

Spam filters have changed over the past few years. Today the most common method is the Bayesian filtering method.

Essentially, it filters spam based on the statistical probability of certain words that it finds in the e-mail [being] spam related.

The increased occurrence of these words in the mail, the higher the probability that the e-mail is spam. Spammers attempt to circumvent these filters by adding in large phrases of words that are more likely to be contained in a legitimate e-mail. This skews the probability calculations and therefore the possibility of the spam message not being caught increases.

Embedding the spam message in an image and then placing that into the e-mail also can be used as a method of bypassing the filter; however, one can adjust the filter to not permit e-mails with only images in the body. In the future, the more certain way to know if a message is spam or not is for the filter to actually read the e-mail and then make a decision on whether the message is spam or not. Obviously this raises privacy concerns.

When and why filters fail

Spam filters can fail to filter junk due to falsified subject lines, false to/from headers, falsified sending domains, and by using images in the body of the e-mail instead of text.  

Spammers know this and take advantage of these loopholes.

Many companies combat this by installing spam filtering and blocking software on their mail servers or by installing a dedicated filtering appliance or device in order to examine the incoming mail for spam and other malicious files or content before the mail is placed in the user’s inbox.

Written by Ben Isla  |  Filed Under Technology 

Comments

Got something to say?