Spam Cleaning with the Big Boys - Page 3

By Steven J. Vaughan-Nichols | Posted Nov 5, 2003
Page 3 of 3   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Set 'em and Forget 'em? No Way

You'll also need to plan to constantly look at how well your spam protection is actually working. In my experience, SpamAssassin particularly needs a constant eye on it lest it start letting more spam through while increasing its false positive rate. This is also true of the other programs, but with the commercial products, changes in spam patterns are usually reflected in these programs' regular updates.

The choice is yours. SpamAssassin will run great, especially if you have someone constantly managing it. The others require less attention, but you'll need to purchase a long-term support contract to be safe. To me, the key factor is your network or e-mail administrator's level of expertise. If they're already comfortable working with complex procmail or the like scripting, SpamAssassin is probably the better option. On the other hand, if they're still stumbling around Exchange's graphical interface, it will be more cost effective to go with a commercial program.

Regardless of how you update and manage your spam program, the simple truth is that you simply can't set them up once and forget about them. Just as spammers are always changing the way they send spam, you must constantly be on the alert for these changes and adjust your spam filters accordingly. Yes, it's a pain, but there's no choice in the matter.

Consider two years ago, if an e-mail came in with a valid "From" header, you could safely assume that it was a perfectly fine e-mail. Today, with forged headers being a part of every spammer's toolbox, only a fool would assume that just because the "From" field looks OK that the mail isn't necessarily spam.

You also need to keep your users informed of the ways they can slow down spam. For example, encourage them not to put their real e-mail addresses on public Web sites or postings. Instead, a format like joeREMOVE@vna1.com will let any human reader know that chances are Joe can be reached at joe@vna1.com, while bot programs that collect addresses from the Web will faithfully collect the bogus address.

At the same time, though, some user-based anti-spam ideas actually do more harm than good. For example, sending out fake 'bounce' or 'notice of spam' messages to spammers won't do much good. In the first case, with fake headers being all the rage, sending someone a note falsely telling them that their message didn't arrive or that their message is spam is highly unlikely to actually reach the real sender.

All this will do is eat up more network traffic and annoy the innocent user on the other end of the Internet line. And even if the message does get to a spammer, why in the world do you think they'd care? Spamming relies upon sheer volume; its senders already know that their success rate is going to be in the 0.01% range per message sent.

No, the only real answer is to install a gateway side server program to stop spam and then ensure it's continually managed. You can forget about a magic anti-spam program or law coming along and re-setting the e-mail server clock back to 1997. It's not going to happen, and if you want to keep your users happy and your e-mail costs down, you should put a server-based solution in sooner rather than later.

Feature courtesy of EITPlanet.

» See All Articles by Columnist Steven J. Vaughan-Nichols

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter