When You Are the Spammer
Virtually everyone has been the recipient of spam -- some malicious, some just a nuisance, all of it having an effect on productivity.
However, most enterprises don't think about their role in sending spam. According to an Osterman Research Survey Report, sponsored by Commtouch, outbound spam is a growing problem. And unfortunately, it can't be addressed with more traditional security-related fixes.
The three main sources of outbound spam are:
- zombies that reside on a network provider
- compromised accounts
- malicious use of e-mail accounts
Asaf Greiner, vice president of products at Commtouch, told me that he saw first-hand how outbound spam harms a business:
I set up my own IP address and found that almost all of my messages were locked. Some reached their final destination, but many were blocked. I was getting bounce-backs of messages. I found out that my IP address was blacklisted as a spamming IP because of the person who had used it previously.
It took him several days before he realized what had happened. Greiner had to prove that he was not a spammer and not associated with the former owner of the IP address. But once an IP address is locked, it is very hard to unlock it, he added. He was unable to communicate electronically with his customers, and when you can't be in touch with your customer base, your business suffers damage.
The key issue here, Greiner added, is that there isn't a real solution to the problem right now.
There's a feeling of helplessness throughout the report. Many professionals are working to fight outbound spam, but they are pitting the wrong resources at it.
Using traditional spam-fighting measures in reverse leads to too many false positives or blocking legitimate e-mail. Some service providers try to manually eliminate the offending addresses, but that is time consuming and essentially ineffective.
The report is enlightening in how it shows outbound spam as an increasing problem for ISPs and that enterprises need to be aware that they may be contributing to the problem of inbound spam. But there doesn't seem to be a security solution in how to protect your service provider from being turned into a spammer nor in how to find an effective fix to the problem.