2. Let employees know they should never respond to spam.
3. Do not post employees' e-mail addresses on a company web site. Many marketers use e-mail mining software that scans entire web sites in a matter of seconds and locates all of the posted e-mail addresses.
4. Limit or even disallow personal e-mail.
5. Set employees' web browsers to the recommended security level. If the security level is not set properly, bots may grab employees' e-mail addresses when they visit web sites.
6. Make sure there is a firewall in place and configure it to block all un-requested traffic.
7. Make sure your internal mail servers are not acting as an open relay. To find out how visit http://mail-abuse.org. This site allows you to test your mail severs for open relays as well as provides instructions for repairing an open relay.
Installing a server-side spam-blocking product should be the next step your IT department takes toward controlling junk e-mail. Currently there are three ways this can be accomplished:
- through an off-site service
- an in-house software installation
- a hardware device connected to your network.
Off-site services such as Postini, MessageLabs, and Big Fish, can block spam before it ever reaches your network. These companies will intercept your incoming e-mail messages and scan them for spam. Most services can also scan for viruses and even scan your outgoing mail and not allow messages to leave your company containing certain key words you can define. The benefits to an outside service include software updates, fixes, and configuration changes done by the service provider, allowing network administrators to focus on more mission critical projects. Off-site services also cut down on a company's network traffic, only the good messages are being sent to the internal mail servers for delivery.
Software applications designed to block spam come in a two flavors, client based and server based. Server based refers to software loaded onto the company's servers, which collect all e-mail received, scan the e-mail, and relay only the valid messages on to the company's mail servers. A server-side solution is typically only one instance of the software loaded onto your systems, so that applying updates, fixes, and configuration changes is only necessary on one computer. There is also more internal control than with a service solution. The drawback to this solution is it can be costly if you have a large amount of e-mail addresses and can also be technically challenging for the average IT department to install and configure.
The client based design is loaded directly on to the end-user's computer and all incoming
|
messages, including the spam, have already gone through the company's mail server and leave the scanning up to a users local computer. A client-side solution is best suited for a home user or smaller size company with 10 or fewer computers. The benefits of this approach are that it is typically inexpensive and can easily be installed and configured. The drawbacks are that every computer must be updated and configured individually and all messages, including the spam, have already traveled through the network creating additional traffic. Also, scanning of all e-mails at the user level creates an additional burden on the local computers' resources.
Some server-based solutions include:
Anti-Spam 4.0
IronMail
MailEssentials
MailMarshall
MailSWAT
MailSweeper
SurfControl
Some client-based solutions include:
JunkSpy 2.02
MailWasher 2.0
Matador 1.0
SpamAssassin Pro 2003
SpamButcher 1.3
SpamCatcher 2.1
SpamKiller
SpamNet 1.0
Hardware appliances such as CipherTrust's IronMail are a high-end solution for large corporations looking for an all-around spam fighting, network intrusion detection solution. This is basically a pre-configured computer, which is placed into an existing network. The benefits of such a device is even though there are still configuration changes and tweaking which must be done, one can simply drop this device in place and be up and running in minutes. The drawbacks of such a product are that it is very expensive and because it is so advanced all the configurable options may be a bit overwhelming.
No matter which solution you may decide to implement, none of these are 100% accurate and the possibility of capturing legitimate e-mail as spam is quite real. Eliminating these false positives while still attempting to capture as much true spam as possible is a real challenge. Carefully read reviews and download trial versions of software when possible, before making a final decision as to which solution is best for you.
The computer forensics team at Kessler International can provide insight and solutions for your stickiest Information Technology problems. In addition to assisting in the creation of corporate computer usage policies, Kessler International can provide Internet monitoring, data recovery, and a host of other related services. With Kessler International, you are able to trace hostile emails to their source, ending harassment and abuse. Call Kessler International today and learn how our computer forensics services can be put to work for you.
|
