FRAMINGHAM, 4 AUGUST 2008 - Spam is certainly not a new phenomenon, and although antispam is a 15-year-old industry that has made significant technological advances, many organizations still struggle with spam management.
Although it's impossible to eradicate spam completely from the Internet today, organizations can alleviate the problem by adopting recommended practices, from both policy and technological perspectives.
Policy Best Practices
When addressing anti-spam policies, companies should look to:
- Take a rough axe to the blatant spam messages. A one-size-fits-all spam definition will not work for any sizeable organization, but a baseline policy is needed to articulate what constitutes "definite spam." Forrester recommends that you block messages in the definite spam category, instead of quarantining them. Include all pornographic material, Phishing, and financial solicitation messages in the definite spam category. Depending on the nature of your business, you may find it useful to include other material in this category, such as newsletters, political campaigns, and product marketing messages.
- Adopt user- or group-specific filtering policies. On top of the baseline policy, Forrester recommend that organizations adopt user- or group-specific filtering policies, accounting for the distinct business roles of the users. For instance, you may want to deliver all marketing solicitation messages to your sales groups but block such messages for other departments. Similarly, you may elect to allow executable files for engineering personnel but drop them for others.
- Look for solutions that can integrate with other email security components. Antispam is only one aspect of your email security and management function. Other aspects include message transfer agent (MTA) functionality, content protection, and archiving. Your anti-spam solution should integrate and work seamlessly with the other components to deliver the acceptable level of management precision and performance.
Technological Best Practices
Organizations also need to implement the right technologies to address spam. Best practices include:
- Adopt connection management techniques. Connection management techniques include blacklists, whitelists, sender reputation, rate controls, and recipient verification -- everything that doesn't involve inspection of the actual content. Connection management implements a quick shock absorber for the incoming message stream and allows for the more selective application of heavyweight content analysis downstream.
- Leverage user self-management. To reduce administrative overhead, use an antispam solution that supports user-specific quarantine queues for self-management; ask users to manage the messages that are neither "definite spam" nor "definite legitimate." User-specific quarantine requires the antispam solution to have knowledge of the user accounts, which means it must integrate with user directories.
- Manage bounce notifications. Attackers are stepping up their reconnaissance efforts as spam campaigns become more targeted. One method spammers use to collect valid email addresses is directory harvesting and bounce notification. To counter this, organizations should limit the number of external bounce notifications for unreachable addresses. An example is to only send bounce notification to certain trusted domains or rate-limit the number of notifications to a single source. You should look to antispam technologies that support the implementation of such policies.
Sign up for Computerworld eNewsletters.