3 Criteria for Controlling Enterprise Spam

3 Criteria for Controlling Enterprise Spam
Author: CipherTrust

Or: T*ake Y O U R email ba & ack + From the Sp@mmers! 0400constrictor bubble snake informational

The Spam Problem

According to Meta Group, “Companies are routinely getting 20,000 daily spam messages, putting significant burden (e.g. bandwidth and storage consumption) on mail relays, SMTP gateways, and internal mail servers.”

To make matters worse, companies have invested millions of dollars in spam-fighting technologies that have been rendered obsolete within months of purchase by the innovation of spammers who have found ways to thwart new technologies along the way. Examples of spammer ingenuity abound. As recently as mid-2003 Bayesian logic was touted as the immutable defense against spam, but by early 2004, most spam had evolved to be “Bayesian-proof”. There are even programs available for download on the internet that will “test” your spam for you before you send it to make sure it will get past the spam filters.

Clearly, the solution is to partner with a company that specializes in fighting spam. Who you choose is a crucial step because you don’t want your solution to become obsolete within a few months, and you certainly don’t want to create a problem with false positives.

Criteria 1 – Diversity – The Cocktail Approach to Filtering Spam

The first step in addressing spam is identifying it. But, unlike viruses, spam identification is not straightforward. There is no “smoking gun” that clearly indicates to a detection system that a message is a spam. For instance, the common approach of looking for keywords such as “Viagra” or “Free”, misses many spams. The method of blocking known spammer IP addresses lags and does nothing to deter determined spammers. Any effective spam detection system must employ multiple techniques for identifying and measuring the probability that a message is spam including the newer heuristic analysis and real-time collaborative spam filtering tools.

Criteria 2 – Flexibility – Different Strokes for Different Folks

A fundamental issue with spam is defining what exactly constitutes spam. One person may consider any bulk e-mail spam, while another highly values the opt-in bulk e-mails they receive. Different organizations may have policies with very different definitions of what is allowed. A good anti-spam solution must allow administrators to enforce these different rules and even allow them to apply different rules to different users, preferably by integrating with policy tools and user databases such as LDAP directories. It should be able to support differing thresholds for different spam results and adjustable confidence values in spam detection techniques. It should allow administrators to customize responses for inbound or outbound traffic. Rules should allow re-labeling, blocking and quarantining of messages, as well as a test mode where rules are tried without impacting mail flow. Ideally, your solution will include an integrated policy manager, which enforces corporate policy across the entire e-mail system, and allows different rule sets for different users and groups.

Criteria 3 – Expertise – Know Thy Enemy

Spammers are constantly improving their methods, particularly as corporations have finally begun to fight back. Vendors must be able to develop and deploy policies, signatures, keywords and values to corporations using their solution. They should be developed based on data from a distributed network of customers and other Internet detection points by a team of spam blocking experts. Only by constant improvement can any solution continue to be responsive to spammers even in the face of new threats.

About the Author

CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, “Securing the E-mail Boundary: An overview of IronMail” or by visiting www.ciphertrust.com.