17 June 2005
Spam, spam everywhere -- How can we control it?
Spammers get e-mail addresses from a variety of sources, Laplante says. "Robot" harvesters traverse the Web and collect e-mail addresses posted on Web sites. Spammers share email lists with each other and obtain legitimate lists under false pretenses. They can randomly generate e-mail addresses too -- all they need to know is the domain name (e.g. "anywhere.com") and they can create random combinations of user IDs until they hit real users. "Anytime you give your e-mail address in exchange for free information posted to the Web it becomes fair game for the spammers," says Laplante. "Finally, even when you give your e-mail address to a legitimate correspondent or business partner, it might inadvertently end up in the hands of a spammer." Even though spammers know that most recipients delete the e-mail without reading it, and that spam filters and bad addresses keep many of their e-mails from reaching their intended targets, spamming can still be very profitable. Sending spam isn't free -- there are costs involved in obtaining the addresses, preparing the lists, sending the e-mails, supporting the spam site, etc. -- but the cost of doing so is quite low, probably around 1/100 of a cent per e-mail sent. If only one e-mail in 100,000 yields a successful business transaction, depending on the product, the profit can be significant. So, how do you stop getting so much spam? Well, there is no way to prevent spam completely, says Laplante. This is an "arms race" and the spammers develop counter-measures for every new technique developed to stop them. But you can reduce spam by taking a number of precautions. First, use and aggressively maintain whatever spam-blocking feature your mail client provides. Microsoft Outlook has a pretty good spam filter if you maintain the rules database faithfully. There are commercial spam-blocking products, too, and some freebies, but this is not the place for an analysis of these. Also, stop giving away your e-mail address so freely. If you don't have to give your e-mail address in exchange for "product updates," don't do it. Be careful how you post your e-mail address to your Web site. If it is posted in text format, a harvester will eventually grab it. You can embed your e-mail address in an image -- this makes it nearly impossible for a harvester to find it. Finally don't ever buy a product introduced to you via spam. If the economics didn't work out for the spammer, they would stop doing it. Unfortunately, there are always suckers out there who can't resist a "bargain."
Hotmail with Outlook Express
A recently added feature of Outlook Express (it's included in version 6, which comes with Windows XP) is the ability to read your Hotmail messages. This gives you an easier to use and nicer way to compose and read messages, compared to accessing Hotmail through a browser. If you are familiar with the features of Outlook Express for reading regular POP3 email, you will really appreciate having the same format and tools for using Hotmail.Sponsored LinksMicrosoft Outlook Add-InsMust have add-ins for Outlook 2000, 2002 and 2003. Need help with Email or Outlook Express?Post your question in the Forum!To set up a Hotmail account with Outlook Express, first open it from the Start Menu. If this is the first time you are opening OE, you will automatically find yourself in the new account wizard. If you have already been using OE, and you want to add a Hotmail account, click the Tools menu, then click "Accounts..." Click the Add button, then choose "Mail..." Enter a display name for you to use to reference the account, then click Next. Then enter in your Hotmail email address and click Next. Make sure that your email server is HTTP, and your provider is Hotmail, and click Next. Verify your email address, and enter your password (optional). if you leave the password field blank, you will be prompted for it each time you open Hotmail in OE. Click Next, then Finish to complete the setup. You may be prompted to download the folders from Hotmail; choose Yes to be able to read your Hotmail email now.OE will not really download your messages - instead it synchronizes them with the Hotmail web server. This can actually be convenient if you switch back and forth between using OE and using Hotmail from a browser. If you receive many messages, or have a really slow network connection, you may want to change your synchronization settings. Right-click the Inbox (or any folder), and hold the mouse cursor over "Synchronization Settings," then click "Headers Only." This means that only the title of the messages will be downloaded into OE, and the message itself won't be downloaded until you open it. This is also handy for SPAM, which you can delete without opening it.
Spam Fighting: To Bounce or Not to Bounce?
What is the largest headache caused by spam? Many sites find that once you get decent filtering in place and start identifying spam, a new problem that crops up is just a disconcerting: Deciding what to do with it.
Software such as amavisd-new, a front-end for SpamAssassin and virus filters, leaves the ultimate decision up to the administrator. That is, what do we do with e-mail that has been identified as spam? The options are: use before-queue filtering to not accept it in the first place, send a delivery status notification (DSN) notifying the party that their e-mail was not delivered, or just silently discard the email. All of these options have consequences, and some are more hair-raising than others.
Option 1: DSNs, aka Bouncing In this first scenario, a mail server will accept most email, and then subject it to spam and virus filtering before delivering it to a user's mailbox. If the e-mail is determined to be spam, it isn't delivered to the user, and a DSN is sent to the address in the From: header, notifying the sender that delivery was not successful.
This is problematic for many reasons. Most critical, is the fact that the From: header in spam is rarely correct. In fact, it is possibly claiming to be from someone you know, since spammers have been known to harvest e-mail addresses from people's address books. Sending a DSN to someone who didn't send e-mail in the first place causes confusion, and results in support calls from the confused user who thinks their e-mail account has been compromised.
When servers start falling over due to extensive resource consumption, many people turn to silently dropping spam.Even more detrimental to productivity, sending DSNs to addresses or domains that don't exist will cause the bounces to pile up on the mail server, since they can't be handed off to another server. Thousands of e-mail messages sitting in the mail queue will jeopardize system resources and can effectively clog mail services for legitimate mail. Most organizations find this to be the most difficult aspect of dealing with spam.
Option 2: Silently Discarding Once a message has been accepted and eventually identified as spam, another option is to simply discard the message. This completely solves the problem of a mail server crumbling from having too much mail in the queue, but is perhaps just as problematic. If e-mail is falsely identified as spam, and the sender isn't notified that delivery failed, the sender will just assume everything was delivered as usual.
Clearly this is less than optimal, but when servers start falling over due to extensive resource consumption, many people turn to silently dropping spam. Oftentimes, silently discarding e-mail is an intermediate step between DSNs and before-queue filtering. David Ernst of HoosierNet said it was a question of keeping the mail flowing at all. "Well," he noted, "something had to be done. We can grind the service to a halt if we try to process all of those return-to-senders. So, it made the difference between working and not working."
Many people in this position opt to use a hybrid system of still sending DSNs, but cleaning the queue periodically to discard ones that cannot be sent.
Option 3: Don't Accept it at All Ideally we want to identify spam while the sending server is still connected, and tell them that delivery isn't going to happen. This means that the sending server has to deal with it, and in the case of a spammer, it simply means that sending failed. "Just don't accept it" is quite easy to say, but sometimes tricky to implement.
Also on Spam at ENP
Tuneups and Tweaks for the Better Spam-Trap
Realtime Black-hole Lists: Heroic Spam Fighters or Crazed Vigilantes?
Who Goes There? An End to the Spam War?
Study: End Users Need More Anti-Spam Education
Sign Your Users Up in the War on Spam and Viruses
Some mail servers, such as postfix and sendmail, have the ability to hand messages to another program before sending them to the queue for final delivery. This provides the ability for the second program to scan mail for viruses and spam, and report the status to the mail server. If the message is identified as spam, the server, which has not yet reported to the sending server "delivery accepted," now has the option of reporting an error. There is no need to send a DSN, since we never accepted the suspicious message in the first place.
Best PracticesImplementing spam and virus checking isn't very difficult. Depending on the mail server, implementing spam filtering such that it is able to reject spam before the SMTP session is over can be difficult. Two widely used mail servers, postfix and sendmail, both have the ability to utilize amavisd-new. Amavisd-new is a favorite, since it provides a nice and simple way to implement spam and virus checking, so we feel it deserves special mention.
Sendmail has the milter interface, which allows anyone to program add-ons to sendmail. The amavis-milter will hand off mail to amavisd-new, which in turn runs SpamAssassin and virus checking. Amavisd-new will also check attachments, and can extract data from zip files and many other types of archives to check for viruses and spam. Configuring this in postfix is even simpler, since it only requires one change in the configuration file, plus the addition of another smtpd process.
Email is increasingly frustrating to manage. We sometimes want to receive messages from people we don't know, so e-mail is designed to reflect that. People have implemented systems where a sender has to verify himself the first time they send email, but that type of system doesn't always work. For instance, users always want to receive automated messages when they purchase things online, and those messages are normally sent from an address that people don't monitor, making "sender verification" impossible.
One thing that's clear is that sending DSN messages for spam is very bad practice. Users are confused when they receive a DSN for mail they didn't send, and dropping spam silently will lead to lost email. The best option is to complete all virus and spam checking before accepting the mail for delivery, then report "success" to the sending server. Aside from the fact that this option tends to make the most sense, in most cases it also conserves system resources
Software such as amavisd-new, a front-end for SpamAssassin and virus filters, leaves the ultimate decision up to the administrator. That is, what do we do with e-mail that has been identified as spam? The options are: use before-queue filtering to not accept it in the first place, send a delivery status notification (DSN) notifying the party that their e-mail was not delivered, or just silently discard the email. All of these options have consequences, and some are more hair-raising than others.
Option 1: DSNs, aka Bouncing In this first scenario, a mail server will accept most email, and then subject it to spam and virus filtering before delivering it to a user's mailbox. If the e-mail is determined to be spam, it isn't delivered to the user, and a DSN is sent to the address in the From: header, notifying the sender that delivery was not successful.
This is problematic for many reasons. Most critical, is the fact that the From: header in spam is rarely correct. In fact, it is possibly claiming to be from someone you know, since spammers have been known to harvest e-mail addresses from people's address books. Sending a DSN to someone who didn't send e-mail in the first place causes confusion, and results in support calls from the confused user who thinks their e-mail account has been compromised.
When servers start falling over due to extensive resource consumption, many people turn to silently dropping spam.Even more detrimental to productivity, sending DSNs to addresses or domains that don't exist will cause the bounces to pile up on the mail server, since they can't be handed off to another server. Thousands of e-mail messages sitting in the mail queue will jeopardize system resources and can effectively clog mail services for legitimate mail. Most organizations find this to be the most difficult aspect of dealing with spam.
Option 2: Silently Discarding Once a message has been accepted and eventually identified as spam, another option is to simply discard the message. This completely solves the problem of a mail server crumbling from having too much mail in the queue, but is perhaps just as problematic. If e-mail is falsely identified as spam, and the sender isn't notified that delivery failed, the sender will just assume everything was delivered as usual.
Clearly this is less than optimal, but when servers start falling over due to extensive resource consumption, many people turn to silently dropping spam. Oftentimes, silently discarding e-mail is an intermediate step between DSNs and before-queue filtering. David Ernst of HoosierNet said it was a question of keeping the mail flowing at all. "Well," he noted, "something had to be done. We can grind the service to a halt if we try to process all of those return-to-senders. So, it made the difference between working and not working."
Many people in this position opt to use a hybrid system of still sending DSNs, but cleaning the queue periodically to discard ones that cannot be sent.
Option 3: Don't Accept it at All Ideally we want to identify spam while the sending server is still connected, and tell them that delivery isn't going to happen. This means that the sending server has to deal with it, and in the case of a spammer, it simply means that sending failed. "Just don't accept it" is quite easy to say, but sometimes tricky to implement.
Also on Spam at ENP
Tuneups and Tweaks for the Better Spam-Trap
Realtime Black-hole Lists: Heroic Spam Fighters or Crazed Vigilantes?
Who Goes There? An End to the Spam War?
Study: End Users Need More Anti-Spam Education
Sign Your Users Up in the War on Spam and Viruses
Some mail servers, such as postfix and sendmail, have the ability to hand messages to another program before sending them to the queue for final delivery. This provides the ability for the second program to scan mail for viruses and spam, and report the status to the mail server. If the message is identified as spam, the server, which has not yet reported to the sending server "delivery accepted," now has the option of reporting an error. There is no need to send a DSN, since we never accepted the suspicious message in the first place.
Best PracticesImplementing spam and virus checking isn't very difficult. Depending on the mail server, implementing spam filtering such that it is able to reject spam before the SMTP session is over can be difficult. Two widely used mail servers, postfix and sendmail, both have the ability to utilize amavisd-new. Amavisd-new is a favorite, since it provides a nice and simple way to implement spam and virus checking, so we feel it deserves special mention.
Sendmail has the milter interface, which allows anyone to program add-ons to sendmail. The amavis-milter will hand off mail to amavisd-new, which in turn runs SpamAssassin and virus checking. Amavisd-new will also check attachments, and can extract data from zip files and many other types of archives to check for viruses and spam. Configuring this in postfix is even simpler, since it only requires one change in the configuration file, plus the addition of another smtpd process.
Email is increasingly frustrating to manage. We sometimes want to receive messages from people we don't know, so e-mail is designed to reflect that. People have implemented systems where a sender has to verify himself the first time they send email, but that type of system doesn't always work. For instance, users always want to receive automated messages when they purchase things online, and those messages are normally sent from an address that people don't monitor, making "sender verification" impossible.
One thing that's clear is that sending DSN messages for spam is very bad practice. Users are confused when they receive a DSN for mail they didn't send, and dropping spam silently will lead to lost email. The best option is to complete all virus and spam checking before accepting the mail for delivery, then report "success" to the sending server. Aside from the fact that this option tends to make the most sense, in most cases it also conserves system resources
Gmail thinks Match email is spam
Match sent out a periodic email urging members to check out new features that have been covered here previously. In the irony department, I see that the email tells reader to add @connect.match.com to their Safe Senders email address list. Then I look over at the ads Gmail has selected as contextually relevant and I see ads for Spam filters. Sometimes my Match email, and email from other dating services, ends up in the spam box, and others it goes through fine. I hate managing whitelists and rely on Google's fairly robust spam filters but the results seem to be spotty.
I wish all dating services would offer their member updates and weekly emails as RSS feeds, much easier to manage, won't get stuck in spam filters and since newsreaders can now display html fairly reliably publishers don't loose the richness of html email
I wish all dating services would offer their member updates and weekly emails as RSS feeds, much easier to manage, won't get stuck in spam filters and since newsreaders can now display html fairly reliably publishers don't loose the richness of html email
Tech Stocks in Motion
Shares of Japanese Internet company Internet Initiative Japan (IIJI:Nasdaq - commentary - research) rose 18.8% after the company said it would provide Toshiba with antispam software in two parts: IIJ Edge Filter and IIJ Spam Mail Filter. The Edge Filter identifies and restricts mass spam that is sent to a single server. The Spam Filter determines a spam rating for all incoming mail and filters them on that basis. Toshiba saw a 30% drop in mail traffic after the implementation of the Edge Filter, and the performance is expected to increase after the Spam Filter is brought online. The stock finished up $2.20 to $13.90.
Shares of satellite and wireless communications provider ViaSat (VSAT:Nasdaq - commentary - research) traded up 3.6% after the company won a $60 million delivery order for multifunctional information distribution system terminals from the Space and Naval Warfare Systems Command in San Diego. The system provides secure, high-capacity, jam-resistant digital data and voice communications capability for the U.S. armed forces. Delivery for the Lot 6 units is expected to begin in April of next year and continue through the fourth quarter of ViaSat's fiscal year 2007. The stock closed up 77 cents to $22.04.
if (!disablePopup()) {
if (document.cookie.indexOf("ad_cookie") == -1) {
document.write('');
} else {
var cookieKval = readCookie('ad_cookie');
document.write('');
}
} else {
document.write('');
}
Intel (INTC:Nasdaq - commentary - research) set up a $200 million venture capital fund that will invest in Chinese technology companies developing hardware and software services. The Intel Capital China Technology Fund will invest in companies that complement Intel's technology initiatives and will help further build the Internet infrastructure in China. "We will invest in Chinese companies to accelerate technology adoption locally and to foster development of innovative technologies with potential for global distribution," said CEO Paul Otellini. The stock finished up 2 cents to $27.
Shares of electronic power converter company American Superconductor (AMSC:Nasdaq - commentary - research) traded up 23.6% after it was upgraded by Needham Equity Research to buy from hold. The firm cited valuation and long-term prospects, saying the recent selloff is unwarranted. Though the firm doesn't see the company reaching profitability until fiscal 2007, it has placed an $11 price target on the stock. American Superconductor closed up $1.82 to $9.45.
Shares of satellite and wireless communications provider ViaSat (VSAT:Nasdaq - commentary - research) traded up 3.6% after the company won a $60 million delivery order for multifunctional information distribution system terminals from the Space and Naval Warfare Systems Command in San Diego. The system provides secure, high-capacity, jam-resistant digital data and voice communications capability for the U.S. armed forces. Delivery for the Lot 6 units is expected to begin in April of next year and continue through the fourth quarter of ViaSat's fiscal year 2007. The stock closed up 77 cents to $22.04.
if (!disablePopup()) {
if (document.cookie.indexOf("ad_cookie") == -1) {
document.write('');
} else {
var cookieKval = readCookie('ad_cookie');
document.write('');
}
} else {
document.write('');
}
Intel (INTC:Nasdaq - commentary - research) set up a $200 million venture capital fund that will invest in Chinese technology companies developing hardware and software services. The Intel Capital China Technology Fund will invest in companies that complement Intel's technology initiatives and will help further build the Internet infrastructure in China. "We will invest in Chinese companies to accelerate technology adoption locally and to foster development of innovative technologies with potential for global distribution," said CEO Paul Otellini. The stock finished up 2 cents to $27.
Shares of electronic power converter company American Superconductor (AMSC:Nasdaq - commentary - research) traded up 23.6% after it was upgraded by Needham Equity Research to buy from hold. The firm cited valuation and long-term prospects, saying the recent selloff is unwarranted. Though the firm doesn't see the company reaching profitability until fiscal 2007, it has placed an $11 price target on the stock. American Superconductor closed up $1.82 to $9.45.
E-mail security appliances are good news for users
The announcement by value-added distributor AmVia that it has released a range of high performance e-mail security appliances to the local market is music to the ears of those seeking a maintenance-free answer to securing enterprise mail servers.
The IronPort C-Series of Mail Transfer Agent (MTA) gateway appliances provide advanced threat protection against virus attacks, spam, false-positives, denial of service (DoS) attacks, misdirected bounces and phishing (fraud), and enable corporate e-mail policy enforcement, all from a single, centralised box.
Comments Kevin Hurwitz, MD of AmVia: "IronPort boxes are geared to provide the CIO with a single solution for a multi-faceted problem. The C-Series offers solutions for small through large businesses, serving as a gateway to send and receive e-mail, while filtering incoming messages for spam and viruses, and outgoing mail for adherence to corporate and regulatory policies. You simply plug it in, set it up and then it is pretty much maintenance- and administration-free thereafter."
IronPort uses Symantec Brightmail Anti-Spam to detect spam, while Sophos Anti-Virus with its unique DoS prevention, powers its virus protection functionality. Updates are pushed to the box automatically, to ensure up to date protection.
The C-Series appliances are built on IronPort Systems' high performance MTA platform, to address the requirements of modern e-mail gateways and to position customers for the future of SMTP. This platform ensures the user's e-mail infrastructure can withstand even the largest virus outbreaks or spam attacks. At the same time, it is cost-effective, compact and saves users countless hours of IT administration time.
In a typical installation, IronPort would be integrated between the firewall and the Groupware layers. From this location, it is easily administered, even in a complex network, thanks to IronPort's E-mail Security Manager, which provides administrators with total control, at their fingertips, to manage all e-mail security, including preventative and reactive anti-spam and anti-virus filters, e-mail encryption and content filtering.
The IronPort C-Series is available in three incarnations, the C10, C30 and C60, for companies up to 500 employees, small and medium enterprises and large enterprises and ISPs, respectively.
Hurwitz concludes: "IronPort e-mail security appliances are exciting new offerings in the e-mail hygiene space and have taken the world by storm. In a recent report evaluating e-mail security vendors, the Meta Group awarded IronPort the leading position. Of all the vendors featured, only IronPort received a perfect score for spam blocking, virus blocking and MTA/anomaly detection. All told, we fully expect the products to fare very well indeed in the local market.
The IronPort C-Series of Mail Transfer Agent (MTA) gateway appliances provide advanced threat protection against virus attacks, spam, false-positives, denial of service (DoS) attacks, misdirected bounces and phishing (fraud), and enable corporate e-mail policy enforcement, all from a single, centralised box.
Comments Kevin Hurwitz, MD of AmVia: "IronPort boxes are geared to provide the CIO with a single solution for a multi-faceted problem. The C-Series offers solutions for small through large businesses, serving as a gateway to send and receive e-mail, while filtering incoming messages for spam and viruses, and outgoing mail for adherence to corporate and regulatory policies. You simply plug it in, set it up and then it is pretty much maintenance- and administration-free thereafter."
IronPort uses Symantec Brightmail Anti-Spam to detect spam, while Sophos Anti-Virus with its unique DoS prevention, powers its virus protection functionality. Updates are pushed to the box automatically, to ensure up to date protection.
The C-Series appliances are built on IronPort Systems' high performance MTA platform, to address the requirements of modern e-mail gateways and to position customers for the future of SMTP. This platform ensures the user's e-mail infrastructure can withstand even the largest virus outbreaks or spam attacks. At the same time, it is cost-effective, compact and saves users countless hours of IT administration time.
In a typical installation, IronPort would be integrated between the firewall and the Groupware layers. From this location, it is easily administered, even in a complex network, thanks to IronPort's E-mail Security Manager, which provides administrators with total control, at their fingertips, to manage all e-mail security, including preventative and reactive anti-spam and anti-virus filters, e-mail encryption and content filtering.
The IronPort C-Series is available in three incarnations, the C10, C30 and C60, for companies up to 500 employees, small and medium enterprises and large enterprises and ISPs, respectively.
Hurwitz concludes: "IronPort e-mail security appliances are exciting new offerings in the e-mail hygiene space and have taken the world by storm. In a recent report evaluating e-mail security vendors, the Meta Group awarded IronPort the leading position. Of all the vendors featured, only IronPort received a perfect score for spam blocking, virus blocking and MTA/anomaly detection. All told, we fully expect the products to fare very well indeed in the local market.
Informz joins bonded e-mail sender program
The Saratoga Springs online-marketing company is putting up a cash bond that would be debited if Informz or one of its clients is the subject of a spam complaint.
Under the system, which is operated by New York City-based Return Path Inc., Informz ensures that its messages and those of its clients will get delivered to the 35,000 Internet service providers, corporations and universities taking part in the program.
Members of the Return Path Bonded Sender Program, as the voluntary system is known, receive a bonded sender "seal of approval" for having a good e-mailing record. Systems administrators in turn agree not to block the material using spam filters.
"Bonded sender certification is yet another tool that we can use to improve e-mail deliverability for our clients," said Joe Tyler, Informz CEO. "Further, it identifies Informz as a responsible member of the e-mail marketing community."
As a reseller of Return Path's product, Informz will charge its customers an annual fee in return for certifying them as having a good e-mail record, and posting a bond on their behalf. If a spam complaint is filed, the bond would be debited, with the proceeds going to a non-profit organization.
"The Bonded Sender Program only accepts e-mail providers that meet the strictest e-mail standards," said George Bilbrey, vice president and general manager of Return Path's Deliverability Assurance Solutions. "Because Informz meets the reseller standards for this service, their customers can now benefit by working with them to be accredited and accepted into the program."
Under the system, which is operated by New York City-based Return Path Inc., Informz ensures that its messages and those of its clients will get delivered to the 35,000 Internet service providers, corporations and universities taking part in the program.
Members of the Return Path Bonded Sender Program, as the voluntary system is known, receive a bonded sender "seal of approval" for having a good e-mailing record. Systems administrators in turn agree not to block the material using spam filters.
"Bonded sender certification is yet another tool that we can use to improve e-mail deliverability for our clients," said Joe Tyler, Informz CEO. "Further, it identifies Informz as a responsible member of the e-mail marketing community."
As a reseller of Return Path's product, Informz will charge its customers an annual fee in return for certifying them as having a good e-mail record, and posting a bond on their behalf. If a spam complaint is filed, the bond would be debited, with the proceeds going to a non-profit organization.
"The Bonded Sender Program only accepts e-mail providers that meet the strictest e-mail standards," said George Bilbrey, vice president and general manager of Return Path's Deliverability Assurance Solutions. "Because Informz meets the reseller standards for this service, their customers can now benefit by working with them to be accredited and accepted into the program."
