By Calvin Sun, Network World Asia
Spam. It fills our in-boxes, wastes our time and spreads malware -- and it's only getting worse. According to Ferris Research, which studies messaging and content control, 40 trillion spam messages will be sent in 2008, costing businesses more than US$140 billion worldwide -- a significant increase from the 18 trillion sent in 2006 and the 30 trillion in 2007.
In theory, e-mail filtering software and appliances allow "good" e-mail messages to pass through while stopping spam. But the filters can mistakenly allow spam to pass through (a false negative), or they can mistakenly block valid e-mail (a false positive).
Typically, after identifying a message as spam, the filtering software either blocks it or quarantines it, letting the recipient review it later. Although the latter method provides a chance to retrieve false positives, it requires time and effort that users often won't spare.
Users and organizations that receive spam pay about four cents per message to delete it, according to Ferris. But Richi Jennings, a Ferris analyst and a Computerworld.com blogger, says the cost of locating missing valid e-mails is far greater -- about $3.50 per message.
Even worse, Jennings says, is that organizations can incur potentially greater costs through missed opportunities because of false positives they never see -- such as a request for proposal that a consulting firm fails to receive.
Combating False Positives
On both the sending and the receiving ends, minimizing false positives is critical for your organization. Here are some steps you can take.
1. Use a spam filter. False positives can leave you wondering if you should simply toss your spam filter. Don't.
False positives can occur even without a filter, such as when a user, seeing multiple spam subjects in an in-box, manually hits "delete" multiple times, not realizing that buried within the list is a legitimate e-mail. A state-of-the-art spam filter catches 97% to 99% of spam, says Jennings, thus helping prevent erroneous manual deletions.
2. Locate your filter at the network DMZ. A "demilitarized zone" in the context of a computer network is an area that buffers the private internal network from the public Internet. Systems in the DMZ are vulnerable to attacks from the outside, but they protect the internal network from outside attacks. Putting your spam filter at the DMZ allows it to monitor the characteristics of the connection and acquire more information about incoming e-mail messages, which can be critical to determining whether a message is spam, says Jennings.
3. Invest in newer technologies. Trade old, keyword-based technologies for newer ones, such as graylisting tools (see story, next page), says Michael Briggs, director of information technology at George Washington University Law School.
4. Enlist users to help maintain your whitelist. Users are constantly developing relationships with new clients, vendors and other contacts. If you rely on a whitelist of trusted senders, remind users to keep you informed of new contacts so their messages get through quickly and don't risk being flagged as spam.
Better yet, let users set their own spam filter parameters, says Andrew Lochart, vice president of product marketing at e-mail security vendor Proofpoint Inc.
Some business travelers, for instance, might actually want weekly airline or car rental notices.
5. Choose blacklists and reputation lists wisely. Jennings points out that many spam filters let the customer choose which blacklist, if any, to use. If your organization relies on a blacklist to stop spam, he recommends that you check the management policies of the lists. Briggs notes that some are driven purely by user complaints, so relying on them will invariably lead to false positives.
6. Make sure you're not a spammer. If spam goes out from your systems, even unintentionally, it can hurt your reputation and increase the likelihood that you'll end up on spam blacklists. If your e-mail address appears in the "from" line of enough spam, Jennings says, your reputation may suffer to the point that you will have trouble sending legitimate e-mail.
A three-pronged approach will help keep your reputation intact:
* Curb your users' questionable Web browsing, suggests Stephen Pao, vice president of product management at security vendor Barracuda Networks . If users visit dangerous or objectionable sites, malware from those sites could be installed on their computers, which could then be used to send spam.
* Stay up to date with security patches and virus and malware definitions to ensure that spammers can't take over your systems and use them to send spam, Pao says.
* Use outbound filtering to make absolutely sure no spam is being sent from your systems, Jennings suggests.
7. Check your own spam reputation. If your organization is on a blacklist, your recipients might not receive your outgoing e-mail. Lochart recommends regularly checking your own reputation by visiting sites such as Habeas.com, which provides companies with a free reputation check and helps them manage their online reputations.
If you find your company unjustifiably on such a list, Lochart suggests that you contact its administrator to voice your concerns. But getting "un-blacklisted" can be difficult.
8. Warn users to be wary of red-flag words. In sending e-mail, avoid words that are associated with spam, says Lucio Gonzalez, a systems specialist and e-mail administrator at South Texas College in McAllen, Texas. These include hey , hello , free , enlarge , pharmacy , alert and diploma .
Conversely, try to include recipient-specific information in your messages, such as project names or personal references unique to your recipient. Doing so can lessen the chance that Bayesian analysis of your message will cause it to be flagged.
By reducing false positives, you help ensure that real e-mail from your senders actually gets to you and that real e-mail from you actually gets to them.
Sun consults with clients to improve their organizational effectiveness.
Spam filters: Making them work
