TechRepublic Member: Curtis Birnbach
Job: President, Hudson Research Inc., which runs an electro-optics foundry including an optical shop, an electronics lab, an electro-optics lab, and mechanical fabrication areas, and produces devices for the military and the telecommunications industry
Industry: Electro-optics
Problem: Reducing the amount of spam employees have to delete
Solution
We have a five-layer spam filtration process that eliminates much of the problem. We get between 400 and 800 pieces a day, of which about 85 percent comes from China. Our layers are:
This combination eliminates all but 50 to 100 pieces. The biggest problem is that our two Web sites attract spiders through the info@xxx general addresses. We can eliminate the bulk of the remaining spam by adding JavaScripts to the site, but that would compromise the ability of our sites to go through firewalls without requiring entries into the firewall database. We have always tried to maintain the maximum level of availability on our sites by minimizing the number and types of JavaScripts and using code that is highly cross-platform compatible.
Client does a lot of the work
We have elected to put a substantial portion of our defenses on the client rather than the server as it makes our system less vulnerable. It is annoying to administer, but worth the effort as it has prevented virus- and worm-based attacks. Given the number of security holes in the Windows servers, the client-based approach has obvious benefits. It works. The spammers are not anticipating this, and they focus their attack on the server. While we take as much care as possible to protect our servers, they are but one layer and a deception as far as the spammers are concerned.
At this point, we are faced with the choice of rewriting a substantial portion of two Web sites to mitigate the problem or continuing to spend about a half hour per day on directly spam-related screening.
Blocking tactics
We tune our various filters to block primarily by domain, secondarily on key words. Due to the highly specific and technical nature of our products and services, we block all mail from non-NATO countries. However, advanced spammers routinely send mail through third parties, particularly through free services such as Yahoo, MSN, Excite, Lycos, etc. These services represent one of the biggest problems facing us as we also get a portion of legitimate email through these ISPs and cannot afford to summarily block these services.
I can tell you that the impact of spam on small businesses is proportionally greater than the impact on large businesses. We have less manpower, less money, sometimes no IT department at all, and to devote even a half an hour a day to this issue is a terrible burden.
Talkback
Surely Fortinet's FortiGate will be a lot better - one point of easy administration and update, and a lot more precise than all the layers you've put in ... And the price is right too.
I don't see how that is five layers of filtering. Maybe a one layer system with the filtering spread out over five tiers. You might call it a five tiered system with 1 layer of spam protection. I don't see how any of your tiers are overlapping.
Anyway, JavaScript doesn't require any special firewall rules to use it to mask your email addresses. Although it's probably too late now, you're already on every spammer's mailing lists.
I would highly recommend hring a consultant or looking to see what is available before whipping up your own "spam solution". There are other ones out there for less admin work and less cost than what you have implemented that block more spam and with rare false positives.
An interesting read though, to see how the average joe is being forced to deal with their organization's spam problem without any guidance.
The strategies used by this company are interesting. But, as is always the case, there are better solutions. We are publishers of an agricultural commodity market news service, with customers in 60 countries. We recently solved the problem of having our website spidered for email addresses by creating a form -- similar to this -- and a perl script to manage the input. The page contains no javascript and is therefore compatible with all browsers and users behind forewalls report no problems. We had been receiving over 500 spam emails per day. We eliminated almost half the spam by carefully reviewing the email addresses which were being used to reach us and removing those which are not commonly used from our mail server. For the balance, we use a server based solution -- a antispam filter system we created which scans all inbound messages received on our Mercury32 mail server. On average, no more than 10 messages get past the filters, and all that do are used to generate new rules. Companies which have installed our system on their Mercury32 mail servers report similar results -- eliminating between 95% and 98% of spam each day. We deal with email viruses in two ways. We deny messages which have attachments which are obviously executible content. We then use AVG antivirus to scan all messages with attachments which make it through the prefiltering phase. This has been close to 100% effective and often traps new email viruses before anti-virus definitions have been created. We would love to figure out how to trun our system from a freely available one to one on which we can make money in order to recover the cost of maintaining the filter set. However, we will not stop working on the filter set because it ha proven extremely effective for us and for the companies which are using it to combat spam in their systems. The filter is available for download from http://www.stat-communications.com
InboxMaster a relative unknown gem by Secluda Technologies can add the finishing touch. It separates known and unknown email and detains the unknown at server level. At users request this is reported by email at convenient moments. Thru hotspots the users can decide to receive the message, trust the sender, show a safe content copy or ......do nothing.....meaning it will be discarded after a chosen period! Less networktraffic, no infected mail in the inbox, minimal management by the enduser and no disturbance op productivity by 'mailpings'!
The outgoing emailbehavior per enduser, automatically builds the 'trusted'database per user. http://www.secluda.com.