Spam and e-mail viruses are more than nuisances. They tie up your employees' time and take a bite out your IT budget by hogging bandwidth on your LAN and Internet connection. You can fight back against junk e-mail and virus threats with a well-designed and strategically placed e-mail filter. But a poorly implemented filter can remove important messages, which could cost you more than a barrage of useless e-mail.
An e-mail filter is software that scans messages for undesirable content, from annoying "make money fast" messages to hostile viruses. A filter can be installed on your company's LAN or work as an outsourced service. Filters range from simple to sophisticated; a basic filter scans for spam and viruses, while a more sophisticated filter can search for other criteria such as pornography or confidential business information.
Spam filters are a good thing, but system administrators need to implement them with care. If filters are too stringent, they can stop legitimate e-mail in its tracks; too lax, and spam and viruses will sneak through.
This article originally appeared in CNET Enterprise on 6/21/01.
Filters generally work using heuristics--a problem-solving method that uses rules of thumb rather than a strict formula. The process compares messages to lexicons of spam words and checks for attachments that fit the profile of viruses. Some advanced tools keep track of whom you regularly communicate with as well as correspondence from unfamiliar sources and employ more stringent filters against strangers' e-mail. The simplest filters scan only message headers, while more advanced filters scan the message body as well. Other filters use "black hole" lists of known spammers that are published online and updated as spammers change their tactics and points of attack. The most popular is the MAPS Realtime Blackhole List.
LAN filtering
Large and medium-sized enterprises will want to consider running filtering software within their LANs. This software can run on the mail host or on a standalone-filtering server.
Your mail server may have some built-in filtering capabilities. For instance, Sendmail can disable mail relaying and includes an access database that allows administrators to reject mail from certain domains. Sendmail can also be set to refer to the MAPS Realtime Blackhole List. Microsoft Exchange Server can be set to reject relayed mail as well. These built-in filtering options are a good first line of defense against spam but often are not powerful enough to block serious spam attempts or e-mail viruses.
Compared to an outsourced filtering service, local filtering has both advantages and disadvantages. One key advantage is that filtering software can screen intraoffice e-mail. If an e-mail virus gets into the network, filtering intranet mail will keep the virus from flooding the local network.
On the downside, although some outsourced services can be configured to filter intranet mail, sending internal mail out and back again uses more bandwidth and slows down delivery. Sending private internal messages onto the Internet can also compromise confidentiality.
Here are a few popular filtering software products:
Mirapoint's Message Director is an industrial-strength solution for local filtering. The rack-mount hardware device connects between your router and mail servers. In addition to spam and virus filtering, the unit can perform outbound message content filtering, which can be used to ensure that sensitive material is not sent out without proper authorization. This works with any e-mail server and supports POP3, IMAP, and other common messaging protocols. Pricing for the Message Director starts at $26,000.
Junkfilter is free software that works with Procmail (a popular mail processing utility) to extract spam. It works at both the individual user level and the system level, but the creator discourages its use systemwide for networks with heavy e-mail loads. Procmail works under standard mail servers running on Unix and Linux but not Windows NT/2000.
Options for Windows NT/2000 environments include CommandView and Tumbleweed Messaging Management System.It takes IT resources to configure, maintain, and update filters on an internal mail server. If yours is a smaller business or your IT staff is already tapped, an outsourced filtering service can be a better solution. You won't have to update filters when new viruses are released or spammers try new tactics.
|
On the downside, sending e-mail to an external filtering service adds a layer that can slow down delivery. Managers may worry that routing outbound e-mail through another company's server could compromise confidentiality, but unencrypted e-mail is always prone to being sniffed. Filtering does not significantly increase the possibility of outbound or inbound messages being intercepted.
Outsourced filtering options include MessageLabs SkyScan and Postini Junk Email Assistant.
The cost of these services can vary considerably, depending on the features you want (spam filtering, virus filtering, or both) and the number of e-mailboxes to be scanned. Postini, for instance, charges $1.50 to $2.50 per month per user for spam and virus scanning. MessageLabs quoted a starting price of $1.50 per user per month.
No filtering tool is perfect. "The moment you automate anything, there is the risk that you're going to have a little bit of collateral damage," says Satish Ramachandran, CEO of Mirapoint. "Those fishing nets that are out to catch tuna--invariably they catch some dolphins as well."
With some software, legitimate commercial e-mail and mailing list messages can resemble junk mail. Also, black hole lists may temporarily block messages from legitimate business partners. So how your filtering tool handles suspected spam could make all the difference.
Most filtering tools offer choices for how to treat potential spam. Suspicious messages can be tagged (using a header field such as X-SPAM: yes) but delivered normally. The recipient can then use an e-mail client filter to delete the message or move it to a special folder. Suspect messages can also be moved automatically to a gray list e-mailbox, where they can be verified by staff. Or messages can be deleted. Simply throwing away messages is the worst option; if the software is wrong, it could trash vital messages.
"Most people start off cautiously, letting it all through and logging hits to see if the stuff we're tagging really is spam. Once they are confident, they generally go for the full block," says Alex Shipp, chief antivirus technologist at MessageLabs.
There is a diverse array of mail filtering options, and with a little research, any organization can find the one that best suits its needs, budget, and mail volume. Many large organizations will benefit most by using an in-house mail filter, though outsourcing may be the answer for organizations with a taxed IT staff. Some enterprises may get the best of both worlds if their ISP is willing to filter messages on its mail server. This will provide a local filter and distribute the cost across multiple clients.
No matter which method you eventually choose to fight e-mail spam and viruses, your planning and cautious implementation will ultimately pay off--for your users and for your bottom line.
