Dealing effectively with spam

This paper gives information on spam - what it is, its cost, and how to deal with it. It also describes the unique technology used by GFI MailEssentials to combat spam.

Introduction

IDC predicts that global email traffic will reach 35 billion in 2005, up from 9.7 billion emails in 2000. However, this increase in the worldwide use of email is being accompanied by a galloping increase in spam mail - that is, unsolicited bulk/commercial email. Just as junk faxes flourished when faxing became a corporate norm, so it is with email - today, unwanted emails flood the inboxes of users all over the world, wasting time and money.

What do spammers wish to promote when they blanket-mail their messages to masses of unsuspecting email users? Different studies show that roughly half of all spam mail is related to money, advertising get rich quick schemes, debt reduction plans and gambling opportunities. One third of spam mail is porn-based - and this figure is set to increase. About 10% is health-related, and the remainder covers a wide variety of topics.

Everyone is familiar with methods to block unwanted communications: we use voice mail, answering machines and caller ID to filter phone calls; companies hire staff to screen incoming calls, faxes, and visitors. Spam must be tackled in the same way.

The growth and cost of spam

The Radicati Group, a US research firm, estimates that one in three corporate emails is a spam mail and predicts this will reach 39% by 2006. Similarly, the European Union estimates that 35% of all email messages are spam.

This means that employees must dedicate part of their work time to deal with spam, resulting in a decrease in productivity (and an increase in frustration!). Loss of productivity is the main cost of spam, particularly as so many spam mails are received per day. Then there is cost of the bandwidth wasted by spam, as well as other storage and network infrastructure costs. Besides, the influx of spam and its deletion might mean that, in the rush to clear one's inbox of junk mail, an important message is trashed along with the unsolicited mail.

It is not surprising that a 2001 survey by the European Commission estimated that spam costs US$8.8bn a year! Ferris Research calculated that if an employee receives just 5 spam mails a day and spends 30 seconds on each, he will waste 15 hours a year on junk mail - now multiply that by the hourly rate of each employee in your company and you will have a very conservative idea of the cost of spam to your organization.

It is essential to put a stop to spam to save time, money and bandwidth.

Dealing with spam

Step 1: Use common sense - You can adopt simple techniques as the first step towards battling spam.

Look after your email address and refrain from using it in "free-for-all" sites like chat rooms and bulletin boards, where it can easily be seen by spammers. A better idea would be to have one email address for business mail and another "disposable" address for public use.

If possible, use a complex corporate email address with mixed characters to avoid auto-generated addressing. Using an address that is easily predictable means that if spammers get hold of your domain name, they will soon be able to guess your email address.

Watch out for deceptive unsubscribe and opt-out links! When a spam mail gives you the option to unsubscribe, ignore it. Do not respond because that will only serve to confirm to the spammer that your email is active, and therefore suitable for re-use. Also, avoid replying to the junk mail for any reason.

Before you sign up at a web site, find out about that site's privacy policy to ensure that your email will not be shared, sold, or given to anyone else; otherwise your email may be sold as part of a marketing database and become easily accessible to spammers.

Step 2: Use technology to battle spam - Many software packages are available on the market to help you combat spam; but not all are incisive enough in dealing with spam

Server-based or client-based?

There are 2 approaches to fight spam on your network - at the client level and at the server level.

Battling spam at client level is much more time-intensive than at the server level. It means deploying anti-spam software to all workstations on your network and involves frequently going back to those workstations to update the anti-spam rules on each of them. It also means that your email infrastructure is being taxed by spam, as your server message stores are filling up with useless emails waiting for deletion. What's more, it also involves time on the part of your users, who have to identify spam or update their rule sets: This is the very thing you are trying to oppose in your bid to block spam!

In addition it does not have the information and resources that server-based anti-spam software has - it is not possible to perform sending server checks, for example.

Lastly, spammers are aware of popular desktop anti-spam products, and create their spam specifically to bypass it - for example, by hiding phrases that would trigger these products in images.

To block spam effectively, you need to have a server-based anti-spam product, because it offers these advantages:

1. Installation at the gateway, eliminating the deployment and administration hassle involved with desktop-based products.

2. Far cheaper to license.

3. Prevents spam from even entering your email infrastructure, meaning that your email stores are not filled up with spam messages.

4. Server-based anti-spam software has more information, and can do more to detect spam effectively.

Spam detection technology

A few years ago, most anti-spam products simply used a list of keywords to identify spam. A good set of keywords could catch plenty of spam. Keywords lists are still effective in finding spam; however, because spammers have become more creative in their efforts to spread their messages, it is no longer enough to use keywords lists alone.

A more advanced approach is needed, that analyses both the message content and the message header and traces an email back to its sender in order to identify spam. Broadly speaking, you can therefore classify spam detection technology into 2 categories: techniques to find spam by analyzing the content, usually by using keywords; and techniques to find spam by analyzing the message header for known spammer "tricks".

The content of the message body reveals information such as:

1. Is the message selling anything? Using keyword filters, you can detect most porn-related spam, and other emails trying to sell products such as insurance, etc.
    

2. Is the message using scripts?
    

3. Is the message using image tags to track if the email was opened?

The message header reveals such information as:

1. Is the sender a known spammer?
    

2. Is the sender known, i.e., verifiable?
    

3. Is the sender providing misleading header information in the message?
    

4. Is the sender sending the email to large amounts of users?
    

5. How is the sender sending the message?

With this information in hand, it is technically possible to achieve a high spam detection rate.

Spam handling

Last but not least, anti-spam technology must have flexible spam handling. Handling of spam must go beyond simply deleting it - inherent in anti-spam technology is the fact that there will be false positives, i.e., mail being flagged as spam even though it is not actually spam. Anti-spam software must have the capability for users to easily review mail that has been flagged. This way, spam rules can be further tuned and valid emails can be redirected.

GFI MailEssentials' spam detection technology & approach

GFI has spent considerable time researching the spam problem and has developed an approach that can detect most spam email that reaches your mail server. This approach is included GFI MailEssentials and works as follows:

1. Tackles spam at the server level - GFI MailEssentials installs on your Exchange 2000 Server, or in front of your mail server (if using Exchange 5.5 or another mail server). It detects spam BEFORE it reaches your mail server. This way, spam does not tax your email infrastructure, and any spam detection rule updates need only be deployed on the GFI MailEssentials machine. Whitelists (domains/email addresses you always wish to receive mail from) and blacklists (domains/email addresses from which you do not want to receive mail) can be used at server level.

2. Analyses the content of the mail - GFI MailEssentials includes powerful keyword checking capabilities: You can check for keywords in the email body and subject and use conditions to refine your rules. GFI MailEssentials includes a default keyword list that catches most spam mail in English.

3. Analyses the header of the mail - The most innovative feature in GFI MailEssentials is in the way it analyses the email header. Each email contains SMTP from and to fields (as received by sending SMTP server) and MIME from and to fields (as created by sending email client). By intelligently analyzing these fields, it is possible to detect spam mail.

4. Tracing the source of the mail - GFI MailEssentials checks the source of the email. First of all, it checks if the sender domain is valid. Secondly, it can check if the sending mail server is on the ORDB list (this is a list of open relay mail servers).

5. Spam handling - After a mail is found to be spam, it can be copied to a folder or forwarded to a hold-all account; here users can periodically review the spam mail sent to them. If they find a valid email (for example, a newsletter which they wish to receive), users can add the sender to the whitelist.

About GFI MailEssentials

GFI MailEssentials adds essential email tools to your Exchange Server: Anti-spam, disclaimers, mail archiving, Internet mail reporting, server-based auto replies and POP3 downloading. For more information and to download a free eval version, visit http://www.gfi.com/mes.

About GFI

GFI (www.gfi.com) is a leading provider of Windows-based messaging, content security and network security software. Key products include the GFI FAXmaker fax connector for Exchange and fax server for networks; GFI MailSecurity email content/exploit checking and anti-virus software; and the GFI LANguard family of network security products. Clients include Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has five offices in the US, UK, Germany, Australia and Malta, and has a worldwide network of distributors. GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion 2000 (GEM) Packaged Application Partner of the Year award.

© 2002 GFI Software Ltd. All rights reserved. The information contained in this document represents the current view of GFI on the issues discussed as of the date of publication. Because GFI must respond to changing market conditions, it should not be interpreted to be a commitment on the part of GFI, and GFI cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. GFI MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. GFI FAXmaker, GFI MailEssentials, GFI MailSecurity and GFI LANguard and the GFI FAXmaker, GFI MailEssentials, GFI MailSecurity and GFI LANguard logos and the GFI logo are either registered trademarks or trademarks of GFI Software Ltd. in the United States and/or other countries. Microsoft, Exchange Server, VS API, Word, and Windows NT/2000/XP are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other product or company names mentioned herein may be the trademarks of their respective owners. GFI. http://www.gfi.com info@gfi.com 1-888-2GFIFAX / +44-(0)20-8546 0640

back to top