How to Fight Back against Spam
Spam. The name attached to unsolicited commercial email seems almost silly, born as it was from a Monty Python skit. But spam is serious business, costing organizations millions of dollars each year and creating severe headaches for network administrators.
Spam comes to mail servers from two primary sources: commercial spammers and “botnets” consisting of millions of infected PCs running malicious software without their users’ knowledge. These networks of “zombie” computers are revenue-generating businesses for organized, professional criminals, and by far the most significant source of spam.
The elimination of several huge botnets caused spam volumes to decline in recent years. The world’s largest, Rustock, was taken down by security experts and the U.S. Marshals Service in 2011. At the time of the takedown, Rustock was estimated to have upwards of 2 million zombie computers under its control capable of sending 30 billion spam emails daily. The third-largest, Grum, was taken down in 2012. It was thought to be responsible for 17 percent of spam.
Still, about 70 percent of all email is spam, according to the latest research, accounting for more than 100 billion messages daily. Spam remains a significant threat, sapping productivity, consuming valuable network resources and providing a conduit for the distribution of malware and phishing scams. The CryptoLocker malware is spread through phishing emails with a malicious attachment, just as one example.
Experts recommend a two-pronged approach to spam prevention. The first step is to close any security holes that might enable spammers to use your mail server for their illegal activities. The second prong involves filtering email at the gateway and preventing spammers from “harvesting” legitimate email addresses.
While no spam protection solution is foolproof, the latest offerings use state-of-the-art technology to keep up with ever-changing spam and malware exploits. This is critical as spammers use increasingly sophisticated techniques to dupe unsuspecting users into opening malicious attachments.
Five Steps You Can Take
The best way to have an immediate impact on the amount of unwanted email received by your organization is to establish clear policies and educate users about spam risks. Network security firm Sophos offers the following tips:
Never make a purchase from an unsolicited email. If spamming weren’t economically viable, it would be obsolete. Making a purchase from a spam email supports spammer activities, puts you at risk of a potentially fraudulent sales scheme and virtually ensures that your email address will be sold within the spamming community, leading to even more junk emails.
Never respond to any spam messages or click on any links in the message. Replying to a spam message, even to “unsubscribe,” only confirms to the spammer that you’re a valid recipient and a target for future spamming.
Avoid using the preview functionality of your email client software. Many spammers use techniques that can track when a message is viewed, even if you don’t click on the message or reply. This tells spammers you’re a valid recipient, which can result in even more spam.
Never display your email address on social media, discussion boards or other public web sites. Many spammers utilize web bots to harvest email addresses from public forums.
Have and use one or two secondary email addresses. If you need to fill out web registration forms or surveys at sites from which you don’t want to receive further information, consider using secondary addresses to protect primary email account from spam abuse.
In our next post we will discuss some of the other security threats that could be lurking in your email inbox.