Tricking Spammers:
Keep the Junk at Bay with These Strategies
by Duane Morin,
Processor.com Magazine December 5, 2003
How much spam reached your users today? If you're
not taking steps to prevent it, you may find yourself
among the unlucky admins who see more than 90% junk mail.
Become spam savvy with these tips and tricks and watch
that number drop to nearly zero.
License to Kill Spam
Start sending junk to the bit bucket with a spam filter.
Filters assign a score to each email, representing the
likelihood it is spam. If the score is over the
threshold, the user never sees it. One advantage to
this method is that you can tweak the filter to reduce
false positives. The downside is that you may accept
and store mail that you might otherwise have rejected.
Couple a scoring filter with a blacklist, reject what
you're comfortable with, and filter the rest.
Look for a product that offers Bayesian filtering.
Traditional filtering works by hand-developing rules based
on observed patters; if spammers change their tactics,
such filters have to be updated manually. A Bayesian
filter is trained to find patters automatically, analyzing
the likelihood that certain characteristics will be found
in spam vs. legitimate email. It constantly
fine-tunes its rules on its own, based on what it learns
from both kinds of mail. Point it at spam that slips
through your existing filters. The Bayesian filter
will discover the pattern you are missing.
The current popular choice is Spam Assassin (www.spamassassin.org).
Although open source, SA also provides the core for a
number of commercial products. Spam Assassin is not
"configure and forget," however. If you can't
dedicate a resource, you might look at another solution
...
User Strategies
In addition, there are things that all employees, not just
the IT workers on the front lines, can do to help stem the
tide of spam. Pass the following tips on to your end
users and help ensure your hard work doesn't go to waste.
You've heard it a million times, but perhaps the less
tech-savvy users of your network haven't:
Don't ever click
"remove me" on a piece of spam. Maybe
you'll be removed, but you're guaranteed to end up on a
hundred new lists now that your email has been validated.
Never post email addresses on a Web site. Integrate
an "email mangler" that renders addresses readable by
humans but not software. Be creative! Humans
are much better at demangling than scripts are.
There's no way around it: Sending email means providing a
"from:" address. Anyone who says "I never give out
may email" is fooling himself. It doesn't take long
for a well-meaning friend to sign you up for a
joke-of-the-day mailing list, and bingo. You're
spammed.
|