Don't make a meal out of spam

Phil Watts, managing director of SoftScan UK looks at a range of solutions to the spam problem. 

On average, over the last year, statistics from SoftScan show that only 10 per cent of emails that passed through its scanner were legitimate messages.

Less than two per cent were viruses and a whopping 88 per cent were classified as spam. Although a successful virus attack can cause havoc to a company's network, spam causes far more day to day disruption and may be costing organizations more than they realize. 

To understand the scale of the problem and the wider implications of allowing spam to enter into the network unchecked, we need first to look at where it comes from.

To the uninitiated spam messages seem to raise more questions than they answer - how did they know you were looking for a new mortgage, a cheaper version of Photoshop or banked with Barclays?  The simple fact is they did not, it is a blanket email designed to catch the people that are.

Even if you discard phishing emails, which go out of their way to deceive users into giving away personal identity information and banking details, spam is big business.

It is a cheap way of marketing products, whether it is pirated software, counterfeit medicines or pornography and only a few people need respond to make it profitable.

Obviously the majority of responders do not realize they are wasting their money or purchasing illegal goods, but, as with any email message you are not sure about, it's worth remembering the old adage - if it sounds too good to be true, it probably is. 

Spam is increasingly distributed via botnets - a network of PCs, known as zombie computers - that have been infected with a Trojan horse program that puts them at the disposal of the botmaster who rents them out for a variety of uses including denial of service attacks and spamming.

Unknown to the user, these machines continuously churn out spam. In the beginning of November 2005, the FBI arrested a Californian man who allegedly had an army of zombie computers.

In addition to renting them out for a fee, it is alleged that he also generated approximately $60,000 by surreptitiously installing adware on approximately 400,000 compromised computers.  

Spam is an issue for even the smallest of firms and the threat can be broadly put into four categories: loss in productivity, increased potential to virus attack, reduced bandwidth issues and potential legal exposure. The biggest and most insidious problem to organizations is the loss in productivity.  

How do you quantify the hours wasted every week as users trawl their inboxes deleting unwanted messages? How many legitimate messages are deleted by mistake? How often does an important message sit in an inbox unnoticed because of all the rubbish that surrounds it?

The convergence of spam and viruses has never been stronger. Many viruses today are spread using spamming techniques and many spam messages contain web links that purport to be to legitimate websites, but are actually links to download malware such as keylogging or password stealing Trojan horse programs.

The risk is extremely high for both the business and the individual user, particularly if they use the work computer for personal online banking. 

If 88 per cent of email traffic entering your network is spam, you are paying for a lot of bandwidth that you do not actually need.

In addition, once the email traffic is on the network it may slow down other mission critical systems such as sales and inventory, indirectly causing even more loss in productivity. 

Finally, organizations have a responsibility to protect employees and that includes protection from unwanted content within emails.  

Should one of your employees open an email to discover lewd content, they would certainly be within their rights to complain about it.

If you do nothing about it or cannot prove that you are trying to resolve the situation, you may find yourself on the wrong side of the law. If on the other hand they are not bothered by the content, you may still find productivity loss an issue as they show it to others around the office. 

To stop spam from entering users' inboxes now requires a variety of techniques including black and white lists, real-time-blackhole lists, lexical analysis, bayesian classifier and signature matches.

Though one of these techniques by itself might not be enough to identify a spam message, used in combination they provide an almost foolproof solution. Most systems today will learn and improve from each email; the end result should be a scanner that is more than 98 per cent effective with virtually no false positives. 

In addition, because spamming is so cheap, many spammers send spam to email accounts that either never did or no longer exist. These emails can put an additional strain on the company network if not dealt with properly.

Some spamming solutions can be configured to use LDAP servers to retrieve a list of valid email addresses. With this list, the system can then stop mails to invalid accounts before they reach your network.  

The downside to stopping spam is that even though your users are now more productive, managing the anti-spam system can put an extra strain on network administrators that have to continually manage, update and configure the system to ensure it remains working at its optimum potential.  

For many organizations the easiest solution is to outsource and redirect their email through the host's external servers that filter, quarantine and clean emails. This provides several benefits.

The burden of installing and managing the system is taken away from the network administrator leaving them to concentrate on core tasks, spam does not reach your gateway so the integrity and reliability of your email system is improved and associated bandwidth overheads are reduced.

Finally, storage costs are reduced as you no longer back up spam emails and business continuity is improved. 

Despite the introduction of various pieces of legislation to combat spam, this has had little effect on the problem and the situation is now becoming so critical that some governments are starting to tackle it from a different angle.

In Australia, for example a trial has been set up whereby five of the top ISPs are regularly given a list of IP addresses that have been identified as demonstrating typical zombie PC activity. The ISP is then expected to contact the customers and help them clean their machine and stop them being used to unwittingly churn out spam. 

Whether you use an in-house or hosted solution to resolve your spam problem educating your users will help them reduce your risk from spam and help to protect them at home too. 

  • Never respond to spam, you are helping to fuel an illegal industry. 
  • Do not unsubscribe to lists you didn't join in the first place, all this will do is increase the amount of spam you receive.  
  • Don't click on links within emails, instead open your internet browser and type in the address yourself to be sure it is your bank you are logging onto and not a spoofed website. 

At the beginning of 2003 one in four emails was spam. Today that figure is nearer nine in ten. Whilst spam is a profitable business for some it isn't going to go away anytime soon, but with a little education and the right protection in place, it shouldn't be a problem for the majority of businesses. 

www.softscan.co.uk 

in a nutshell 

  • The spam threat can be put into four categories: loss in productivity, increased potential to virus attack, reduced bandwidth issues and potential legal exposure 
  • Stopping spam requires a variety of techniques including black and white lists, real-time-blackhole lists, lexical analysis, bayesian classifier and signature matches 
  • Managing the anti-spam system can put an extra strain on network administrators 
  • Whether you use an in-house or hosted solution to resolve your spam problem educating your users with a few simple pointers will help them reduce your risk from spam.

January 2006

Blueprint for Cyber Security

Our vision is a world properly protected from cyber threat. This blueprint sets out how we can deliver that solution, starting in health and care.