Unsolicited e-mail, better known as spam, is a hot topic these days -- and not just in the IT industry. Dealing with spam has become a daily task for most users, and it's become such an issue that Congress recently created the first federal law regulating spam -- the CAN-SPAM law.
Spam doesn't just consume bandwidth, processor time, and storage space on your servers. It also reduces user productivity and has served as the delivery method of viruses and other harmful attachments to unsuspecting users.
Controlling spam has become a nightmare for most organisations. Let's look at some ways you can win the war against unwanted e-mail.
The first step in fighting spam is making sure you're not a part of the problem. Turn off SMTP relay.
Open the Exchange Administrator Program, go to Connections for your site, and open the properties for the Internet Mail Service Connector. On the Routing tab, make sure that mail relay is disabled.
Note: If you're allowing POP3 or IMAP4 clients to retrieve mail, you must enable mail relay, and you should also enable authentication.
Know your options
Desktop : There are a multitude of products designed to integrate with local e-mail clients. However, many are inefficient and can block legitimate e-mail. This approach places an enormous burden on end users.
E-mail server : There are several enterprise solutions that integrate with various e-mail servers. However, the mail server is the wrong place to filter spam.
The mail server must accept a message before it can process it through the spam filter. This increases processing time and storage requirements while the server checks the message.
Mail gateway : This is the ideal location to block spam. There are several enterprise anti-spam gateway products that provide excellent identification of spam and deny delivery to the enterprise mail system.
Educate users
User education and a little ingenuity is another good starting point. By educating your users, you can keep them from posting their e-mail address across the Internet. Spammers and hackers harvest addresses from other systems and use posted addresses to bombard servers.
Most Web sites require a valid e-mail address for registration. But many of these sites sell or trade e-mail addresses to spammers.
You can mitigate this practice by creating a mailbox that's accessible to all users and adding it to their profiles. Tell them to use this mailbox address if they need to enter an e-mail address on a Web page. Disable sending from this common mailbox, and clean it out every day.
Defeating spam requires a combination of approaches. User education, diverse filtering, and automation of your anti-spam solution are the key.
Don't run open mail relays, and implement a solution that fits your enterprise budget without increasing the burden on your administrators and mail servers.
Mike Mullins has served as a database administrator and assistant network administrator for the US Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
©2004 TechRepublic, Inc.
4%
4%
