Fight back!
Even though Brooks says he manually checks each site he finds to determine its relevancy, all that work doesn't mean his email recipients don't label him a spammer. To Brooks, Web sites are open invitations. "I'm just responding to their request to have people contact them."
As a result of this open invitation, your employees could spend valuable work time sending requests to be removed from such lists. Brooks says he honours all removal requests, but acknowledges that many others don't, and that spammers of the worst ilk just consider such requests proof that there's someone at the other end.
After trolling Web sites and gathering email addresses, it's time to send the message. Email automation programs, which cost anywhere from $100 to $400, can handle that task with ease. Typically, these programs do three things: process email lists, send email, and handle incoming responses, most often with an automated reply.
Some of these programs work better with databases than others. While some require the sender to manually import, export, and update the email lists, more sophisticated programs can directly query SQL databases.
A feature that Brooks says is particularly important is sequential mailing. That is, you can program the software to send a different email every few days to the same address list, like a series of follow-up sales calls.
But even if you enlist an anti-spam product or service, someone still has to sift through the mail that's been filtered to make sure nothing business-related has been snared in the spam net. "Some firms do that by establishing a spam folder for each user and then writing the filters," says Bob Johnston, CISSP, manager of credentialing services at the ISC2, the International Information Systems Security Certification Consortium. But other companies balk at the delays in delivery times that putting spam filtering software on a mail server can cause. "That's why many firms choose not to implement the spam filters--it takes too long."
Sweetening the pot
Spam-fighting methods have had to mature because spammers figured out how to bypass simple content filtering, which looks for words such as "free" and "credit card". These days, spam filtering providers collect spam in databases with the help of honeypots, a term also used to describe the luring of hackers into attacking a simulated network service.
To establish a honeypot network, spam filtering providers set up email addresses on a variety of mail providers for the sole use of receiving spam so they can better understand it and create new filters for it. The profiles of the fictional people associated with these email addresses are given a variety of interests, and posts are made to newsgroups in their name. What's key is that these email addresses aren't subscribed to anything, so it's a virtual guarantee when a message is received that the address has been harvested without permission, and that what's received is spam.
While such analysis might seem more suited to a spam filtering service provider, CipherTrust thinks enterprises might want to use the tool themselves. You can manually set up a honeypot in the current version of the company's IronMail software, but Director of Research and Development Paul Judge says the next version will feature an automated process for setting up honeypot addresses.
But honeypots won't be enough. Nor will the fuzzy algorithms that can detect if a message is spam even when random data at the end of the message derail efforts to read its signature.
A variety of clever spam-fighting techniques are out there, but for now, you still have to dedicate someone to sift through the filtered mail to make sure no legitimate correspondence is dropped. For now, the battle of wits between spam filter developers and savvy spammers is far from over.
