Sinking in a sea of spam

Tired of email porn and body enhancement offers? John Young suggests using secure content management to halt the tidal wave.

A few months ago, one of my clients, a systems administrator with New York-based the Metropolitan Companies, Inc. took on an extremely challenging assignment. His boss tasked him with devising a way to free his company's employees, resources and bandwidth from a blitz of spam emails that seemed to be doubling on a weekly basis. The rub was the boss wanted a solution yesterday.

The best remedy for this company turned out to be secure content management technologies and techniques. This tactic offered a cost-effective solution against both spam and viruses, which everyone from the mailroom to the boardroom could count on.

Today more than ever, companies require the means to conduct online business safely and securely. With the ever-increasing onslaught of spam, worms and viruses, businesses worldwide are turning to secure content management tools and techniques to keep their online content secure, and to protect themselves, their employees and their customers.

Throwing out the junk

Secure content management can be defined as the filtering of all email that is inappropriate to your organization. Such measures offer effective and intuitive ways to filter, manage and protect your company against unwanted email, without taking up all your time and resources in the process.

Unwanted email can be grouped into four main categories - unsolicited commercial email, worms and viruses, inappropriate content and classified content. The cost of unwanted email in terms of delivery, storage and processing can be billions of dollars each year. These messages can also create potential security holes, through which viruses and fraudulent mail can pass, and sensitive personal or corporate information can pass out.

Four kinds of threats

Unwanted email poses four main threats to organizations. Fraud was once a concern primarily of individual consumers, but businesses are likewise finding themselves increasingly vulnerable to - and targeted by - fraudulent email.

Online epidemics of worms and viruses have already cost companies billions worldwide. Today's viruses are even faster and more complex, and because they infiltrate your email list, they not only cost you time and money, but can also jeopardize your intellectual property and seriously compromise your credibility and reputation.

So-called cyberstalkers use the anonymity of the internet to harass or even attempt harm against their intended victims. Striking in the workplace as easily as at home, harassing emails can affect morale and productivity, and pose the added risk of possible litigation by employees whose employers fail to offer them sufficient protection.

In an era where knowledge is both power and profit, the need to protect intellectual property has never been greater. For example, the 1996 U.S. Health Insurance Portability and Accountability Act (HIPAA) requires that any organization in the health care industry which stores data or processes claims electronically must ensure the security and privacy of that information to maintain the right of individuals to keep private information about themselves.

Of course, even the most advanced solutions cannot offer absolute protection. Spammers and virus authors are constantly innovating, both in the manner in which they attack and in the tools and technologies they use. But through the use of secure content management software, you can protect your company from these potential threats, while preserving bandwidth, enhancing productivity, and saving time and money. While specifics vary, there are several key capabilities generally considered best practices in the secure content management arena.

Filtering email based on key words and phrases such as 'mortgage,' 'credit,' or pornographic references is the most common first line of defense. Every institution, department or group of users has a different definition of what is inappropriate or irrelevant. A bank, for example, would probably consider medical terminology to be irrelevant, but for a hospital it would be of crucial importance. In short, your spam may not be someone else's spam.

Blacklists and pattern matching

Reverse blacklists (RBLs) are DNS servers with extensive lists of the IP addresses of SMTP servers that either originate spam, or act as spam relay hosts. Each RBL fits particular organizations better than others, so it's important to ensure the lists you use match your needs and circumstances. Free RBL servers are available, but may slow down or fail to respond during peak periods. Subscription-based RBLs come at a price, but offer paying customers the advantage of dedicated server access.

Different RBLs also employ different policies detailing how an SMTP server qualifies as a spam relay host. Because a policy may not match your requirements exactly, it may be best to assign different weightings to reliable, potential and unconfirmed categorization. A message triggering a single RBL with a weight of 'reliable,' for example, would always be considered spam, while a message without a reliable trigger might require three 'potentials' or five 'unconfirmed' to be classified as spam, and treated accordingly.

Pattern recognition can identify spam by looking at message headers or other patterns that match the greatest set of features associated with spam. Some common examples could include messages with identical addresses in the 'from' and 'to' fields, or messages with foreign language character sets that are illegible to your company.

Concept analysis is the most recent, advanced and effective tool to hit the industry. By looking at the entire context of an email rather than just searching for key words, phrases or characters, content interpretation uses 'fuzzy logic' to find camouflaged patterns and natural language recognition.

Keeping up to date

For HIPAA-related organizations or any company concerned with protecting classified content, concept analysis allows for contexts to be updated automatically, and customized to fit the unique requirements of the corporate knowledge base. The result is a significant reduction of false positives, and a substantial increase in accuracy and reliability. Finally, virus update sites can add another important element to your overall plan of defense. The best sites keep both their files and your notification up-to-date. In addition, many of the best sites offer other such tools as the ability to 'push out' urgent notifications of new virus epidemics, multiple methods for receiving updates and anti-virus certification to demonstrate their track record in beating viruses.

Using these tools and techniques can help you separate spam from relevant email. But because they must rely on relative interpretation, even the most advanced spam filters can sometimes make a mistake. To reduce this risk, you should make sure you have the ability to exclude important customer sites, and take a variety of flexible actions with any email identified as spam.

Considering the options

This could mean simply deleting the message or immediately dropping the session with the originating SMTP host to save bandwidth and storage space. Another option could be to tag a message and set its priority to low, or quarantine it into a separate folder, allowing authorized administrators or end users to decide what action to take without irrevocably losing potentially relevant information. Or, messages filtered as spam could be set to trigger a response, notifying the originator in case a real message has been incorrectly flagged.

By having the option to choose between these and other courses of action, you can deal with unwanted or classified email effectively, while minimizing the danger of incorrectly identifying or losing valid messages.

Before selecting your secure content management solution, first ask yourself a few key questions about exactly what kind of protection you need. What are your organization's messaging requirements or internet policy? What level of controls do you need on incoming messages? Is there a flexible set of actions to deal with spam? And can you filter messages in the correct context?

What's right for me?

You may also want to consider whether you need an enterprise- or perimeter-level solution. Enterprise-level solutions offer both internet and internal email filtering, providing complete protection, no matter where an email may come from. For most organizations, though, the vast majority of unwanted emails come from outside the company. For them, a perimeter-level solution is a more cost-effective option for complete 'front door' protection from all internet messages.

For those working in Microsoft Exchange, another key point is whether or not the solution is proxy-based.

Finally, try to keep the big picture in mind. While you can choose between specific, targeted capabilities, a complete secure content management solution that offers both anti-spam and anti-virus capabilities in one package may ultimately be the best - and most cost-effective - choice you can make in the long run.

John Young is president of Nemx Software (

Categories of unwanted email

  • Unsolicited commercial email (UCE) includes commercial email considered irrelevant to the running of your organization.
  • Worms and viruses. Effects can range from the innocuous to the catastrophic.
  • Inappropriate content includes any email with potentially harassing or offensive content.
  • Classified content includes any email with sensitive personal, medical or corporate information.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.