Spam has gone from virtually nothing four years ago to a major problem today. It is now estimated that spam accounts for about 60 per cent of all email carried over the internet, up from 45 per cent this time last year.

To date most articles written have looked at spam from the receiving end, but there are hidden dangers to all legitimate companies at the sending end of spam, and the aim of this article is to address this often forgotten aspect. So what are these hidden dangers, and what is meant when we talk of the sending end of spam. Today spam is increasingly not being sent from a single traceable mail system but from highjacked systems and PC's that are permanently connected to the internet via broadband connections (ADSL, cable modem etc.). Another sending end spam issue is the highjacking and illegal use of a legitimate companies internet domain.

The highjacking of a company's internet domain manifests itself in the 'from' address of a spam message. This 'from' address can, and generally is, spoofed using a domain that does not lead back to the spammer. Generally the user will be randomly generated so the same spam message will appear to come from multiple people. The problems that arise from such a domain highjacking can include having the domain black listed within the internet. This potentially would stop the bulk of legitimate emails from the company being delivered, and there is a reputation risk as well. Both of these problems can have an adverse impact on a company.

Another 'sending' type problem is where a system or PC that is permanently connected to the internet via some broadband type connection, is highjacked by a spammer or hacker and used to send spam. The problem for the person or company owning the highjacked system or PC is that the internet service provider could withdraw service. Sending spam is against most, if not all, UK ISP's acceptable use policy. Whether internet service is withdrawn temporarily, until the system or PC is fixed, or permanently, will be down to the ISP involved and mitigating circumstances (e.g. how quickly did you take your system or PC off line, has the problem happened before etc.). Loosing internet connectivity, even for a short period of time, can impact a business, and there could be costs involved in getting your systems or PC up to a standard required by the ISP before service gets reinstated.

So spam is more than an annoying clogging of your company email 'inboxes', it could have a much bigger impact on your business than you imagined. There is little to nothing you can do to stop your internet domain being high jacked, but you should remain vigilant against it happening, for instance, do you regularly check your email systems postmaster account for 'bounced' messages. A lot of bounced messages that clearly were not generated by your company is an indication something is wrong, and needs investigating. Are your systems or PCs behind a firewall. Is the firewall properly set up and when was the last time you had an independent assessment of your internet security, six months, a year, never?. Are your systems or PC running 'out of the box' or have they been hardened against hacking and are they up to date with security patches. Remember that it is not just Microsoft, but Linux and Unix as well. Typically a day does not pass without there being at least one, and often three or more system security vulnerability announcements and often one of them will be for Linux.

Keeping your systems in good, secure order, is a matter of good IT governance which forms part of good corporate governance. You would not dream of leaving your premises open when every one had gone home and you probably have fitted strong quality locks to the doors and keep your valuables in a safe. It is part of the cost of doing business, so why is IT any different? Given the high dependence on networks (the telephone, the internet and the office LAN) isn't it time you woke up to these hidden dangers. Security of IT systems is not a bolt on, but a culture. You do it without thinking.

Peter Wenham
Technical director, Trusted Management Limited
Tel: 0871 872 8360
Email: peter@trusted-management.com
Web:  www.trusted-management.com
Trusted Management Ltd, March 2004