Ways to slam spam

Get rich quick schemes, pornographic e-mail and university diplomas – sound familiar? Have a look in most e-mail inboxes and you will likely come across one of these types of messages.

Spam is everywhere and the more software and hardware that is developed to beat it, the more spam there appears to be. With many employees receiving upwards of 200 e-mails each day, cutting down – or cutting out – spam becomes increasingly important.

Oliver Tsai, director of applied technology practice for Toronto-based Sunnybrook and Women’s College Health Sciences Centre, said too much spam could cripple an enterprise.

He noted that with employees receiving so many messages, the amount of data being pushed through the e-mail system can be horrendous.

“The battle against spam is the same as the one against viruses – never ending,” Tsai said.

Sunnybrook and Women’s uses some software solutions to try to rid its system of spam. Tsai said it has a content filtering system on its network layer and use the filter systems on its e-mail program.

In the war against spam there are several options open to people, including subscription services – these try to block spam in-transit, flagging e-mail sent to specific accounts which are filtered by agents on the network. There are also server-based software solutions, which act as gateways running on the mail server or a separate machine. This software checks e-mail headers and information to block e-mail. Hardware gateways will handle a large volume of mail, but act much the same way as the software solutions.

But the most important tool for IT administrators looking to battle spam is communication, according to Tsai.

“You have to communicate to your stakeholders. Tell them to look out for messages of a certain type – whether they are dangerous or innocent. You must be vigilant,” he said. “You’re only as strong as you’re weakest link.”

Although, he warned communication can go too far. “With viruses and spam, people often disregard some e-mail warnings because there are so many of them.”

Tsai and his IT team have set up a corporate message board on their intranet, so people can go and post goings-on. They also restricted the people who are allowed to send “all@s” through Sunnybrook and Women’s.

“We want people to be able to communicate, but we want a pull method instead of a push method. People can go and get information, but not everyone can post on the message board,” Tsai said.

Mark Jeftovic, president and co-founder of Toronto-based easyDNS – a domain name service provider, said his company wanted to combat spam so they built myprivacy, eh? a free spam filter system, primarily for .ca domain names, but it can be used with other TLDs (www.myprivacy.ca).

Their next step was to add more steps to the sign up processes for those seeking a domain name. “They give us one address to contact them through and another that we will publish on the Whois database,” he said. ICANN and CIRA stipulate that all domain names must have a contact listed in the Whois database, which Jeftovic said is prime hunting grounds for spammers in search of addresses.

easyDNS and some of its competitors got together to create the DNS Providers Blacklist, so known spam domains are denied service.

Jeftovic noted many companies will just take a “hit delete” view to spam, but with the growing amount of spam – that can turn into a serious time hassle.

“It doesn’t really solve the problem. IT administrators still have to clean up the mess,” he said

He warned IT administrators to be careful of open relays – servers that will take a piece of mail from anywhere and deliver it anywhere.