Before Investing in an Anti-spam Filter Know What to Look For

 

 

With a high percentage of emails directed at your inbox being spam, a good anti-spam filter is an absolutely vital piece of your email infrastructure. Knowing what to look for can help make the difference between a well-tuned email system, and a crawling mess of spam messages using up storage space and wasting users’ time. Before you go out and install the first anti-spam filter you find, here are some of the key things to consider.

 

Cloud-based or on-premise

There are hosted anti-spam filtering solutions that offer greater economies of scale, making them more affordable than in-house solutions. These can combine anti-spam with anti-malware, and filter out spam and other nasty stuff before it uses up your bandwidth or impacts your server’s storage and performance. The only downsides are that they represent a subscription service with monthly costs, and as an outsourced solution, some admins miss having the on-site control.

 

On-premise solutions are purchased (though they may have monthly or annual subscription costs for updates) so they can be capitalized, and by being in-house, the admins can have total control whenever they want.

 

Choose the solution that works best with your administrative style and costing strategy. If you choose an on-premise solution, make sure you select one that is server based, not client based. The administrative overhead of managing a server at your edge is much lower than trying to administer an agent installed on every client, and the licensing costs will likely be far less as well. Centralizing the anti-spam filter will make it easier to maintain, and will prevent spam messages from taking up space on users inboxes, and on your mailbox servers.

 

Spam detection methods

There are a variety of ways to detect and block spam. No single way is fully effective; you need a product that combines methods for a defense-in-depth approach. Bayesian filtering is a very effective way to detect spam, but it must be ‘trained’ to your environment. Whitelists need to be in place to minimize false positives that could block critical business communications. Keyword lists should also be an option for companies whose business might include words that others would consider spam. Other approaches include SMTP header analysis, blacklists, using SPF records to reduce spoofing, and reputation services. By combining the analysis of these multiple methods you ensure the maximum effectiveness of your anti-spam filter, while minimizing false positives.

 

User self-service

Whitelisting business partners and customers, and checking the quarantine folder for blocked messages, can both become major tasks for the helpdesk. Look for anti-spam filter solutions that offer user self-service, both for adding senders to the whitelist, and for enabling users to release quarantined messages themselves, or by delivering spam to the user’s junk mail folder.

 

Reporting

Today’s management is all about the metrics. Look for an anti-spam filter that includes robust reporting and that includes the ability to use this information in dashboards or for computing SLAs. Spam is one of those problems that no one notices as long as your anti-spam filter is doing a good job, but that becomes a major issue if a spam message slips through.

 

 

Remember, whether cloud-based or on-premise, a good anti-spam filter offers you defense in depth, economical licensing, reduces the administrative overhead, and supports users for routine tasks.

 

This guest post was provided by Ed Fisher on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI email archiving.

All product and company names herein may be trademarks of their respective owners.

Warning: A New and Danger PayPal Phishing Scam Email

 

I just received PayPal email and it said “Please Update Your Account”,  its not from PayPal its fake but the problem its duplicated  Frighteningly as PayPal site even when you open the link that included you will not doubt its fake, so see the video to know what I’m talking about.

 

Read more

WINDOW LIVE TEAM -ACCOUNT ALERT- Another Spam That Attacking Hotmail Accounts

Watch out from this fake spam emails that says its from WINDOW LIVE TEAM and its asking about your personal information.

 

Its look like this in your inbox :

 

 

 

and the message content looks like this:

 

 

 

Finally, don’t reply to these kind of emails and mark it as spam.  - Take Care -

 

The Main Risks Associated with Spam

There was a time when spam was considered little more than an invasive annoyance. It was merely an attempt, albeit an unwanted one, to communicate information about a product or service to as many people as possible. But then hackers saw another opportunity. They decided to use this tool as a means to exploit consumers and businesses.

 

Spam then, can pose considerable risk to the enterprise. But what are the primary issues?

 

Productivity – If we estimate the time that it takes for an employee to evaluate and delete an unwanted email, and multiply that by the number of employees, we begin to see how costly spam is. While this scenario may not represent real dollars spent mitigating the problem, it does translate into productivity losses which can have a financial impact. Time spent dealing with spam is time not spent on company business.

 

Storage Space – Company managed anti-spam solutions typically include one or more servers and software. Some estimates indicate spam accounts for over 90% of email. What this means is that a significant portion of that server space is used to receive and sometimes quarantine suspicious emails. If messages aren’t deleted, space can be easily consumed, forcing the purchase of additional storage space.

 

Security – Unfortunately, many spam messages are sent with the intent to harm the receiver. Clicking on erroneous links or opening infected file attachments can result not only in damage to the computer, but loss of data as well. In an era where privacy laws protect consumer data, the loss may be further compounded by financial penalties and damage to company reputation.

 

Spam can no longer be viewed as a problem of convenience, targeted at potential consumers. Real loss of data, reputation or company services can prove costly. Based on these risks, businesses should invest in solid anti-spam service solutions. To further reduce costs, cloud-based solutions have proved that they are not only up to the task, but will also save your time and money in the process.

 

Additional Resources:

http://www.allspammedup.com/2009/10/taking-control-of-the-risks/

http://www.spamlaws.com/

http://blogs.computerworld.com/16285/outbound_spam_hard_data_illustrates_real_risks

 

This guest post was provided by Veronica Henry on behalf of GFI Software, a leading software developer that produces network and messaging security solutions for SMBs. More information about GFI anti-spam solution can be found at http://www.gfi.com/mes

All product and company names herein may be trademarks of their respective owners.

Contract_05_07_2010.zip – all you’ll contract is a malware infection

SophosLabs is seeing another widespread malicious spam attack being sent to email addresses around the world. The emails, which have a malware-infected attachment called Contract_05_07_2010.zip, pretend to be a legal contract – however, opening the contents of the file could infect your Windows computer.

 

A typical email reads:

Subject: Permit for retirement

Message body:

Good day,
We have prepared a contract and added the paragraphs that you wanted to see in it.
Our lawyers made alterations on the last page. If you agree with all the provisions we are ready to make the payment on Friday for the first consignment.
We are enclosing the file with the prepared contract.
If necessary, we can send it by fax.
Looking forward to your decision.
"<name>

Attached file: Contract_05_07_2010.zip

 

 

Read More…

 

Beware ‘Your log 05.07.2010′ emails – they carry malware

Malicious hackers are spamming out emails around the world disguised as a changelog, with the intention of infecting recipient’s Windows computers with the attachment.

 

A typical email reads as follows, although there can be minor variations in the message body:

 

Subject: Your log 05.07.2010

Message body:
Dear Customers,
as promised your changelog is attached,
<name>

Attached file: Changelog_05_07_2010.zip

 

The emails, by the way, are always signed off by the first name of the person who is mentioned in the message’s from: field. That field is, of course, forged – it’s not really that person who sent you the email so don’t blame them if you get infected!

 

Read More…

 

iPad owners’ email addresses exposed: let’s stay calm

One of the hottest security news story today revolves around the news that a weakness on AT&T’s website allowed outsiders to grab the email addresses of early adopters of the Apple iPad – at least those who had chosen to subscribe via AT&T.

 

The news was broken as an “exclusive” by Gawker in a story entitled “Apple’s Worst Security Breach: 114,000 iPad Owners Exposed”.

 

As my fellow blogger Paul Ducklin points out, it’s Gawker’s lead story right now – alongside continuing coverage of Debrahlee Lorenzana, the so-called “Hottie Banker” who alleges that she was sacked from her job at Citibank because she was too sexily distracting for her male co-workers.

 

If you can divert yourself away from Debrahlee Lorenzana’s charms for a second to read the Gawker story you’ll find that it has some very scary things indeed to tell you:

"dozens of CEOs, military officials, and top politicians. They - and every other buyer of the cellular-enabled tablet - could be vulnerable to spam marketing and malicious hacking"

"the most exclusive email list on the planet"

"the breach will also likely unnerve customers thinking of buying iPads that connect to AT&T's cellular network"

"One affected individual was William Eldredge, 'who commands the largest operational B-1 [strategic bomber] group in the U.S. Air Force'"

 

and so it goes on..

 

Reading on in the report it appears that a group called Goatse (don’t Google it, trust me..) bombarded the AT&T website service with thousands of requests using made-up ICC-ID codes (that’s an internal code used to associate a SIM card with a particular subscriber).

 

The hacking group deluged the website with so many made-up requests that some were bound to reflect genuine ICC-ID codes, and effectively “stick”. When this happened the website believed them to be a genuine iPad user and revealed the associated email address.

 

Ok. So I can see how this embarrassing, and it shouldn’t have happened. But, as Paul Ducklin underlines, it’s just an email address and you reveal your email address everytime you send an email.

 

READ MORE…

Changelog 07.06.2010: Hackers spam out malware attack

Updated Have you received a curt email in the last 24 hours with a mysterious attachment called Changelog_07.06.20010.zip? If so, you could be at risk of falling victim to the latest attack launched by malicious hackers.

 

Poisoned emails have been spammed out worldwide, posing as a legitimate communication.

Typical emails have the following characteristics:

Subject: Changelog 07.06.2010
Message body:

Good afternoon,
as promised,
<Name>

or

Dear customers,
as promised,
<Name>

or

Good morning,
as promised,
<Name>

or

Good day,
as promised,
<Name>

Attached file: Changelog_07.06.20010.zip

 

where <name> is the first name of the supposed sender of the email. In other words, if the from address says that the message was from “Peter Bathurst” then the email will be signed “as promised, Peter”.

 

Read More…

 

Danger! Fake $50 iTunes certificate carries malware

 

 

Amid all the usual attacks posing as delivery notices from DHL and FedEx this morning, I spotted some malware that had been spammed out posing as an Apple iTunes certificate for $50.

 

The emails read as follows:

Subject: Thank you for buying iTunes Gift Certificate!
From: "iTunes Online Store" <software@itunes.com>
Attached file: iTunes_certificate_997.zip

Hello!

You have received an iTunes Gift Certificate in the amount of $50.00
You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

iTunes Store.

 

Running the attached malware can infect Windows computers. Clearly the hackers are hoping that in your excitement about receiving a $50 iTunes gift certificate that you will throw caution to the wind and open the attachment.

 

Sophos detects the malware, contained inside a ZIP file, as Troj/BredoZp-AM andMal/FakeAV-BW.

 

 

By Graham Cluley, Sophos

 

Canadian Pharmacy spammers set up shop on Twitter

At the beginning of this month I received an email telling me about someone new who had started following me on Twitter.

Their name was @canadianshop, and it was immediately apparent that they were promoting a Canadian online pharmacy via their account. These kind of websites are frequently promoted in email spam.

Like every other time you receive a new follower on Twitter, the service reminds you that you can report them for spam:

If you believe canadianshop is engaging in abusive behavior on Twitter, you may report canadianshop for spam.

 

But for once I decided not to. After all, this account was clearly spammy and I was curious to see how long it would take before someone else reported them and their account was suspended.

 

That was 24 days ago. And despite the @canadianshop account making no attempt to hide who they are – even their background wallpaper uses familiar imagery used in hundreds of thousands of emails to promote medications like Viagra and Cialis – they remain active on Twitter.

 

At the time of writing the account is following over 2000 people, and has 589 folk following it back.

In addition to its activities on Twitter, the account has also created a number of custom bit.ly links to promote its online stores which redirect to Canadian Pharmacy websites like the one below:

So, let’s hope the account gets shut down soon. I’ve reported it to Twitter now, and also dropped a line to the folks at bit.ly about the links in case they want to take action against those.

 

As if anyone needed reminding let me say it again – if you buy drugs online you’re not only putting your personal information at risk (remember these guys are prepared to spam and use scummy tactics to promote their sites, they possibly wouldn’t flinch at doing something naughty with your credit card details), but you’re also potentially putting your health in jeopardy.

 

By Graham Cluley, Sophos

 

Next Page »