Before Investing in an Anti-spam Filter Know What to Look For

 

 

With a high percentage of emails directed at your inbox being spam, a good anti-spam filter is an absolutely vital piece of your email infrastructure. Knowing what to look for can help make the difference between a well-tuned email system, and a crawling mess of spam messages using up storage space and wasting users’ time. Before you go out and install the first anti-spam filter you find, here are some of the key things to consider.

 

Cloud-based or on-premise

There are hosted anti-spam filtering solutions that offer greater economies of scale, making them more affordable than in-house solutions. These can combine anti-spam with anti-malware, and filter out spam and other nasty stuff before it uses up your bandwidth or impacts your server’s storage and performance. The only downsides are that they represent a subscription service with monthly costs, and as an outsourced solution, some admins miss having the on-site control.

 

On-premise solutions are purchased (though they may have monthly or annual subscription costs for updates) so they can be capitalized, and by being in-house, the admins can have total control whenever they want.

 

Choose the solution that works best with your administrative style and costing strategy. If you choose an on-premise solution, make sure you select one that is server based, not client based. The administrative overhead of managing a server at your edge is much lower than trying to administer an agent installed on every client, and the licensing costs will likely be far less as well. Centralizing the anti-spam filter will make it easier to maintain, and will prevent spam messages from taking up space on users inboxes, and on your mailbox servers.

 

Spam detection methods

There are a variety of ways to detect and block spam. No single way is fully effective; you need a product that combines methods for a defense-in-depth approach. Bayesian filtering is a very effective way to detect spam, but it must be ‘trained’ to your environment. Whitelists need to be in place to minimize false positives that could block critical business communications. Keyword lists should also be an option for companies whose business might include words that others would consider spam. Other approaches include SMTP header analysis, blacklists, using SPF records to reduce spoofing, and reputation services. By combining the analysis of these multiple methods you ensure the maximum effectiveness of your anti-spam filter, while minimizing false positives.

 

User self-service

Whitelisting business partners and customers, and checking the quarantine folder for blocked messages, can both become major tasks for the helpdesk. Look for anti-spam filter solutions that offer user self-service, both for adding senders to the whitelist, and for enabling users to release quarantined messages themselves, or by delivering spam to the user’s junk mail folder.

 

Reporting

Today’s management is all about the metrics. Look for an anti-spam filter that includes robust reporting and that includes the ability to use this information in dashboards or for computing SLAs. Spam is one of those problems that no one notices as long as your anti-spam filter is doing a good job, but that becomes a major issue if a spam message slips through.

 

 

Remember, whether cloud-based or on-premise, a good anti-spam filter offers you defense in depth, economical licensing, reduces the administrative overhead, and supports users for routine tasks.

 

This guest post was provided by Ed Fisher on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI email archiving.

All product and company names herein may be trademarks of their respective owners.

Twitter Filters Tweets

Micro-blogging site Twitter has recently begun filtering tweets containing links to malicious sites.

 

The tactic was first noticed by security researchers on Monday but has yet to be officially announced by Twitter. It has been designed to prevent surfers from being automatically redirected to sites packed with dangerous exploits.

 

The widespread use of URL shortening in tweets (which can be no longer than 140 characters) makes it easy to hide the true destination of links in Twitter. The site has thus adopted this approach, following the increased worm, spam, and account-hijacking attacks targeting it.

 

Whenever a Twitter user attempts to post a link to a known malware/phishing URL, the message “Oops! Your tweet contained a URL to a known malware site!” will appear and, after a few seconds, deletes the tweet.

 

But the question “Does the feature really work?” remains.

 

Trend Micro Advanced Threats Researcher Ryan Flores says, “Twitter is filtering malicious sites as a ‘free service’ so we cannot expect it to provide the best protection. After all, this is not Twitter’s core business, micro-blogging is.”

 

In fact, earlier analysis revealed that the site’s filtering service still cannot block Koobface-related URLs as shown in the figure on the left.

 

Because it has been a favorite cybercriminal target lately, we cannot blame Twitter for trying but we should not expect too much too soon as well. The effort is a good first step for the site but users should not be complacent just because it is trying to block malicious sites (albeit ineffectively) from being posted as legitimate tweets.

 

Trust issues are not fundamentally different from other Web, email, and link techniques out there. It all comes down to context and being sufficiently aware of not blindly opening everything others suggest you do.

 

Twitter Using Google Blacklist To Filter Malicious Links

 

Twitter has quietly started using a Google blacklist of suspected phishing and malware pages to filter malicious URLs leading to known malware sites.

Twitter hasn’t announced it, but F-Secure’s chief research officer Mikko Hypponen revealed how it was starting to filter tweets that linked to known malware sites.

According to this blog post, users are given a warning message when they attempt to click on a link that leads to a blacklisted site.

He later confirmed – on Twitter – that the microblogging site was using Google Safe Browsing API, an experimental API that allows client applications to check URLs against an updated Google blacklist.

Twitter has become a bigger target for hackers taking advantage of its explosion in popularity.

This Easter, Twitter suffered four separate worm attacks that encouraged users to click on a link which infected them and made them automatically send out messages to friends with the same link.

Twitter has not replied to request for comment by time of writing.

By Asavin Wattanajantra from www.itpro.co.uk