Combating Spam

Spam is a global problem that affects everyone with an Internet-accessible email address. It is not just a frustration anymore; it affects many things including an organization's ability to be productive among other things. In Chapters 11 and Chapter 13, "Transport-Level Security," many methods and features such as blocking attachments, filtering, and preventing Web beaconing were examined to help prevent spam in the organization. To continue with that examination, the following sections describe common best practices to minimize or alleviate spam.

Use Blacklists

Many companies are unknowingly serving as open relays, which aid spammers by essentially permitting them to use the company's messaging system for unsolicited email. When a company or domain is reported as an open relay, the domain can be placed on a blacklist. This blacklist in turn can be used by other companies to prevent incoming mail from a known open relay source. Blacklists are useful because they can help prevent spam.

You can find some organizations that maintain blacklists at the following addresses:

• http://www.dsbl.org

• http://www.mail-abuse.com

• http://www.spamcop.net

• http://ordb.org

Report Spammers

Organizations and laws are getting tougher on spammers, but spam prevention requires users and organizations to report the abuse. Although this often is a difficult task because many times the source is undecipherable, it is nonetheless important to take a proactive stance and report abuses .

Users should contact the system administrator or help desk if they receive or continue to receive spam, virus hoaxes , and other such fraudulent offers. System administrators should report spammers and contact mail abuse organizations, such as the ones listed earlier in the section "Use Blacklists." System administrators must also use discretion based on the offense, the frequency, and the possible ramifications of various ways of dealing with the spam. For instance, if a few spam messages appear to originate from yahoo.com it might serve the company better to filter messages based on a message's language contents rather than blocking the entire domain.

Use a Third-Party Antispam Product

Microsoft has equipped users, system administrators, and third-party organizations with the tools necessary to combat spam. Using third-party products strengthens the company's defense and complements the tools that Microsoft provides in Exchange Server 2003. Third-party products also provide a multitude of features that help with reporting, customizations, and filtering mechanisms to keep only the unwanted mail away from the messaging environment and users.

Do Not Use Open SMTP Relays

By default, Exchange Server 2003 is not configured to allow open relays. If an SMTP relay is necessary in the messaging environment, take the necessary precautions to ensure that only authorized users or systems have access to these SMTP relays.

Use the Work Email Address for Work Only

Although this is self-expanatory, it is important to note that this policy and practice not only helps minimize spam in the workplace but it also helps prevent the messaging environment from being used for unauthorized purposes. It is recommended for everyone, including system administrators, to use a personal email address for subscribing to or signing up for non “business- related services.

Take Caution When Sharing Your Email Address

Whether you use your email address for business or non-business purposes, think twice before giving away your email address. Some people have gone so far as to not list their email address on business cards. Others use a secondary email address for those higher-risk situations. Take the time to determine the appropriateness of giving out your email address and be aware of the possible consequences.

Look for Privacy Statements and Mailing Options

When submitting information through an online form, look for a privacy statement and mailing options. Make sure the statement includes protection of all your information, including your email address, and make sure that you are not opting to be put on a mailing list.

Remove or "Unsubscribe" at Your Own Discretion

A general rule of thumb to follow is that if it looks like spam, it probably is. Removing your name or "unsubscribing" only validates your account and can result in more spam.