Print
Discuss
Send to friend
RSS feeds
Share with me this enjoyable little statistic: 30 percent of all email on the Internet is unsolicited, bulk mail - spam. And worse, estimates suggest that by July of this year spam will exceed other types of email.
Spam must be the most pernicious and irritating aspect of modern life; a phenomenon that reportedly costs businesses worldwide about $9bn each year.
If spam makes up nearly a third of email transmissions then this translates into a massive data storage requirement for terabytes of worse-than-frivolous garbage. And that makes it a security issue.
Information security systems are designed to preserve the integrity, the availability and the confidentiality of information processing resources and the data that they store or transmit. Since spam clogs up transmission, storage and computer processing, it presents a challenge to the availability of the systems. Combating spam is therefore a responsibility for information security teams.
Saying that is easy, actually doing something about is another matter.
The more obvious spam can be blocked: by screening on the basis of author, originating domain, or some more intelligent analysis of the subject line.
The screening can be done at the mail gateway, the mail server, or at the local client. But no matter where this screening is done, and despite protestations to the contrary by the creators of such screening software, it is far from guaranteed to do more than skim off a tiny fraction of the global spam pollution. And even Hotmail, Yahoo and other "anonymous" email providers can do little to impede the growth of bulk email, despite Hotmail's attempts to limit the daily numbers of allowed transmissions from unpaid for accounts.
Another mechanism is to try to stop users' email account details from being obtained by the spam operators. Email addresses may be obtained when users provide their details to Web sites, for example. These details are sometimes shared, sold, and distributed and may reach the hands of spammers. Proposed international accords on distance selling may restrict this practice, though it will not prevent hardened spam marketers from continuing what is clearly a lucrative trade.
A better approach for security management is, quite simply, for firms to ensure that they are not a part of the problem. With many mail gateways it is possible to connect to the POP3 service and then to issue a set of mail control commands. These commands may persuade the gateway to duplicate and forward messages to thousands of unfortunate recipients. A simple configuration change in the mail gateway can inhibit these commands, preventing them from working. This strikes a blow against the spam operators, and it is far more effective than naively clicking on the useless "remove me" link in many of the spam emails.
Working together, we can conquer spam.
Have your say: reply to IT Week
del.icio.us
Digg this
reddit!
