This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to your colleagues, clients or customers, click the "Reprints" link at the top of any article.
From the October-01, 2008 issue of Credit Union Times Magazine • Subscribe!
Spam Threats Evolve, as Do Measures To Stay One Step Ahead of the Deluge
CAMBRIDGE, Mass. -- Spam is a fact of life these days.<p>No longer capturing headlines, except for the occasional indictment of a notorious spam king, junk e-mail nonetheless continues to clog the Internet, accounting for more than 70% of all e-mail.</p><p>Besides clogging inboxes, spammers are increasingly able to target specific groups of recipients, and the e-mail itself also can be a vector--carrying malware threats such as viruses, keystroke--logging Trojans and unwitting connections to botnets used to take over computers and make them engines for further transmission of spam.</p><p>Dealing with it also continues to be a serious investment in time and resources for individuals and any organization with an e-mail presence, including credit unions. A Forrester Research analyst who studies spam said she doesn't see it going away anytime soon.</p><p>"Companies still struggle to keep up with spam volume and attack tactics years after spam first became a serious problem," said the Cambridge-based think firm's Chenxi Wang, "and many see a continued investment drain for spam management."</p><p>Her top-line advice: "To keep a step ahead of spammers, organizations should adopt a hybrid of filtering solutions, strengthen this connection to management technologies, and treat anti-spam as part of a wider e-mail content security strategy that includes content protection and compliance."</p><p>In a recent report titled Spam Management Best Practices, Chang noted that spammers continue to evolve in sophistication and are part of a greater community of cyber criminals.</p><p>"Our analysis into malware, spam, phishing and emerging threats reveals an extremely dynamic threat landscape, fueled by an organized underground economy. Trust on the Internet is increasingly elusive as more and more trusted sites become unwitting participants in proliferating attacks," she said in the report.</p><p>That said, "Although it's impossible to eradicate spam completely from the Internet today, organizations can alleviate the problem by adopting recommended practices, from both policy and technological perspectives," Chang said.</p><p>Those policy practices include "taking a rough axe to the blatant spam messages." That means blocking messages in the definite spam category, such as pornography, phishing and financial solicitations.</p><p>Newsletters, political campaigns and product marketing messages also might fit into that category, but not always.</p><p>"One man's spam is another man's useful newsletter," Chang pointed out, recommending the adoption of user-specific filtering policies, such as allowing marketing messages to go to the sales groups and executable files to engineering personnel.</p><p>Technology management techniques, meanwhile, include blacklists, whitelists, sender reputation, rate controls and recipient verification--techniques that filters the bulk of the e-mail coming in and allows for more in-depth content analysis downstream, Chang said.</p><p>The Forrester analyst also recommended leveraging self-management tools that allow users to then make filtering choices, and to manage bounce specifications. Spammers use bounce messages to collect valid e-mail addresses, Chang said. She suggested limiting the number of external bounce notifications for unreachable addresses.</p><p>"An example is to only send bounce notifications to certain trusted domains or rate-limit the number of notifications to a single source," she said. "You should look to antispam technologies that support the implementation of such policies."</p><p>Vendors mentioned in Chang's report include IronPort Systems, Spamhaus, 510 Software Group, Secure Computing and Tumbleweed.</p><p>Like many areas of endeavors not defined by a calculator and the bottom line, success in spam control is typically measured in the breach.</p><p>A good antispam solution should only require a few minutes per day to manage, Chang said, should not allow more than one false negative block per user per day, and should allow only a false positive every 200,000 messages.</p><p>And, she said, "It should be obvious from your user feedback whether you're doing a good job."</p><p>"In fact, sometimes the best indication of a successful anti-spam deployment is that you hear less or nothing from your users. The decrease of complaints in this subject area is silent kudos."</p><p>--firstname.lastname@example.org</p>
Want the latest credit union news?
Sign up for our free newsletter today! All the breaking credit union news and information you need to make the right decision for your credit union delivered to your inbox. For free!
Thanks for subscribing, you will start receiving the Daily News Alert tomorrow!