Antispam tactics

Anti-spam tactics Use the Check Point Software firewall Content Vectoring Protocol (CVP) and Open Platform for Security framework to enforce security policy at the firewall and perform antispam filtering.

Scanning at the firewall inspects packets and identifies the SMTP sessions. SMTP traffic is segregated and routed to a separate third-party CVP server, such as Brightmail or TrendMicro eManager, where the data is scoured and policy is applied that may quarantine or delete e-mail or route back clean messages on to users.

Fighting spam
Spam U
Antispam products
How spammers get your e-mail address

Use the settings on Novell GroupWise Internet agent to:

Enable mailbomb protection and set a threshold for an acceptable security level.

Prevent future mailbombs from the mailbomb sender by identifying the sender's IP address in the Internet Agent's Operation screen, then restricting access to your system by that IP address with Access Control settings.

Other configuration tactics:

Configure firewall rules and native Sendmail filters on Unix to examine and block specific IP addresses.

Apply rules for pattern matching to block spoofed source addresses, specific text strings.

Set a threshold to quarantine mail based on the number of messages and message recipients.

Segregate inbound and outbound mail traffic by deploying two servers, one external to the firewall for accepting mail, the other inside the firewall dedicated to sending mail.

Place the SMTP server inside the firewall.

Apply primary filter measures at the gateway.

Disable mail relay and validate all requests for third-party relay.

Configure firewalls and SMTP gateways to perform reverse DNS look-ups.

Configure mail servers not to divulge e-mail addresses.

Configure thresholds to delay mail runs of 500-plus recipients from one sender for off-hour processing.

Configure servers to reject mail from senders at illegitimate domains.

Do extensive logging on SMTP gateway for reporting and review.

Filtering tips:

Run policy-driven spam, virus and content filtering on one server to scour the mail in one process.

Use content-filtering software to enforce e-mail use policy on inbound and outgoing mail.

Apply filters in combination on firewalls, SMTP gateway, local mailbox servers and client desktops.

Create filters using sender, subject or text string to delete/quarantine replicated mail sends from one sender.

Configure spam-filtering options on antivirus software.

Filter e-mail headers for improper usage such as lack of client Outlook or Eudora variables.

Filter for series of messages addressed to invalid addresses, multiple combinations of names.

Use key word search and IP address blocking (blacklists) in combination.

Apply white lists (lists of trusted recipients).

Block e-mail based on flesh tone detection.

Filter phrases such as "lose weight," "make money fast," credit card numbers and multiple exclamation points.

Useful tips from the field:

Don't include the SMTP address in the browser configuration when you set up the PC.

Disable Microsoft Outlook preview pane.

Ban e-mail with HTML and Java scripts.

Select an ISP provider with spam-filtering options.

Evaluate associated costs for technology and staffing to filter in-house vs. a spam-filtering service.

Report spammers to appropriate administrators of the system where the mail originated.

Report fraud e-mail to the Federal Trade Commission.

Avoid publishing e-mail addresses on your Web site.

Post a request for contact information form or use a Java script to generate e-mail addresses dynamically.

Use complex e-mail addresses with mixed characters to avoid harvesting and autogenerated addressing.

Consider using a token-based e-mail system, Pretty Good Privacy or other encryption technologies to authenticate senders.

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Antispam tactics

Related Links