Spam, or more accurately Unsolicited Commercial Email, is still on the rise, with some estimates measuring it at 90% of all email traffic. It’s a nuisance for users, a storage nightmare for admins, and often a vector for phishing attacks and malware. Using a defense in depth approach, this article provides steps an email administrator can take to protect their network from spam.
Step one-user training
Users should be educated on how their actions can lead to or reduce the amount of spam destined for their inbox. Using corporate email for personal use, subscribing to mailing lists, registering their email address for promotions and giveaways, and forwarding chain mails are all vectors that can lead to spam. Consider disabling html support to prevent downloads that can confirm an address is valid, as well as to reduce the risk of email based malware.
Step two-web content
Step three-tighten up your SMTP gateway
Disabling the verify command (VRFY) on your SMTP gateway makes it that much harder for spammers to check for valid email addresses. If supported, implement a delay before your server responds to a request with its banner. Legitimate email servers will wait for the 220 response before trying to send email, while many programs/scripts used by spammers will not. Your server can then drop email from this misbehaving sender. If your SMTP gateway supports Quit detection, configure it to drop email that it receives from a host that don’t close the session properly. Legitimate email servers end a session with the QUIT command, but many programs/scripts used by spammers don’t.
Step four-Check for MX and SPF records
Email servers that can receive mail should all have valid MX records in DNS. Those that send email should also have SPF records. Sender Policy Framework (SPF) records are txt records in a DNS zone that list servers authorized to send email on behalf of a domain. Configure your SMTP gateway to check for MX and SPF records when accepting an email to verify the sending domain of the from address matches what is in DNS. You may have to soft fail some messages until SPF gains in popularity, but this can help later lines of defense to identify spam.
Step five-Configure limits on your incoming SMTP gateway
Configure your email server to limit the number of addressees in an individual message, the total number of messages from a specific ip.addr during a set time, and to automatically reject any email from source ip.addrs that violate these limits.
Step six-Implement quality filtering software
Software should be added to the email system to perform anti-spam and anti-malware checks on messages before they get to the user’s inbox. Look for features like reputation checking, key word checking, Bayesian filtering, DNS blocking lists, attachment spam blocking, robust logging, archiving, and white/black/greylisting. You want software that can minimize false positives, maximize successful blocking, and that can be configured to always pass key communications from business partners if necessary. The software should also support user self-service for checking/releasing email, and recommendations for whitelisting to reduce the administrative overhead.
Step seven-Keep your mail clients up to date
Many email clients have their own junk mail or spam filters and a special folder for storing messages identified as spam. It is critical to keep up with patches and updates to these client-based filters. Better server-based filtering solutions can work with the client software to deliver email identified as possible spam to the user’s junk mail folder for easier user self-service.
Step eight-Ensure your systems are not a part of the problem
Spammers love to take advantage of legitimate email systems to send their messages. Make certain that your system is not an open relay. Use MX and SPF records for all your outgoing traffic. Select filtering software that can perform the same services on outgoing email as it does for incoming, and set sensible limits on the number of emails a user can send, and the number of recipients on a single message. If your company uses mailing lists, make sure that they only use “opt-in” mailing lists that comply with the requirements of the CAN-SPAM Act of 2003. Act immediately on unsubscribe requests, and make sure that you remove addresses from the list that generate NDRs. Periodically requesting subscribers to confirm their opt-in also helps to ensure your emails are not viewed as spam.
Used together, these eight simple steps will help protect your network from spam, your users from malware, and greatly reduce the amount of junk email that reaches your users’ inboxes, takes up valuable storage space, and adds to the load on your servers.
Would you like to know more?
· CAN-SPAM Act of 2003 http://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003
· MailRadar Open relay test http://www.mailradar.com/openrelay/
· Email address munger/encoder http://www.addressmunger.com/
Tips to protect your network from spam http://www.allspammedup.com/
· GFI anti-spam solution software can be found at http://www.gfi.com/mes
This guest post was provided by Ed Fisher on behalf of GFI Software Ltd.