Slashdot Mirror
MSNBC: Offices Remain Spam Free Zones
Makarand writes "Thanks to a good job done by the tech staff and filtering software, office
workers in the US are not bothered by spam mail and the value of email
communications has not eroded. A survey conducted by Pew Internet & American
Life Project, whose findings are reported in this article by MSNBC.com, found that spam is certainly a problem for personal email accounts but not
for company provided email accounts. This is contrary to the
perception that American workers are wasting too much time battling spam." YMMV.
The real problem with home users is that 0.04% of them (read morons) actually buy the stuff being solicited. Talk about a minority rule. The best anti-spam algorithm is thus: "Don't buy their shit".
For those clueless like me, "Your Mileage May Vary"... Acronyms getting out of control...
I agree with everything else but this.
Most companies I know of use a very simply firstname.lastname@company.com pattern for email addresses. Combine this with relatively easy to get listing of employees, and you have a spammers delight.
Very good point. Several of my associates at my local LUG are admins. They go through a lot of effort to filter spam. I'd say it is still taking up the same amount of bandwith, just the end user is not seeing it.
Just a Tuna in the Sea of Life
I can't even find a good IMAP spam filter!
... :)
If you have access to the IMAP server, like I do, I recommend using Spamprobe. It's a Bayesian filter and, along with a few procmail filters to weed out Asian spam, my inbox remains pretty clean.
Now, if someone would make a half-decent IMAP *client*
Tuus crepidae innexilis sunt.
Everyone needs to check out popfile.sourceforge.net. It's GPL, dead easy to set up and use, and quite frankly, it's brilliant. It uses naive Bayesian filtering, catches about 99% of my spam, and rarely if ever catches a non spam message by mistake. Spammers are going to HATE this tool. Try it. You won't be sorry.
Prove it using sneakemail. It's too late for you to do anything about netop now, but using sneakemail can save you a lot of aggravation since you set up an e-mail address PER mailing list. If you get spam at one of them, you know who sold your address.
Also, don't use your real e-mail address for anything related to comdex!!!!! You will drown under the spam.
We use spamcop.net at work. It's gets 95% of the spam. The thing which made us move on it was female employees complaining of sexually explicit spam from porn sites--with an HTML enabled mail reader, sometimes the first thing they saw was some pornographic picture.
Unless a company makes a best effort to protect people from exposure to offensive material (as defined by them, within reason), the company could be sued by the employee for creating a hostile workplace. While I haven't heard of cases of this yet, it's only a matter of time. (I hope I didn't give anyone any ideas here...)
We've been experimenting with spamassassin, and it's roughly as good as spamcop (as to how much spam gets through to the end user), but it's free. Note: spamcop and spamassassin have to completely different approaches to determining what is spam.
You can get them deleted from Google, just like you could with Dejanews. I don't know how, since I just 'X-No-Archive: yes' my posts, but there is a way.
(I wonder how many individuals run scripts which permanently archive solely the posts that ask not to be.)
I suspect "Netop" sold thier email list, that was the last newsletter I opted in. But how do you prove it?
Use the method I use: Get your own domain name -- they're cheap and worth it for the control you get -- and set the email so that mail sent to undefined addresses forwards to you. Use an external account to read this email, and do *not* give this address to *anybody*. Then, when you sign up for a list at a place like Netop, give them netop@yourdomain.com as your address. Then, any spam you get as a result of them selling your address will be addressed to netop@ your domain, which is quite easy to detect.
This method has other advantages; it makes managing the email lists you are subscribed to easier, for instance. As far as places I have detected mining/address selling, Slashdot is mined quite often (as if it shouldn't be obvious). But the main advantages of this method are that it's easy to set up, requires no effort at all after you get it set up, and if an address at your domain starts getting spam, you can shut it down.
I pledge allegiance to the flag...
of the Corporate States of America...
SpamAssassin is ready for exchange.
Deersoft.com
You can remove the posts from googles archives, I dont have the link handy but peak around google.com and you'll find it in "privacy & security" or something like that...
It's an NT shop (was when I got there). Right now we use Trend Micro's OfficeScan for the anti-virus, and their ScanMail (with the eManager module) for the mail filtering.
The only reason we decided to purchase it is because doing something like this ourselves for Exchange was a royal pain in the arse to write. If we ran qmail or something, I'm sure I would've written a collection of scripts to do it.
-----
hrm, we use complex filtering software and techniques, and i still get lots of spam. i receive about 200 work related emails each day to a certain account, and about 25% of that is spam.
...
what i really wonder though is how many legitimate (non-spams) emails i never receive because of filtering software! i frequently get email or calls from people who claim they sent email that i never received. i also frequently get mailing list bounce warning emails (primarily from securityfocus lists though) claiming that emails sent to me are bouncing. hrm
-- ken williams
Some companies do have amazing filters that will filter anything that is close to spam. But imagine this: a helpdesk/tech support email address. I work for a department like that and spam makes up 90% of my total email. Also, some countries might not have laws about spam and even scams!
Though we might not care about what trouble other countries are in, but consider them as part of the commerce sector, and consider spam servers are mostly located in other countries.
10 people discussing what they'll have for lunch in 10 minutes
:-\
Wow. That got modded as funny. Funny, yea, I guess, but this happens almost everyday. Not just about lunch. Even true work stuff. What person needs permissions to what project, for instance. It has to go through a couple bosses (Office Space style...) in my company for me to be 'allowed' to re-permission a project (for good reason, sort of, but...), but all I need to know is 3 things:
1) Who
2) What project
3) When
That's it. But 10 or so people feel I need to see every damn mail talking about one tiny aspect of the companies day-to-day operations. Then there's all the "P.S." and "oh by the way" conversations in the mails. I've got to read every damn one incase there's a "something I was thinking about is..." applies to me or not...
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
If they're using Outlook, they should turn off the preview pane for the inbox. That should help good deal.
The link to remove posts from Google's usenet archive is here. There are a couple of stipulations in order for automatic removal to be possible. One, the "From" address on the usenet post must point to the real, unmunged email address under your control. Two, you must register and confirm a groups.google utility account from that same address (you can do so at the above link). The parent's parent's poster should be able to meet both of these qualifications.
If you find that you have a large number of posts that you need removed, I wrote a PHP script called NukePost which will remove huge batches from the Google archive at once. The script simulates a browser session and makes all the required, repetative form posts at Google's controller site for you. All you need are the Message-IDs of the offending posts. I may write a groups.google spider to retrieve those in the future.
In situations where it's obvious that you made the post but you can't qualify for automatic removal, an email to groups-support {at} google should get you taken care of. You need to include a few things in your message, details are here.
I've heard rumors that Google maintains a separate usenet archive for paying customers (i.e. governments, corporations) to browse, which does not honor the removal requests or the X-No-Archive header - though I have absolutely nothing to back that up with - so it's possible that nuking posts is a futile effort. It should keep the cheap spammers away, at least.
Shaun
PHPLabs Supersite
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
As an added bonus, you get to receive 3-4 additional publisher's clearinghouse sweepstakes entries based on the different names.
I work for a Rather Large Company (tm) and was tasked with architecting the mailgate for the entire company. Several requirements:
1) Ingress spam & virus filtration;
2) LDAP directory integration;
3) Message address rewriting on ingress & egress.
See, I was tasked with this when our company merged with 3 other ones, so we had a mess of Exchange and Notes servers out there. The idea was for me (your friendly local Unix sysadmin) to build a single ingress/egress point (my boxes) while the NT admins rebuilt all the exchange & notes servers into one coherent infrastructure. (That's a lot of work with ~40,000 employees!)
Anywho, the way I did it was to install a pair of Sun boxes in our DMZ with Trend Micro VirusWall on it, as well as their eManager product. That handles our ingress spam & virus filtration. That product proxies an inbound connection on port 25 to another pair of Sun boxen that run Sendmail gateways, which, thanks to some custom rules, do the LDAP lookups & address translations.
So we have multiple levels of SPAM & virus filtration -- the Trend stuff is very simplistic, crappy, relatively undocumented code, and works exactly as designed. As much as it looks amateurish to me, I can't help but to recommend it because it Just Freakin' Works. Also, if you're a big enough fish, the folks at Trend are incredibly friendly & helpful -- several of our suggestions made it into the product.
Someone high-up in our organization decided after Nimda and Code Red that all inbound messages with attachments should be quarantined for an hour, because Trend promised virus pattern updates within an hour after a virus outbreak. We were able to graft that on using some shell scripts. Works just peachy.
Between Trend Micro & Sendmail, we've got a GREAT solution that gives us plenty of filters. We have all the spam & anti-virus filters using Trend, and can block or redirect by domain using a mailertable with Sendmail. Also, the LDAP support in Sendmail wasn't very good when we started integrating that (8.10 was the first usable LDAP release), but by 8.12, it works great. We redirect the message internal to the company based on what's in LDAP, and it works flawlessly for ~1 million messages/day.
Tastes great, less filling. And mostly free software (Sendmail was free, as was the Directory Server, since that license comes with Solaris.) All we paid for was the Trend Micro stuff, which we had a site license for anyway since we use it on the Exchange servers as well.
So yeah, I'd have to agree that SPAM isn't NEARLY the problem at work that it is at home. Also, since we got the Exchange servers out of the SMTP business and "just" for mailboxes, we haven't had a virus outbreak since. Lovely!
--NBVB
Exactly.
I am the reason people here at the office don't have to deal with spam, and I certainly DO spend quite a bit of time fighting it.
On an average day, we accept about 15k e-mails and reject about 20k.
It certainly isn't a matter of the spammers leaving the workplace alone.
Hot Damn! It's the Soggy Bottom Boys!