MSNBC: Offices Remain Spam Free Zones

Makarand writes "Thanks to a good job done by the tech staff and filtering software, office workers in the US are not bothered by spam mail and the value of email communications has not eroded. A survey conducted by Pew Internet & American Life Project, whose findings are reported in this article by MSNBC.com, found that spam is certainly a problem for personal email accounts but not for company provided email accounts. This is contrary to the perception that American workers are wasting too much time battling spam." YMMV.

Or just lack of exposure?

[Otter]

Thanks to a good job done by the tech staff and filtering software...

In part, certainly, but I wonder how much of the difference is due to the fact that spammers have a harder time getting work addresses. They're a lot less likely to be on public web pages, they're not used in chat rooms and they're much harder to generate by brute force.

Re:Or just lack of exposure?

[Ace905]

I'm a bit of a self-proclaimed expert in this area ; my software company developed 'Spam Interceptor' and in the initial stages of development almost all of our time was spent doing research on how email addresses are collected. We looked at MonsterHut's collection practices (Having known the former CEO) and moved on from their.

For the most part, I believe Business addresses are easier and more 'enticing' to collect. Every individual has different browsing habits, but for the most part - businesses in particular sectors tend to list themselves in very specific databases, are more likely to have the receptionist or researcher that signs up for mailing lists, and business domains are easier to identify. Some spiders look specifically for "INC." in the whois database - just as google does.

With the companies I am personally involved with, we do not receive Nigerian Scam Emails until we are listed in a business directory - but how can you avoid the publicity business directories offer? It's not easy. Online businesses start receiving resumes around the same time. We received resumes before our home page was complete - people didn't even know what we did as a company, and that's the only way we knew they hadn't, "Been following the progress of our company for some time and [felt] very enthusiastic about working for us". I mean, these are just job-seekers with an automated resume distribution. Imagine if they made money simply by finding us.

I don't want to get into too many details on business address collection techniques - let the spammers brainstorm them all over again. But I am certain the very fact that a business is a business - makes them more enticing to a wider range of higher-priced products and services. The collection of addresses, no matter the problems will be overcome, and in my experience have been overcome.

Spamassassin at work?

[jridley]

I wonder how much the lack of spam hitting business email accounts is because companies install spam filters? Our company throws all inbound email through spamassassin, and it works great.

We have no real problem either...

[Magus311X]

Good filtering software, along with good filters, really makes the difference.

At work I use a product which allows me to filter on multiple levels:

1. Allow. If it's on the domain list, IP list, or if the message contains any of the keywords in the list, it's allowed through.

2. IP blacklisting. IP address matches? Delete it.

3. Domain name blacklisting. Domain name matches? Delete it.

4. Content filtering. Meets any of the content filters? Quarantine it.

5. Attachment blocking. .cmd? .bat? .vbs? The other 18 I specified? Matched something in the antivirus pattern file? Delete the attachment, regardless of the source.

Virus infections in the past year? 0 workstations, 0 servers. Number of spams/day before companywide? Averaged about 800 for 25 users. Now? About 20 for 25 users.

Cost of the product? $1500 for the server license for both products. I'm happy.

-----

Re:We have no real problem either...

[Jucius+Maximus]

"Virus infections in the past year? 0 workstations, 0 servers. Number of spams/day before companywide? Averaged about 800 for 25 users. Now? About 20 for 25 users."

One more element that is necessary for big companies (not necessarily your 25 user network) is to block off hotmail, yahoo mail, etc. The company I used to work at had more than one thousand people on the corporate network and most of them weren't very smart about how to be safe when using computers. (And because of corporate policy we were forced to use Outlook + MSIE, which is not exactly safe either.)

When your network gets sufficiently big, you WILL have lamers that will infect the whole place from infections they got through hotmail. It doesn't matter how good your filtering is in that case.

When the corporate IT people finally closed off the popular webmail providers, we went from one unleashed virus every 2 weeks to one every 4 months.

Too bad for my users!

[bwalling]

I don't do anything to filter out spam. There isn't much spam, though. The only people that actually get spam are those in the IT department who post to newsgroups. I am quite certain that newsgroups are the source of the spam that I get at work. It started within 48 hours of the first time I made the mistake and used my real email address. The problem is that Google archives all of the newsgroup postings, so my email address is forever sitting in an easily harvested place.

My experience

[minesweeper]

Well, when I had a corporate email account about a year ago, I don't recall ever receiving one piece of spam. Granted, maybe this was due to some good filtering at the server level, but I think it's more due to the fact that I never used that email address for business outside of the company. I never used it to buy anything online or sign up for any service, or published it on any website. Also, the address was firstname.lastname@[companyname].com. I'm sure that makes it considerably harder for a spammer just to cycle though alphanumeric string hoping to hit a real address.

Similarly, I currently have an email account with my university, but I use it almost exclusively for academic-related communications, and I've not received one spam email at that address in over a year now. And, I doubt the university has invested much money in spam filters for student email accounts.

Re:big fish

Naaaa... you really think spammers are going to look through their thousands or millions of email addresses and remove the ones they think are for corporations? Not gonna happen.

I get all of my spams on my corporate account. I've had it for 6 years, so there's been time for the spammers to find it. Not to mention the marketing folks sign me up for all sorts of trade shows and I get targeted spams.

I've pointed our IT folks to SpamAssasin (which, coincidentally, was written by one of the former IT guys at my company!) but they won't use it as is because they're afraid there's a chance we could lose a single valid email. So I just run an individual version from DeerSoft in my Outlook client.

Interestingly about 90% of my spams are to an email address which has never even been VALID for me at the company, but when we switched to Exchange they entered about 40 different email addresses for me consisting of all sorts of permutations of my name and initials and lots of THOSE get spam. I need to configure my spam blocker to block the one offending recipient... gotta remember next time I'm in the office.

Easier fix

[0x0d0a]

with an HTML enabled mail reader, sometimes the first thing they saw was some pornographic picture.

The obvious solution would be to not use an HTML "enabled" mail reader...