Slashdot Mirror
MSNBC: Offices Remain Spam Free Zones
Makarand writes "Thanks to a good job done by the tech staff and filtering software, office
workers in the US are not bothered by spam mail and the value of email
communications has not eroded. A survey conducted by Pew Internet & American
Life Project, whose findings are reported in this article by MSNBC.com, found that spam is certainly a problem for personal email accounts but not
for company provided email accounts. This is contrary to the
perception that American workers are wasting too much time battling spam." YMMV.
I see the crap our managers have to filter out at work. Its not so much external spam as it is internal spam. Example, 10 people discussing what they'll have for lunch in 10 minutes, over 20 emails. CCed to everyone.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
I think that home users don't have the resources, know-how, or time to work out an effective anti-spam system.
I can't even find a good IMAP spam filter!
Random is the New Order.
MM(F)V
Simon.
Physicists get Hadrons!
--Signature Spam
Sex - Find It
In part, certainly, but I wonder how much of the difference is due to the fact that spammers have a harder time getting work addresses. They're a lot less likely to be on public web pages, they're not used in chat rooms and they're much harder to generate by brute force.
What I'm listening to now on Pandora...
...because tech workers are embracing it! I mean, why fight spam when it offers to enlarge your penis by 237% in 48 hours? This is truly a golden age of technology! Hallelujah!
I wonder how much the lack of spam hitting business email accounts is because companies install spam filters? Our company throws all inbound email through spamassassin, and it works great.
Maybe company employees are wary of entering their email addresses into such forms as, "Money waiting for you! Enter email address:" and, "Find out who has a crush on you! Enter email address:".
Of course, we all know what this report means: spammers still have left some rocks unturned, and thus there is room to grow even if internet usage stagnates.
Rejoice!
Good filtering software, along with good filters, really makes the difference.
.cmd? .bat? .vbs? The other 18 I specified? Matched something in the antivirus pattern file? Delete the attachment, regardless of the source.
At work I use a product which allows me to filter on multiple levels:
1. Allow. If it's on the domain list, IP list, or if the message contains any of the keywords in the list, it's allowed through.
2. IP blacklisting. IP address matches? Delete it.
3. Domain name blacklisting. Domain name matches? Delete it.
4. Content filtering. Meets any of the content filters? Quarantine it.
5. Attachment blocking.
Virus infections in the past year? 0 workstations, 0 servers. Number of spams/day before companywide? Averaged about 800 for 25 users. Now? About 20 for 25 users.
Cost of the product? $1500 for the server license for both products. I'm happy.
-----
I don't do anything to filter out spam. There isn't much spam, though. The only people that actually get spam are those in the IT department who post to newsgroups. I am quite certain that newsgroups are the source of the spam that I get at work. It started within 48 hours of the first time I made the mistake and used my real email address. The problem is that Google archives all of the newsgroup postings, so my email address is forever sitting in an easily harvested place.
I get very little spam through my office e-mail. I don't know whether our admins use spam filters, but I have always attributed the low spam rate to the way I use the e-mail address. I use it mostly for internal e-mail, and I seldom give it to anybody outside the company. It doesn't show up in postings to Usenet (in a Reply-to field, for example), I don't use it to register at sites like nytimes.com, and I don't give it to people I don't know. That's not because I intentionally keep it a big secret, it's just a side effect of the way I work - I don't have much reason to give out my e-mail address. I believe that my lack of spam at the office can be credited to limited exposure.
Contrariwise, I wouldn't be surprised if there are people who get tons of e-mail at the office.
--Jim
Now let's see a study to show how much effort IT departments are putting in around the country (or world) to eliminate SPAM in the office place.
I work for a major computer manufacturer (I'll give you a hint, we are again number one in personal PC sales), and I never see spam at work.
But how much money does my company pay a year for me to not see spam?
just not for work email addresses. C'mon, who hasn't checked their private email account from work?
Its called 'being on a distribution list'. I get so much e-mail I don't care about, I had to create a rule so that any mail sent only to me is placed directly in my inbox, otherwise it gets moved to another directory...
DILBERT:
Panel 1:
To: All Users
From: Network Admin
Please refrain from frivolous E-mail. It bogs down
the network.
Panel 2:
To: Network Admin
From: Dilbert
cc: All Users
I agree.
Panel 3:
Dilbert says, "Have you noticed there's too much
communication in the world, Dogbert?"
Dogbert says, "Yeah, every day at about this time."
well, the company i work at uses a small web hosting co for mail/www and i swear they sell my address... i almost shat in my seat when one of my [female] coworkers walked by and i was sifting through my mail by pressing the down arrow (50:1 spam ratio) and suddenly an ENORMOUS pair of breasts fills the preview pane of outlook. bit of an awkward silence after that. needless to say, i've been a bit more vigilant about spam filtering since then :)
"Where are we going, and why am I in this handbasket?"
Similarly, I currently have an email account with my university, but I use it almost exclusively for academic-related communications, and I've not received one spam email at that address in over a year now. And, I doubt the university has invested much money in spam filters for student email accounts.
Naaaa... you really think spammers are going to look through their thousands or millions of email addresses and remove the ones they think are for corporations? Not gonna happen.
I get all of my spams on my corporate account. I've had it for 6 years, so there's been time for the spammers to find it. Not to mention the marketing folks sign me up for all sorts of trade shows and I get targeted spams.
I've pointed our IT folks to SpamAssasin (which, coincidentally, was written by one of the former IT guys at my company!) but they won't use it as is because they're afraid there's a chance we could lose a single valid email. So I just run an individual version from DeerSoft in my Outlook client.
Interestingly about 90% of my spams are to an email address which has never even been VALID for me at the company, but when we switched to Exchange they entered about 40 different email addresses for me consisting of all sorts of permutations of my name and initials and lots of THOSE get spam. I need to configure my spam blocker to block the one offending recipient... gotta remember next time I'm in the office.
Any time saved in this fashion is wasted when everyone leaves their desk to tell you that you left your cover sheet off this week's TPS report.
?-|||-----x<*))))><
Everyone needs to check out popfile.sourceforge.net. It's GPL, dead easy to set up and use, and quite frankly, it's brilliant. It uses naive Bayesian filtering, catches about 99% of my spam, and rarely if ever catches a non spam message by mistake. Spammers are going to HATE this tool. Try it. You won't be sorry.
Hotmail is notoriously bad about spam. Their filters are easily the worst, and the "Junk Mail" folder only seems to catch a small fraction of the incoming spam, while filing away a good portion of vaild incoming messages. They also seem to have no protection against email bombing. I had a lame spammer mail bomb me overnight with a few hundred duplicates advertising NEW LOW MORGTAGE RATES, and Hotmail kindly managed to place the messages in the Junk Mail folder... and then disabled my account for going over the mailbox limit. And this happened three seperate times, over the course of a couple weeks, once when I was on vacation, and I missed who knows how many valid emails when I returned.
I ditched Hotmail shortly after that.
I wonder if the filters that are used by corporate America could be used by Hotmail, actually I wonder why they are not.
Because Microsoft caters to internet advertising companies. Internet Explorer alone can tell you that. I wouldn't be surprised if MS left Hotmail open to spam on purpose, while pocketing a few extra bucks from spam kings.
the spam I receive at work from outside the company or the emails from within. First, if it's spam I can usually tell from the subject line. Easy to delete. The emails from within require me to at least read it. And once people learned that they can use nice, pretty and extremely huge, clip art I've found that bringing up that important email to "everyone" is a real time waster.
In addition, far too many people where I work will email a subject to death. Coupled with a large CC: to population along with the "reply to all button" some subjects just won't die the undignified death they deserve. And, you have to read every one because of the odd one that may contain useful information.
I swear, what once took a 1 minute phone call to resolve now results in 20-30 emails back and forth. The only good thing I see is the CYA factor. I've saved my butt a couple of times being able to forward a message that I sent long ago, that apparently was never read. Why wasn't it read? Must have been deleted with along with the spam!
Seriously though, I spend far too much time wading through needless email at work than I do spam.
We use spamcop.net at work. It's gets 95% of the spam. The thing which made us move on it was female employees complaining of sexually explicit spam from porn sites--with an HTML enabled mail reader, sometimes the first thing they saw was some pornographic picture.
Unless a company makes a best effort to protect people from exposure to offensive material (as defined by them, within reason), the company could be sued by the employee for creating a hostile workplace. While I haven't heard of cases of this yet, it's only a matter of time. (I hope I didn't give anyone any ideas here...)
We've been experimenting with spamassassin, and it's roughly as good as spamcop (as to how much spam gets through to the end user), but it's free. Note: spamcop and spamassassin have to completely different approaches to determining what is spam.
Does hotmail sell lists?"
I wouldn't put it past them.
"Or are there people and bots that just put together random strings of possible user names?"
For sure. There are enough usernames on hotmail to make it worthwhile.
"Does hotmail try to filter these"
Unlikely. This spam makes you more likely to either leave or pay for a bigger inbox so your messages are not auto-deleted to make room for more spam. Either way, MSFT makes money.
SpamAssassin is ready for exchange.
Deersoft.com
Just because end users don't see the spam doesn't mean there isn't a cost. How much time is spent creating software to combat spam? How many hours do admins spend dealing with spam before it even reaches users? How much time do users have to spend circumventing anti-spam filters to send/receive legitimate email?
These are just a few of the obvious costs related to keeping spam out of user mailboxes. It would probably boggle the mind to know the actual cost of keeping spam out of Suzy or Sammy Secretary's mailbox.
I perfer yahoo's "This is spam" thing for reporting it is spam. Although in my hotmail I have filters for cathing the emails with addresses ending in .phd, .now, .you, and the ones like that. (Heck, I even added those to the filters to my primary yahoo account).
I agree though, I get spam on the hotmail, although I have only given to a few friends(7) and never used it any where else, total email from friends is like 1 msg/month or less, because most send it to my yahoo account. Now yahoo, I have an account that I haven't really used that my friends now and it gets no spam messages.
Course right now biggest problem with hotmail is that I can't use my unaltered last name with it, "Glasscock", tells me to use a different one or something... ("Glassc0ck" works but it bugs me that their filter on words won't let me use it unaltered. Anybody else with real names that hotmail doesn't like?)
hrm, we use complex filtering software and techniques, and i still get lots of spam. i receive about 200 work related emails each day to a certain account, and about 25% of that is spam.
...
what i really wonder though is how many legitimate (non-spams) emails i never receive because of filtering software! i frequently get email or calls from people who claim they sent email that i never received. i also frequently get mailing list bounce warning emails (primarily from securityfocus lists though) claiming that emails sent to me are bouncing. hrm
-- ken williams
with an HTML enabled mail reader, sometimes the first thing they saw was some pornographic picture.
The obvious solution would be to not use an HTML "enabled" mail reader...
May we never see th
Yeah yeah, blah blah blah...
Get real man. Show me how many of the spam whiners are paying per byte. Show me how the cost of their email account or internet service would be less because of spam.
I work for a Rather Large Company (tm) and was tasked with architecting the mailgate for the entire company. Several requirements:
1) Ingress spam & virus filtration;
2) LDAP directory integration;
3) Message address rewriting on ingress & egress.
See, I was tasked with this when our company merged with 3 other ones, so we had a mess of Exchange and Notes servers out there. The idea was for me (your friendly local Unix sysadmin) to build a single ingress/egress point (my boxes) while the NT admins rebuilt all the exchange & notes servers into one coherent infrastructure. (That's a lot of work with ~40,000 employees!)
Anywho, the way I did it was to install a pair of Sun boxes in our DMZ with Trend Micro VirusWall on it, as well as their eManager product. That handles our ingress spam & virus filtration. That product proxies an inbound connection on port 25 to another pair of Sun boxen that run Sendmail gateways, which, thanks to some custom rules, do the LDAP lookups & address translations.
So we have multiple levels of SPAM & virus filtration -- the Trend stuff is very simplistic, crappy, relatively undocumented code, and works exactly as designed. As much as it looks amateurish to me, I can't help but to recommend it because it Just Freakin' Works. Also, if you're a big enough fish, the folks at Trend are incredibly friendly & helpful -- several of our suggestions made it into the product.
Someone high-up in our organization decided after Nimda and Code Red that all inbound messages with attachments should be quarantined for an hour, because Trend promised virus pattern updates within an hour after a virus outbreak. We were able to graft that on using some shell scripts. Works just peachy.
Between Trend Micro & Sendmail, we've got a GREAT solution that gives us plenty of filters. We have all the spam & anti-virus filters using Trend, and can block or redirect by domain using a mailertable with Sendmail. Also, the LDAP support in Sendmail wasn't very good when we started integrating that (8.10 was the first usable LDAP release), but by 8.12, it works great. We redirect the message internal to the company based on what's in LDAP, and it works flawlessly for ~1 million messages/day.
Tastes great, less filling. And mostly free software (Sendmail was free, as was the Directory Server, since that license comes with Solaris.) All we paid for was the Trend Micro stuff, which we had a site license for anyway since we use it on the Exchange servers as well.
So yeah, I'd have to agree that SPAM isn't NEARLY the problem at work that it is at home. Also, since we got the Exchange servers out of the SMTP business and "just" for mailboxes, we haven't had a virus outbreak since. Lovely!
--NBVB
Sorry, but *that* was marked up as 'Interesting'?
Personally, I loathe advertising. Spam is just another form of that. Filtering out all that trash bothers me a *lot*.
And yes, it is expensive. My parents live in South Africa, downloading their email through a little 56K modem (which rarely hits over 9600, thanks to the lousy ISP). They pay per KB and per minute. Think they don't mind "just pressing delete"?
I'm lucky - I sit in Germany with an unlimited DSL line - and it *still* bothers me. Spam is on the verge of making my accounts unusable.
Bah. You sound a little like that idiot I read who called himself "all-american free-speech spammer".
Ciao,
Klaus
Free PC version of ChipWits at http://www.breueronline.de/klaus/chipwits/
That is how the spam war will end: The spammers will become sophisticated enough that no matter what we do, any filter we try to use will result in too many false positives (falsely labelled "spam") to be of any use
At this point people will most probably switch to whitelists or somesort, however I had a horrible thought once when thinking about this.
<horrible_thought>
Another approach other than a whitelist is to include a signature like PGP in the email. This could be placed in the headers of the mail and attached by the mail client. Mail servers could have an option to check these signatures automatically, or the signature can be checked by the recieving mail client at the expense of a bit more bandwidth. Once the clients can transparently sign and verify messages this means that a user can choose to only to accept signed messages (i.e. I don't add you to a whitelist but you need a valid key). These keys need to be managed by some central authority which revokes keys if they are found to be used by spam, therefy causing all the messages sent to be useless.
My horrible thought is that MS is in the best position to offer this becasue of the Outlook/Hotmail dominance. They would call it their spam inititive and ship all updates to outlook with this feature, the next update when the feature is widespread would auto-enable the feature. This would block out most mail to and from non MS agents in the name of fighting SPAM.
</horrible_thought>
He who defends everything, defends nothing. -- Fredrick The Great
Are they a member of the American Association Against Acronym Abuse Alliance?
I don't approve of their methods, so I am a member of the Anti American Association Against Acronym Abuse Alliance Activists (not to be confused with the Anti-American Association Against Acronym Abuse Alliance Activists, some group of Albanians).