Slashdot Mirror
MSNBC: Offices Remain Spam Free Zones
Makarand writes "Thanks to a good job done by the tech staff and filtering software, office
workers in the US are not bothered by spam mail and the value of email
communications has not eroded. A survey conducted by Pew Internet & American
Life Project, whose findings are reported in this article by MSNBC.com, found that spam is certainly a problem for personal email accounts but not
for company provided email accounts. This is contrary to the
perception that American workers are wasting too much time battling spam." YMMV.
I think that home users don't have the resources, know-how, or time to work out an effective anti-spam system.
I can't even find a good IMAP spam filter!
Random is the New Order.
--Signature Spam
Sex - Find It
In part, certainly, but I wonder how much of the difference is due to the fact that spammers have a harder time getting work addresses. They're a lot less likely to be on public web pages, they're not used in chat rooms and they're much harder to generate by brute force.
What I'm listening to now on Pandora...
...because tech workers are embracing it! I mean, why fight spam when it offers to enlarge your penis by 237% in 48 hours? This is truly a golden age of technology! Hallelujah!
I wonder how much the lack of spam hitting business email accounts is because companies install spam filters? Our company throws all inbound email through spamassassin, and it works great.
Good filtering software, along with good filters, really makes the difference.
.cmd? .bat? .vbs? The other 18 I specified? Matched something in the antivirus pattern file? Delete the attachment, regardless of the source.
At work I use a product which allows me to filter on multiple levels:
1. Allow. If it's on the domain list, IP list, or if the message contains any of the keywords in the list, it's allowed through.
2. IP blacklisting. IP address matches? Delete it.
3. Domain name blacklisting. Domain name matches? Delete it.
4. Content filtering. Meets any of the content filters? Quarantine it.
5. Attachment blocking.
Virus infections in the past year? 0 workstations, 0 servers. Number of spams/day before companywide? Averaged about 800 for 25 users. Now? About 20 for 25 users.
Cost of the product? $1500 for the server license for both products. I'm happy.
-----
I don't do anything to filter out spam. There isn't much spam, though. The only people that actually get spam are those in the IT department who post to newsgroups. I am quite certain that newsgroups are the source of the spam that I get at work. It started within 48 hours of the first time I made the mistake and used my real email address. The problem is that Google archives all of the newsgroup postings, so my email address is forever sitting in an easily harvested place.
I get very little spam through my office e-mail. I don't know whether our admins use spam filters, but I have always attributed the low spam rate to the way I use the e-mail address. I use it mostly for internal e-mail, and I seldom give it to anybody outside the company. It doesn't show up in postings to Usenet (in a Reply-to field, for example), I don't use it to register at sites like nytimes.com, and I don't give it to people I don't know. That's not because I intentionally keep it a big secret, it's just a side effect of the way I work - I don't have much reason to give out my e-mail address. I believe that my lack of spam at the office can be credited to limited exposure.
Contrariwise, I wouldn't be surprised if there are people who get tons of e-mail at the office.
--Jim
Now let's see a study to show how much effort IT departments are putting in around the country (or world) to eliminate SPAM in the office place.
I work for a major computer manufacturer (I'll give you a hint, we are again number one in personal PC sales), and I never see spam at work.
But how much money does my company pay a year for me to not see spam?
For those clueless like me, "Your Mileage May Vary"... Acronyms getting out of control...
just not for work email addresses. C'mon, who hasn't checked their private email account from work?
Its called 'being on a distribution list'. I get so much e-mail I don't care about, I had to create a rule so that any mail sent only to me is placed directly in my inbox, otherwise it gets moved to another directory...
DILBERT:
Panel 1:
To: All Users
From: Network Admin
Please refrain from frivolous E-mail. It bogs down
the network.
Panel 2:
To: Network Admin
From: Dilbert
cc: All Users
I agree.
Panel 3:
Dilbert says, "Have you noticed there's too much
communication in the world, Dogbert?"
Dogbert says, "Yeah, every day at about this time."
well, the company i work at uses a small web hosting co for mail/www and i swear they sell my address... i almost shat in my seat when one of my [female] coworkers walked by and i was sifting through my mail by pressing the down arrow (50:1 spam ratio) and suddenly an ENORMOUS pair of breasts fills the preview pane of outlook. bit of an awkward silence after that. needless to say, i've been a bit more vigilant about spam filtering since then :)
"Where are we going, and why am I in this handbasket?"
Similarly, I currently have an email account with my university, but I use it almost exclusively for academic-related communications, and I've not received one spam email at that address in over a year now. And, I doubt the university has invested much money in spam filters for student email accounts.
Naaaa... you really think spammers are going to look through their thousands or millions of email addresses and remove the ones they think are for corporations? Not gonna happen.
I get all of my spams on my corporate account. I've had it for 6 years, so there's been time for the spammers to find it. Not to mention the marketing folks sign me up for all sorts of trade shows and I get targeted spams.
I've pointed our IT folks to SpamAssasin (which, coincidentally, was written by one of the former IT guys at my company!) but they won't use it as is because they're afraid there's a chance we could lose a single valid email. So I just run an individual version from DeerSoft in my Outlook client.
Interestingly about 90% of my spams are to an email address which has never even been VALID for me at the company, but when we switched to Exchange they entered about 40 different email addresses for me consisting of all sorts of permutations of my name and initials and lots of THOSE get spam. I need to configure my spam blocker to block the one offending recipient... gotta remember next time I'm in the office.
Any time saved in this fashion is wasted when everyone leaves their desk to tell you that you left your cover sheet off this week's TPS report.
?-|||-----x<*))))><
Everyone needs to check out popfile.sourceforge.net. It's GPL, dead easy to set up and use, and quite frankly, it's brilliant. It uses naive Bayesian filtering, catches about 99% of my spam, and rarely if ever catches a non spam message by mistake. Spammers are going to HATE this tool. Try it. You won't be sorry.
Prove it using sneakemail. It's too late for you to do anything about netop now, but using sneakemail can save you a lot of aggravation since you set up an e-mail address PER mailing list. If you get spam at one of them, you know who sold your address.
Also, don't use your real e-mail address for anything related to comdex!!!!! You will drown under the spam.
We use spamcop.net at work. It's gets 95% of the spam. The thing which made us move on it was female employees complaining of sexually explicit spam from porn sites--with an HTML enabled mail reader, sometimes the first thing they saw was some pornographic picture.
Unless a company makes a best effort to protect people from exposure to offensive material (as defined by them, within reason), the company could be sued by the employee for creating a hostile workplace. While I haven't heard of cases of this yet, it's only a matter of time. (I hope I didn't give anyone any ideas here...)
We've been experimenting with spamassassin, and it's roughly as good as spamcop (as to how much spam gets through to the end user), but it's free. Note: spamcop and spamassassin have to completely different approaches to determining what is spam.
I suspect "Netop" sold thier email list, that was the last newsletter I opted in. But how do you prove it?
Use the method I use: Get your own domain name -- they're cheap and worth it for the control you get -- and set the email so that mail sent to undefined addresses forwards to you. Use an external account to read this email, and do *not* give this address to *anybody*. Then, when you sign up for a list at a place like Netop, give them netop@yourdomain.com as your address. Then, any spam you get as a result of them selling your address will be addressed to netop@ your domain, which is quite easy to detect.
This method has other advantages; it makes managing the email lists you are subscribed to easier, for instance. As far as places I have detected mining/address selling, Slashdot is mined quite often (as if it shouldn't be obvious). But the main advantages of this method are that it's easy to set up, requires no effort at all after you get it set up, and if an address at your domain starts getting spam, you can shut it down.
I pledge allegiance to the flag...
of the Corporate States of America...
SpamAssassin is ready for exchange.
Deersoft.com
Just because end users don't see the spam doesn't mean there isn't a cost. How much time is spent creating software to combat spam? How many hours do admins spend dealing with spam before it even reaches users? How much time do users have to spend circumventing anti-spam filters to send/receive legitimate email?
These are just a few of the obvious costs related to keeping spam out of user mailboxes. It would probably boggle the mind to know the actual cost of keeping spam out of Suzy or Sammy Secretary's mailbox.
hrm, we use complex filtering software and techniques, and i still get lots of spam. i receive about 200 work related emails each day to a certain account, and about 25% of that is spam.
...
what i really wonder though is how many legitimate (non-spams) emails i never receive because of filtering software! i frequently get email or calls from people who claim they sent email that i never received. i also frequently get mailing list bounce warning emails (primarily from securityfocus lists though) claiming that emails sent to me are bouncing. hrm
-- ken williams
with an HTML enabled mail reader, sometimes the first thing they saw was some pornographic picture.
The obvious solution would be to not use an HTML "enabled" mail reader...
May we never see th
As an added bonus, you get to receive 3-4 additional publisher's clearinghouse sweepstakes entries based on the different names.
I work for a Rather Large Company (tm) and was tasked with architecting the mailgate for the entire company. Several requirements:
1) Ingress spam & virus filtration;
2) LDAP directory integration;
3) Message address rewriting on ingress & egress.
See, I was tasked with this when our company merged with 3 other ones, so we had a mess of Exchange and Notes servers out there. The idea was for me (your friendly local Unix sysadmin) to build a single ingress/egress point (my boxes) while the NT admins rebuilt all the exchange & notes servers into one coherent infrastructure. (That's a lot of work with ~40,000 employees!)
Anywho, the way I did it was to install a pair of Sun boxes in our DMZ with Trend Micro VirusWall on it, as well as their eManager product. That handles our ingress spam & virus filtration. That product proxies an inbound connection on port 25 to another pair of Sun boxen that run Sendmail gateways, which, thanks to some custom rules, do the LDAP lookups & address translations.
So we have multiple levels of SPAM & virus filtration -- the Trend stuff is very simplistic, crappy, relatively undocumented code, and works exactly as designed. As much as it looks amateurish to me, I can't help but to recommend it because it Just Freakin' Works. Also, if you're a big enough fish, the folks at Trend are incredibly friendly & helpful -- several of our suggestions made it into the product.
Someone high-up in our organization decided after Nimda and Code Red that all inbound messages with attachments should be quarantined for an hour, because Trend promised virus pattern updates within an hour after a virus outbreak. We were able to graft that on using some shell scripts. Works just peachy.
Between Trend Micro & Sendmail, we've got a GREAT solution that gives us plenty of filters. We have all the spam & anti-virus filters using Trend, and can block or redirect by domain using a mailertable with Sendmail. Also, the LDAP support in Sendmail wasn't very good when we started integrating that (8.10 was the first usable LDAP release), but by 8.12, it works great. We redirect the message internal to the company based on what's in LDAP, and it works flawlessly for ~1 million messages/day.
Tastes great, less filling. And mostly free software (Sendmail was free, as was the Directory Server, since that license comes with Solaris.) All we paid for was the Trend Micro stuff, which we had a site license for anyway since we use it on the Exchange servers as well.
So yeah, I'd have to agree that SPAM isn't NEARLY the problem at work that it is at home. Also, since we got the Exchange servers out of the SMTP business and "just" for mailboxes, we haven't had a virus outbreak since. Lovely!
--NBVB
Sorry, but *that* was marked up as 'Interesting'?
Personally, I loathe advertising. Spam is just another form of that. Filtering out all that trash bothers me a *lot*.
And yes, it is expensive. My parents live in South Africa, downloading their email through a little 56K modem (which rarely hits over 9600, thanks to the lousy ISP). They pay per KB and per minute. Think they don't mind "just pressing delete"?
I'm lucky - I sit in Germany with an unlimited DSL line - and it *still* bothers me. Spam is on the verge of making my accounts unusable.
Bah. You sound a little like that idiot I read who called himself "all-american free-speech spammer".
Ciao,
Klaus
Free PC version of ChipWits at http://www.breueronline.de/klaus/chipwits/
Are they a member of the American Association Against Acronym Abuse Alliance?
I don't approve of their methods, so I am a member of the Anti American Association Against Acronym Abuse Alliance Activists (not to be confused with the Anti-American Association Against Acronym Abuse Alliance Activists, some group of Albanians).