Slashdot Mirror
5 Things the Boss Should Know About Spam Fighting
Esther Schindler writes "Sysadmins and email administrators were asked to identify the one thing they wish the CIO understood about their efforts to fight spam. The CIO website is now running their five most important tips, in an effort to educate the corporate brass. Recommendations are mostly along the lines of informing corporate management; letting bosses know that there is no 'silver bullet', and that the battle will never really end. There's also a suggestion to educate on technical matters, bringing executives into the loop on terms like SMTP and POP. Their first recommendation, though, is to make sure no mail is lost. 'This is a risk management practice, and you need to decide where you want to put your risk. Would you rather risk getting spam with lower risk of losing/delaying messages you actually wanted to get, or would you rather risk losing/delaying legitimate messages with lower risk of spam? You can't have both, no matter how loudly you scream.'"
Because the people who appoint them don't understand IT either and believe it to be so simple that anyone can manage it.
Trouble is how many CIO understand the technology they supervise enough to make a good business judgement?
The one thing I will tell them follows like this:
Trust your own I/T staff for maters of technical choice and direction, they have the most to gain, the most to lose and have to live with the consequences. Vendors know how to sell problems then the solutions, users know how to blame their lack of patience and personal issues on computers. I/T personnel often are the ones to eat the heat on organizational issues beyond their control. This includes the flawed systems we use today. Let I/T participate in business descisions, not to rule but nor to be a door mat for the next irrational business type having a conniption fit.
SMTP and POP
Now, nothing against educating management... but POP? POP doesn't belong in the enterprise. Even at home I have my own IMAP server. POP is a relic of the dialup-time where you only had access to your own computer and nobody else (seemed) to have one.
A shame that gmail doesn't support IMAP, I'd prefer it that way instead of that poor POP3 hack they use...
The majority of the CIO's I know come from the Apps side of the house, not the Ops side. Please note, I said the majority, not all.
Do you really believe that a CIO understands all of the underlying technology in the IT department, even at a basic level? Trust me, most don't. It's near impossible, especially when most CIO's haven't been individual contributors for many years.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
managers manage well by having people below them who know their jobs. That way they manage the people themselves, not micromanage everything they have to do.
A good manager should appear to have very little to do, because everything is so well organised.
A bad manager is very easy to spot. People under them feel unsupported, become over relient on rules and regulations, and everything takes so long to do that nothing gets done.
I've experienced both types of management, the bad type is painful. When I've managed (in medicine) I worked very hard to train my people to trust in their own abilities and take on and enjoy responsibility.
Nothing to do with spam in this post I realise, but then I hate spam, nasty fatty stuff.
A good RBL-based system never loses mail. Any legitimate mail that is blocked causes the original sender to be notified. Content-based filtering systems don't work like that scheme, so people that use mail filtering do lost more legitimate mail, and the worse part is, the senders never know their mail was lost. This is why content-based filtering doesn't work and RBLs do.
Because managers are there to manage, not to be technicians. The most effective managers should know something about what they manage, but they do not need to know the details. They are supposed to be "big-picture" people and leave the details to the experts they hire. When a manager knows too much about what they manage they tend to micro-manage and I am sure we all dislike that more than ignorant managers.
Personally I would rather have a manager that gives me the responsibility and flexibility to make the decisions that are within the scope of my job function who knows nothing about what I do and how I do it than one that is more knowledgable but ties my hands when it comes to getting things done. The CIO should dictate the overarching business strategy to the IS department and help ensure that their work helps accomplish the goals of that strategy. The details are for the rest of the department to figure out. Remember, the IS department is a supporting function, no different from accounting, marketing, or HR... it is not the business.
I'm sure I will be flamed for this response, but it is typical of technical people (not just IT, but in all functions) to have disdain for those in charge because they don't know what we know. But it isn't their job to, or else they would have no reason to hire us. A CIO position is NOT a technical position. Expecting a CIO to know everthing going on in the IS department is the same as expecting the CEO to know it as well.
Yeah, thanks. Then when someone fakes my email address as the return address, I get thousands of bounce messages.
Did you miss the part about:
I like to REJECT (not bounce!) spam
If I reject the mail, then you'll only get a message back if your SMTP server was the one that was sending it. If I bounce the mail, then you'll a message even if it was forged elsewhere.
People who bounce spam are almost as bad as the spammers. Rejecting spam is much better than just deleting it because it gives the sender a chance to fix your mistake.
RBL-based systems do lose mail. A potential customer emails me and a competitor with a request for a quotation. From me they get a blacklist notification, from my competitor they get a quotation. The potential customer, upset at being accused of being a spammer, never bothers trying to email me again. I've not only lost their original email but I've lost all future email from them too.
Quidnam Latine loqui modo coepi?
Managers may have lost touch with the latest techno-babble, but they should not be berated because of it. They are obviously smart individuals who were neck deep in the technology of their time. When you are a manager, you have a reasonable level of expectation that your employees will be knowledgeable of the most current technology.
Many high level concepts such as requirements, design, group management, etc can be managed by people and they don't have to have intimate knowledge of the latest technology. I am not saying that management should not learn it, but they should expect their employees to be the experts.
Why is it that there are a lot of people in IT who are so snobbish "omg!!!@!!!.... you don't know about xyz technology, you made a mistake hahahhadjhaflkdjfs luser." Are other technical/engineering fields like this? (not a knock on the parent post, just askin' in general).
I got nothin'
>The trick is to target the one vulnerability all spammers have: A website to sell their goods.
Not any more. The stock scammers can get their money without any contact information whatever in the spam.