5 Things the Boss Should Know About Spam Fighting

Esther Schindler writes "Sysadmins and email administrators were asked to identify the one thing they wish the CIO understood about their efforts to fight spam. The CIO website is now running their five most important tips, in an effort to educate the corporate brass. Recommendations are mostly along the lines of informing corporate management; letting bosses know that there is no 'silver bullet', and that the battle will never really end. There's also a suggestion to educate on technical matters, bringing executives into the loop on terms like SMTP and POP. Their first recommendation, though, is to make sure no mail is lost. 'This is a risk management practice, and you need to decide where you want to put your risk. Would you rather risk getting spam with lower risk of losing/delaying messages you actually wanted to get, or would you rather risk losing/delaying legitimate messages with lower risk of spam? You can't have both, no matter how loudly you scream.'"

Nothing lost?

Their first recommendation, though, is to make sure no mail is lost.

Nice goal, but you are going to lose mail. It is either going to get buried in the pile of spam or misclassified as spam by your software and pitched. What you need to do is pick an acceptable level -- it is all about trade-offs.

I like to REJECT (not bounce!) spam, so when you accidentally mark good stuff as spam, the sender has a chance to get the message to you later.

Re:Nothing lost?

[mabu]

A good RBL-based system never loses mail. Any legitimate mail that is blocked causes the original sender to be notified. Content-based filtering systems don't work like that scheme, so people that use mail filtering do lost more legitimate mail, and the worse part is, the senders never know their mail was lost. This is why content-based filtering doesn't work and RBLs do.

Re:Nothing lost?

Yeah, thanks. Then when someone fakes my email address as the return address, I get thousands of bounce messages.

Did you miss the part about:

I like to REJECT (not bounce!) spam

If I reject the mail, then you'll only get a message back if your SMTP server was the one that was sending it. If I bounce the mail, then you'll a message even if it was forged elsewhere.

People who bounce spam are almost as bad as the spammers. Rejecting spam is much better than just deleting it because it gives the sender a chance to fix your mistake.

Re:Nothing lost?

Frankly I find this hard to believe.

Just to be clear:

• Eve is a spammer sending mail
• Clueless ISP (clueless.xxx) is being used to send the spam
• Alice's address (alice@alicedomain.xxx) is being forged by Eve
• Bob at bobdomain.xxx is the intended receiver for the spam

Typically Eve sends an amazing offer "from" alice@alicedomain.xxx through clueless.com to bob@bobdomain.xxx. If Bob bounces the spam, it would go from bobdomain.xxx directly to alicedomain.xxx. I suspect this is what you are seeing, and happens because Bob is doing his spam filtering after he has accepted the message from clueless.xxx.

If Bob rejects the spam while in the process of receiving it from clueless.xxx, clueless.xxx would get a bad status code. Chances are the mail program is just a bot which would ignore the error (or retry the same message a couple of times). If Eve is using an MTA on clueless like exim or sendmail, and it is badly configured, then Alice might see a bounce message generated by clueless.xxx. Alice can complain to the administrators at clueless, or get clueless added to RBLs. The good news for Alice in this situation is that she isn't dealing with thousands of bots. In any case, Bob didn't send a bounce message, he just didn't accept the incoming mail.

Rejecting spam at the SMTP level is the best practice, and is different than bouncing spam.

WTF?

[Watson+Ladd]

How does the CIO not understand what the IT deparment is doing and still become CIO? Can someone clue me in on the way a manager can know nothing of what they manage and still be a manager?

Re:WTF?

[winkydink]

The majority of the CIO's I know come from the Apps side of the house, not the Ops side. Please note, I said the majority, not all.

Do you really believe that a CIO understands all of the underlying technology in the IT department, even at a basic level? Trust me, most don't. It's near impossible, especially when most CIO's haven't been individual contributors for many years.

Re:WTF?

[rucs_hack]

managers manage well by having people below them who know their jobs. That way they manage the people themselves, not micromanage everything they have to do.

A good manager should appear to have very little to do, because everything is so well organised.

A bad manager is very easy to spot. People under them feel unsupported, become over relient on rules and regulations, and everything takes so long to do that nothing gets done.

I've experienced both types of management, the bad type is painful. When I've managed (in medicine) I worked very hard to train my people to trust in their own abilities and take on and enjoy responsibility.

Nothing to do with spam in this post I realise, but then I hate spam, nasty fatty stuff.

Re:WTF?

[Jonny+do+good]

How does the CIO not understand what the IT deparment is doing and still become CIO? Can someone clue me in on the way a manager can know nothing of what they manage and still be a manager?

Because managers are there to manage, not to be technicians. The most effective managers should know something about what they manage, but they do not need to know the details. They are supposed to be "big-picture" people and leave the details to the experts they hire. When a manager knows too much about what they manage they tend to micro-manage and I am sure we all dislike that more than ignorant managers.

Personally I would rather have a manager that gives me the responsibility and flexibility to make the decisions that are within the scope of my job function who knows nothing about what I do and how I do it than one that is more knowledgable but ties my hands when it comes to getting things done. The CIO should dictate the overarching business strategy to the IS department and help ensure that their work helps accomplish the goals of that strategy. The details are for the rest of the department to figure out. Remember, the IS department is a supporting function, no different from accounting, marketing, or HR... it is not the business.

I'm sure I will be flamed for this response, but it is typical of technical people (not just IT, but in all functions) to have disdain for those in charge because they don't know what we know. But it isn't their job to, or else they would have no reason to hire us. A CIO position is NOT a technical position. Expecting a CIO to know everthing going on in the IS department is the same as expecting the CEO to know it as well.

Five Things Everybody Needs To Know About Spam

[mabu]

Forget CIOs... there are many system administrators who don't know the real issues regarding spam. Here are some things everyone needs to know:

1. Content filtering is not a solution.

I hate to say it, but it's the truth. Filtering mail based on what's in the e-mail message is a never-ending battle that does not work. It slows down mail service, causes legitimate mail to be blocked more often than using RBLs, and violates peoples privacy, costs more money to maintain and makes the mail system inherently less efficient and reliable.

E-mail used to be instantaneous. Now it isn't, because all the major ISPs toss their mail into big queues where they go over it and file it away or pass it on. If you send something to a Bellsouth users nowadays, they *might* get it 6+ hours later! Stupid, content filtering doesn't work and creates worse problems.

2. The Spam problem is mostly a law enforcement issue and not a technological issue.

99.9% of spammers break the law. The reason why spamming is such a problem is because national and international authorities won't get off their lazy asses and prosecute the spammers for the laws they break. In the end, you'll do more to reduce spam by petitioning your local district attorney to prosecute spammers than installing some obnoxious cpu-chewing filter that will become obsolete within two weeks. And no, the jurisdiction issue is bogus. Technology exists to track all these spammers right back to where they are. There are spammers all over the world and especially in the U.S. that can and should be in jail right now, but they're not because the Feds are more interested in going after people like Tommy Chong. Call your D.A. Call your Congressman. Complain that your reps aren't putting these guys in jail.

When I say "spam" I mean the big spam operations. The industry can easily police itself of low-level, incompetent opt-in schemes, but that's not the real "spam" problem we're talking about.

3. Don't listen to the anti-virus/anti-spyware software companies.

These companies make their living off of spam. There is an inherent conflict of interest in relying on Symantec or any other company to be trusted to help deal with the spam problem. They need spam and they'll never do what's necessary to stop spam from becoming more of a problem. This is analagous to why car manufacturers won't build more reliable/efficient cars when they are capable of doing so -- it's not profitable for them. Stop looking to McAffee or any of these other foxes to be trusted in helping you guard your henhouse.

4. Most anti-spam methods do nothing to stop spam, except relay blacklisting.

Spammers steal bandwidth, violate peoples' security, tamper with third-party computers and bog down the Internet. Content-based filtering does not hurt spammers. RBLs do. Relay blacklisting is the single most effective deterrent in the war on spam. PERIOD. No other method both stops spam, and makes it exponentially more expensive and troublesome for spammers to do their job.

Relay blacklisting works. If you don't like RBLs, chances are you just had a bad experience with a bad one. Try a different one or create your own. They work. They work exceptionally well and best of all, they save bandwidth and resources from the spammer's grimy hands. They also have the added benefit of stopping the propagation of worms and punishing irresponsible ISPs who allow their zombie users to pollute the Internet. There is NO BETTER THING CURRENTLY you can do to combat the spam war than by feeding and using RBLs (aside from following #2 and complaining that spammers aren't being prosecuted).

5. There are not that many spam operations. The spam epidemic is not unstoppable.

The amount of spam going around on the Internet has increased but only proportionally to the amount of user and bandwidth growth, and not due to more and more people getting into the spam business. A cursory examination of most spam clearly indicates that there are

mail is broken

[maynard]

I'm shutting down our lab mail server and migrating a large userbase to central university mail services because of all the problems we're experiencing with supporting an internal mail server. Everything from excessive spam (and it's well over 90% of all incoming connections), people using email as for storing files (as if it were a home directory), and recent rulings demanding that IT offices track email and IMs.

I worked out how much staff time we spend maintaining and supporting our mail server and was shocked. For a service that's commoditized and available for free from any number of vendors (never mind our uni's central IT service we're already paying for), and I worked out that last year we had spent ~100 hrs/yr of staff time. Looking back I realized that in years previous we had spent far less on a per year basis. IOW: staff consumption on mail service was growing while prices for commodity email service was plummeting (all the way down to near free).

Dumping email support is the only rational solution.

Where will this go? I think email (as in RFC822, etc) is doomed. The protocol is broken. It has no safeguards to confirm the legitimacy of the sender or recipient, no mechanism to secure the communication during transmission (like a real envelope), and as a result the protocol begs to be exploited by Internet fucktards. Which is exactly what's happening. Time to toss SMTP and start from scratch.

Uhh... you can have both...

[JimDaGeek]

remember, Bill Gates said he would end spam. As a "trusting" MS user, I believe him. So, since spam has ended, I don't know what these "systems" guys are complaining about. Geeez.