Internet Newsletter for Lawyers |
|---|
Stop Press: With the current rapid spread of the "SoBig" virus, the demarcation between spam and viruses has become less clear cut. Although most firms and chambers remained virus-free in the sense that dangerous attachments were stripped out, and/or their users were educated not to execute them, many were still overwhelmed by the sheer volume of such messages. Most spam control programs would also have identified these.
A recent study by email filtering company MessageLabs found that, of the 137 million emails they handled in June on behalf of their customers, 55% were unsolicited junk mail, or "spam". A year ago, the proportion was just 2.3%. Worse still, the number of emails flying around the internet continues to rise at an alarming rate.
So far, it is individual email users who are receiving the most spam. They are the ones who have been freely surfing the web, buying software and other goods, taking part in online "discussion" groups and putting their email address on their own web sites. In my own case, I get at least 80 spam emails a day as well as perhaps 20 "real" ones.
Most firms and chambers have been more careful with their email addresses and the problem is not yet so extreme - but it will probably become so since, once an email address is on even one spammer's list, it is likely to be sold on to a myriad of others. Legislation (so far) is having no effect whatsoever, since the spammers operate from many different countries and are also adept at changing the "sending" address so it is very difficult to find out where the emails have come from.
The main categories of spam seem to be for Viagra and lurid "enhancement" offers, cheap prescription drugs generally, pornography of many different types, financial advice and offers (generally "scams") and slimming and beauty products. I thought about producing a picture of the titles of a representative sample but they are not suitable for a respectable newsletter! Most people reading this will know the sort of things I mean.
I generally know when I should cover a topic here when I get a large number of enquiries from readers asking for information. Suddenly, over the last few months, enquiries about spam have multiplied almost as fast as the spam itself! I set out to find out what firms and chambers are doing about spam, right now. My first stage was to email the 150 Intranet/Multiple Use subscribers of this newsletter, thinking that they are the users most likely to have investigated this topic so far. I asked whether they have a problem with spam and if so, what they are doing about it. I had replies from around 50 firms and I am very grateful to them for the information they gave.
Quite a few firms told me that they do not have a particular problem yet although they could see that the problem was getting worse. Others who are part of government departments or public bodies generally indicated that the problem was coped with at a "higher level" - they are probably the lucky ones! Others already have a major problem. I was told by one firm that a member of staff received over 1,200 spam emails in a single month. Eventually, the firm concerned changed this particular email address but even now, a year later, 800 emails a month arrive for the old address.
Many firms are already using various services and software tools to try and reduce spam, partly because of the time wasted by individual staff members deleting these but partly also because the content of many of these would be genuinely upsetting for some people.
I am planning a second article on spam in the next issue
where I hope to give feedback from the many readers who have not yet had a
chance to respond and, in particular, their experience of the products
mentioned, or others they have come across.
These are the general approaches that emerged from my investigations:
For a small site, the first or second options might be effective but for a larger
site, with multiple email addresses, this kind of avoidance method is probably
inadequate and other methods, below, will be needed.
An additional problem is that the filter on particular words is also not as easy as
it sounds since the email spammers are learning to find their way round these
controls, e.g. viagra comes out as (say) v i a g r a or vi@gra.
To be effective, and not to require you to spend hours every week becoming an
expert on the latest types of spam, it is really necessary for the program to have
access to large databases of spam sources and spam words, kept up to date
by someone else. This takes us to the next section.
The software applies all sorts of tests to the email based on sender, sender's
domain, country of sender, and key words of various types found in the header
or the text. These tests are carried out by linking up with databases on the web
of known spammers (blacklists) and, equally importantly, by learning from the
emails which you said were spam on a previous occasion. These systems do
take a few days to become effective but are, after that process, very good at
getting rid of most spam.
Having carried out this process with the spam control program, the user then
"gets" their email in the usual way, but will find only the ones not deleted left, to
come down into the normal email box.
An extra bonus of some of these systems is that they can generate a "bounced"
email back to the sender, thus indicating to the sender that this email address
does not exist although I am a little dubious about this process - it seems as if
one is then also contributing to the spam emails clogging up the internet.
I personally use a program called
Mailwasher for my email (recommended by
James Prior, of Opsis Ltd) and it is rapidly becoming indispensable. Another
program in this category is
iHateSpam.
This can be integrated into Outlook, Outlook Express or Exchange, thereby providing
a seamless process of filtering and obtaining mail.
From the responses to my enquiries, the big winner in this part of the market is
MessageLabs, particularly as provided by the ISP
Star Internet. A whole series
of firms said how effective they find this service, often combined with virus
protection, pornography control and other inappropriate content control.
MessageLabs was originally set up as a corporate virus protection service but
now, spam seems to be equally important in its portfolio of services. In fact, it
is very sensible for a user to have virus control, spam control and any type of
content control (e.g. for pornography) from the same source, thus minimising
complication and also cost. It uses a combination of publicly available blacklists,
heuristics (complex rules) and mathematical (Bayesian) probability to identify
spam. The user can also set up blacklists or whitelists which can be combined
with the main service thus providing a reasonable element of control. Generally,
legal firms accept all email (but to a defined junk folder) so that it can be
checked from time to time but the ordinary user is protected from it.
You can also use a spam-removal service such as MessageLabs directly (i.e.
not as a service from your ISP), whereby incoming email is diverted to the
service and the spam removed before being sent on to the firm's system.
There are a number of products which combine hardware and software in a
ready made firewall appliance, sometimes referred to as "Internet in a Box" solutions.
These include MXtreme from
Borderware, sold by
Peapod Solutions (PSL),
which offers content filtering, secure web mail, encryption, virus scanning and
mail box hosting. This type of system is delivered more or less "ready to go",
and also provides regular updating of virus and spam criteria without user
intervention. It comes in a variety of sizes to suit particular sizes of firm.
Another such product is Firebox from
WatchGuard. This also comes in a
number of versions.
The two big names in this area of the market are
Clearswift, with its MAILsweeper product, and
SurfControl.
Both of these companies started with control of surfing (i.e. to prevent
employees from accessing unsuitable sites) as their prime task but have now
broadened their services to include also the removal of viruses and spam.
The products carry out the same processes as described in previous sections
but do it totally "in house" so that the firm or chambers is not dependent on any
external body. These products are described in more detail in some of the
additional articles described below.
However, if you already use virus protection service or product, or a surfing
control product, it is well worth enquiring as to whether they also have a spam
control module which you can add, since, if they do, this is likely to be a cheaper
and less complicated solution than having each of these separately.
Feedback Please
I intend to continue to develop this topic in the next issue, so please give me
your comments and views. Email me at delia@venables.co.uk!
Back to Contents.
Approaches to Spam Control
Care with your email address
You can set up procedures to prevent the firm's email addresses getting "out"
into the wild, i.e. educate your staff not to use their email addresses in a way
which enables them to be put onto spam email lists. Several firms have included
instructions of this sort in their staff manual. Advice of this sort could include the
following:Email addresses on your web site
You can limit or change the way that email addresses are displayed on your web
site, so that they cannot be picked up by "robots" roaming the web (also known
as automatic email harvesters or "bots"). Options include these:
(You think I am making this up?)
Facilities available within Outlook and Exchange
You can use the facilities available within Outlook, Outlook Express, Exchange and other email
programs to identify spam and either delete it directly or dump it into a junk
email folder. This type of approach still uses your own computer resources in
terms of telephone time and disk storage and it also requires you to look at the
junk folder from time to time to check that no "good" emails have been put here
by mistake (false positives). The process is however not very effective when the
junk email is coming from a myriad of different addresses or indeed from invalid
addresses since your system will not know that these are junk.
Software for individual email users
There is a special type of spam control program which is suitable for individual
email users who generally use a type of email program called POP3 (Post Office
Protocol) i.e. not organisations with Exchange or similar networked email
servers. With a POP3 system, the user is not online all the time but "logs in" to
their ISP intermittently and collects their email. Although originally designed for
a dial up line, this solution can also be used with an ADSL line but not with a
networked email system. It is possible for the client (i.e. your personal email
program, whether Outlook, Eudora, Pegasus or others) to examine the headers
of the email on the ISP's server without downloading the whole email and to
delete it directly on the ISP's server if desired.
Using a spam removal service
You can enquire of your ISP whether they have a spam-removal service
available - and most commercially oriented ISP's, do have such services
available now, often combined with a virus removal program. The advantage of
using a service of this kind is that the email can be removed before it ever
reaches your own system. Generally, there are some parameters which you can
set to determine blacklists or whitelists (senders whose emails you want to
receive even though they fail other tests) so that the user does retain some
element of control.
Spam control as part of a firewall
Software for networked spam control
You can purchase and run software on the firm's own system - generally in
association with the Exchange server - to identify spam and either delete it or
put it in a junk area of the system for regular checking. This is generally very
complex software with a large price tag, and requiring a considerable expertise
to manage the process but it does leave the user in complete control of the
process.
Spam control, virus protection and surfing control
Note that these are all separate concepts! Whilst a spam control program may
well find and mark a virus for deletion, this is not their main purpose in life and
they will not be as up to date in this respect at programs designed specifically
for virus protection like Norton, Symantec, Network Associates or Sophos.Legal remedies
Most countries, including the EU, are trying to set up methods of preventing
spamming by law. I hope to cover this further in a future article but in the
meantime, there is a good site called Spam Laws at www.spamlaws.com, set
up by US Law Professor David E. Sorkin. The site groups laws by USA (Federal
and State), Europe (EU and by country) and other Countries, and provides links
to legislation or proposed legislation in these countries.
More Information
Several readers of the newsletter have very kindly provided articles on this topic.
These are available in Microsoft Word format.