Certified Mail

Certified Mail: July 2003

Spamming the Globe

• By MCP Magazine Readers
• 07/01/2003

The Skinny on Spam

In response to Em C. Pea’s ”Auntie” column in the May issue, “Spam, Spam, Spam, Spam,” I spend at least two hours a day blocking unsolicited spam, along with updating SurfControl. Just like the U.S. Mail, it never stops—nor rain, nor snow, nor sleet, nor hail, spam keeps a-coming.
—Jason Griffith, MCP
Charleston, West Virginia

I was amused by Em C. Pea’s take on spam. I, too, would have showered the room with my cornflakes. However, my morning meal happened to be a bagel.

While I agree that spam-filtering in Outlook stinks, I think the bigger issue is that Microsoft should offer some functional server-side options. If you’ve ever tried blocking e-mail with Exchange Internet Mail Connector functions, you know what I mean.

I know that Microsoft has always relied on third-party developers for add-on solutions (like spam-filtering, antivirus and so on), but a basic set of utilities would be helpful—i.e., the ability to use black lists, easily block senders and scan for malformed SMTP data.

Filtering spam at the client level leaves much to be desired, even if the next version of Outlook spam-filtering actually works. The mail has already entered the enterprise and been delivered to the desktop—simply moving it to another folder does little to control the disease. Third-party server-level applications will have to be deployed by admins seeking to reduce the huge volume of junk sent to their users each day.

A server application that can filter mail prior to the Exchange organization receiving it allows admins to have the final say regarding what is allowed into their networks. There are cases where employees have filed suit claiming a hostile workplace environment where certain spam e-mail has reached their desktops. This situation can only get worse. If we admins don’t make a valid effort to stop the insanity, we could be named on those legal filings...ouch.
—Gary A. King, MCSE, CCNA
Granger, Indiana

I monitor an Exchange server with more than 1,500 clients and deal with spam on a daily basis. The average time spent daily is about 45 minutes. It doesn’t seem like much, but it adds up to three hours a week, which equals 15 hours a month, which totals 180 hours a year. That’s 22.5 days a year out of 260 working days. That’s 8.7 percent of my time dealing with spam.
—Don Harris, MCSE, MCSA
Denver, Colorado

The best (and only) way to really eliminate spam is to modify the SMTP protocol (perhaps one could call it the SAMTP, Simple Authenticated Mail Transfer Protocol). What’s needed is a way to authenticate senders using certificates, password hashes and so on, and some way that SMTP servers validate the sender before accepting each message. Because spammers forge their originating addresses and mail headers, they couldn’t come up with a valid certificate/password hash from the ISP they’re forging as the source.

Using this scheme, when an SMTP server receives an e-mail, it would also receive the identifying key supplied by the sender’s e-mail client encapsulated in the message. The key would be authenticated against the private key (or hash or password) held at the authoritative source for the originating domain (usually the ISP). This would allow all fraudulent mail to be rejected prior to wasting the bandwidth used allowing the spam-vector server to send the body of each message, like the way blacklist rejections work today. If a spammer got a hold of a user’s identity key, it would become apparent to the user’s ISP when hundreds (or thousands) of validations came in for a single sender. The ISP could then issue a new public key/password and shut down the spammer immediately. It would take a couple of years to get it in place, but it could be done. Then spammers would have to go back to paying for phone calls!

Spammers just skirt the laws by going overseas. Besides, who has time to report spammers to their ISP? Charging for messages? Forget it. That’s punishing the good guys.

Filters? The spammers always seem to stay one step ahead of them, as well. We can solve the problem with technology, and all it would take is a request for comment and a cooperative effort on the part of ISPs, users and e-mail client developers. Everyone would be forced to get on the bus because their e-mail would start being rejected otherwise.
—Norm Hinman, MCSE, MCP+I
Auburn, California

Both Outlook and its little brother Outlook Express do a poor job of screening spam. Unfortunately, I’ve found most spam-screening software does a mediocre job of filtering out junk from real stuff—especially as spammers are getting more creative in the ways their junk is marketed. It appears the spammers always keep one step ahead of any software created to counter it.

As I don’t completely trust spam-filtering software, I now use MailWasher Pro exclusively to screen all e-mail coming into my mail server. There, I have the option of viewing the message, deleting it, bouncing it back or accepting it. I’m able to ensure mail that I want gets through and doesn’t get inadvertently deleted by some spam filter that isn’t set up correctly. It’s worked great for a year now.
—Mike Frederick, MCP
San Antonio, Texas

The solution requires that you have your own Exchange Server. For us that meant having a Microsoft Small Business Server and that you host your own domain.

For example purposes, I will illustrate our solution using my email address. For the last 6 or 7 years my address has been [email protected]. But lately it’s been overrun with spam. Having my own mail server I easily changed my default SMTP address to be [email protected] but kept the ‘robert’ alias because of the legitimate mail I was still receiving under that name. I then e-mailed most people I know and asked them to update their address books. Eventually, nearly all the mail incoming to ‘robert’ was spam but there still were some legitimate messages.

The final solution was to create another Windows 2000 user called “xRobert”. I removed the “robert” alias from my account and re-assigned it to this new account. I then logged onto the domain with the xRobert account, created my Outlook profile, and set an Out of Office reply to read as follows:

Notice how I didn’t spell out my new address? Well, call me paranoid. Anyway, several people got this message and responded as I had hoped. The only negative aspect of this solution is that the new mailbox is growing and still receiving all that spam. To solve this issue I gave myself full rights to the “xRobert” mailbox and added it to my Outlook profile. This enables me to still monitor the activity to catch those people who are not reading my Out of Office message, and also to delete all the spam in one fell swoop. We tried using the AutoArchive option to delete messages automatically but we have not had great success with it.

Well, if you already have an Exchange server and host your own mail, then this solution requires only a little bit of your time. After seeing how well it worked for me, my business partner begged me to configure it for him too! It truly has saved all of us a lot of time.

Luckily in my case, the impetus to change my address was both an antispam and business need. We had already switched our default SMTP addresses to the more professional scheme of “first initial + last name” structure. Spam just gave us the push to get rid of the old alias.
—Robert Cioffi, MCP+I, MCSE
Yonkers, New York

I had multiple clients with more anatomical enlargement solicitations than they knew what to do with. (Except maybe take them up and then join the circus!) I looked around a bit and found a great low cost product from GiantCompany called Spam Inspector that works as a plug-in for Outlook and Outlook Express. It has been around for a while. The application actually uses some adaptive learning techniques to start recognizing spam patterns and has been a stellar solution for my small business clients. It has taken some of them from 75-100 spam messages a day, to virtually none. No legit emails have been bounced over the last several months either. Hang loose and hey…let’s try to give computer geeks a better name eh?!!
—Mike McClendon, MCP, CSSA
Vancouver, Washington

I was very tired of Outlook Express not doing a good job of filtering spam. So I started using Outlook XP to get my ISP mail. I figured it must have better rule and filtering than OE—but it didn’t. I tried all kinds of rules, even the junk mail rule, which is worthless. I get an average of 60 messages a day of spam. I would have to delete them then delete them from my deleted items folder. Annoying! Even tried renaming my email account, ect. No good. Don’t ask me how but they always catch up. I only receive about 10 important messages a day and I know who they are coming from. From my AOL days, I remember that you could set a rule to block all mail except from those you specify. I thought, Wow, it would be great if I could do that. So off I went to the rules tool again. Did I find what I was looking for, NO. But, I have found a way to delete all mail that comes in except the ones that I specify. Here is how it works: (haven’t tried it on Outlook 2000),

Make sure your contacts e-mail addresses are in your contacts list from all that you want to receive messages from. Next, specify a new blank rule: Start from a blank rule to check messages when they arrive. This is KEY!- Don’t select any conditions. It will warn you that it will apply to all messages. Then select Delete it from the “What do you want to do with the message” options. Then Ad an exception, the last one “except senders in specified address book.” Select your Contacts folder and finish. Close outlook and reopen. Try sending yourself a message using an email account not in your contacts list. It gets put right into the TRASH where the spam belongs.

This one works pretty well for me. A few messages slip into the inbox from time to time but not nearly as many that get deleted. I just browse through tp make sure it did not delete any important messages and them right click deleted items and select Empty. This has made my life e-mail life much less frustrating.
— Paul Bassett, MCSE
Lakewood, New Jersey