Re: Spam prevention vs mitigation

Steve Sirag <stevesirag@xxxxxxxxx> writes:


My bosses are demanding 100% spam prevention,

Tell them some guy on the Internet said that the only way to do that
is shut down the email server. I'll be your fall guy.

and I'd like to find some industry papers, articles, etc that
explains why that's not advisable (if even possible). My
understanding is that spam mitigation is the goal, keeping spam down
to where it's not a distraction from business. Our current spam
level is roughly 3-6 spams received per user per day. That seems
manageable to me, but I'd like the extra ammunition going into the

Can anyone help?

If you were to try to make that argument, the counterpoint would be
"Okay, what if the 6 that get through are phishes that have malicious
links to recently registered domains or have malicious attachments
that invariably people will click on, that leverage exploits for
things the machine isn't patched against, and they lead to compromises
of the local machine because no one has done the hard work and
planning it takes to strip users of local admin rights?"

And then parlay this discussion into perhaps getting some funding to
do user education about security threats and how to respond, do some
shootouts of new gateway mail solutions (that may have AV and threat
protection that looks at more than just signatures of attachments),
web gateway solutions that look at IP, URL reputation as well as scan
for malware, privileged identity management solutions as well as
political capital to wrestle admin privs away from users who don't
need it, and for those who have it, make sure they can't be sufing the
web while logged in as admin?

Leave no crisis unexploited. :-)

That said, what's acceptable risk to business will vary by business.
You can make the case with simple logic that no signature based
classifier will achieve 0 false negatives without also generating
false positives--ask if they're willing for business critical email to
get caught up in the spam filter, and if it does will your current
solution give end users a way to retrieve it? The story is the same
in AV land -- if AV heuristics trying to catch unknown and suspicious
files are tuned too tight, legit files invariably end up getting

The inconvenience of those 5 or 6 emails a day is the lesser concern
to the likelihood of compromise an email received by a typical user
that contains a malicious link or attachment.

That said, I think it's safe to say that over the past weeks, the
incoming volume of phishing like this has surely been on the uptick.

Best Regards,
Todd Haverkos, LPT MsCompE

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.;4175;25;1371;0;5;946;e13b6be442f727d1

Relevant Pages

  • Re: Man gets nine years for spamming
    ... >>1) SPAM is not a SECURITY issue. ... >>business model as you. ... You may be able to block countries, ... blanket IP block filtering. ...
  • Re: 7 Acre Ranchette, 15 min. from Baltimore City/Columbia
    ... I publish Sport Horse ... It's spam if you post repeatedly, ... business owners in a category somewhere below slugs. ... We all buy things from business owners, ...
  • Re: Newsgroup filtering with host server software
    ... Hotmail offers free and "for pay" accounts with extra services. ... was spam. ... If the company is able to get business where you are required to travel, ... Does the business have an Internet presence? ...
  • Re: Foam wing cutting
    ... Posts of intrest to the hobby are what this group is for. ... on ebay is not spam. ... business, he pays google to place ads for him in related google searches. ... Yep, Nike shoes ads here, I think I would consider off topic but his ...
  • Re: Which greylist milter is least maintenance
    ... Which is the most maintenance free in a business environment? ... I'm shooting for removing the additional 150-200 spam messages a day ... daemon that all the mail servers can talk to - one database for all servers. ... MailScanner -- stopping the UCE/spam at the connection point, ...