Using a five-layer filter to cut spam
Staff
Published: 15 Dec 2003 13:00 GMT
TechRepublic Member: Curtis Birnbach
Job: President, Hudson Research Inc., which runs an electro-optics foundry including an optical shop, an electronics lab, an electro-optics lab, and mechanical fabrication areas, and produces devices for the military and the telecommunications industry
Industry: Electro-optics
Problem: Reducing the amount of spam employees have to delete
Solution
We have a five-layer spam filtration process that eliminates much of the problem. We get between 400 and 800 pieces a day, of which about 85 percent comes from China. Our layers are:
This combination eliminates all but 50 to 100 pieces. The biggest problem is that our two Web sites attract spiders through the info@xxx general addresses. We can eliminate the bulk of the remaining spam by adding JavaScripts to the site, but that would compromise the ability of our sites to go through firewalls without requiring entries into the firewall database. We have always tried to maintain the maximum level of availability on our sites by minimizing the number and types of JavaScripts and using code that is highly cross-platform compatible.
Client does a lot of the work
We have elected to put a substantial portion of our defenses on the client rather than the server as it makes our system less vulnerable. It is annoying to administer, but worth the effort as it has prevented virus- and worm-based attacks. Given the number of security holes in the Windows servers, the client-based approach has obvious benefits. It works. The spammers are not anticipating this, and they focus their attack on the server. While we take as much care as possible to protect our servers, they are but one layer and a deception as far as the spammers are concerned.
At this point, we are faced with the choice of rewriting a substantial portion of two Web sites to mitigate the problem or continuing to spend about a half hour per day on directly spam-related screening.
Blocking tactics
We tune our various filters to block primarily by domain, secondarily on key words. Due to the highly specific and technical nature of our products and services, we block all mail from non-NATO countries. However, advanced spammers routinely send mail through third parties, particularly through free services such as Yahoo, MSN, Excite, Lycos, etc. These services represent one of the biggest problems facing us as we also get a portion of legitimate email through these ISPs and cannot afford to summarily block these services.
I can tell you that the impact of spam on small businesses is proportionally greater than the impact on large businesses. We have less manpower, less money, sometimes no IT department at all, and to devote even a half an hour a day to this issue is a terrible burden.
Did you find this article useful?
65 out of 126 people found this useful
- Share this article:
Full Talkback thread
4 comments
