E-mails peddling fake Rolex watches and Viagra do not usually pose a threat to IT systems, but network managers need to filter spam to protect infrastructure from other attacks, according to executives at some companies that sell e-mail filtering products.
For example, some spammers use directory
harvesting attacks to get e-mail addresses from users’ directories, and these can knock mail servers offline, said Andrew Lochart, director of product marketing at Redwood City, Calif.-based Postini Inc., which hosts a spam filtering service.
Lochart said a “”brute force”” directory harvest attack can disable an e-mail server by making repeated attempts to deliver a message.
“”It ends up having the effect of a denial of service attack, even if that was not the intention of the spammer,”” he said. “”The spammer’s just trying to get as many e-mail addresses as he can.””
Lochart added some spammers send out viruses designed to replicate themselves and send more spam, but e-mails advertising erectile dysfunction pills probably aren’t harmful.
Spam can bring down the network
Albert Behr, chief marketing officer of Mississauga, Ont.-based network security vendor BorderWare Technologies Inc., agrees.
“”The least nefarious spam is about herbal Viagra,”” he said. “”I could care less. It’s a pain in the ass but I just hit the delete key. The thing that scares me the most as an IT guy is allowing in a MyDoom over e-mail. If that comes in, I’m bringing down the entire network.””
Some large companies assign spam filtering to their network security staff, rather than to the e-mail staff, and those companies tend to see spam as a security issue, said Shelly Sofer, BorderWare’s director of public relations.
“”It’s like an unknown person walks past reception, past all your security, walks into your office and plops something on to your desk while you’re working.””
It takes some sophisticated programming to filter out spam without preventing users from receiving legitimate messages, though.
BorderWare’s MXtreme appliance, for example, includes a statistical token analysis, which applies values to certain words in the message, and then flags it as spam once the total score reaches a certain value, Behr said.
Regardless of how well a spam filtering tool works, it has to work with a company’s network architecture and IT policies, said Robert Garigue, chief information security officer of Bank of Montreal.
For example, he said, a program that filters out certain types of attachments may prevent workers from receiving legitimate business correspondence. He added users need to make sure their spam filters are suitable for their environment.
Fraser Hirsch, program manager of IT security for the City of Ottawa, agreed.
“”We had to be cognizant of the type of organization we were,”” he said of the municipality’s recent BorderWare MXtreme installation. “”If an elected official did not receive (a legitimate) e-mail, I would get killed.””
Hirsch added the city, which gets more than two million e-mails per day, installed an anti-spam filter for several reasons, including complaints from users about offensive spam and lost productivity, and concerns over the money spent on network resources and storage.
When the filter was first installed, potential spam was flagged but still sent to the user in case some were actually legitimate. Later on, spam was quarantined at the server and now spam is discarded, Hirsch said.