Facing Spam-Related Issues - dummies

Facing Spam-Related Issues

In the war against spam, there is occasionally collateral damage in that the spam solution may frustrate your users, slow the delivery of e-mail, and make a real dent in your already overtaxed IT budget. This can happen because things don’t quite work the way you expect, users don’t behave the way you expect, and the enemy doesn’t even cooperate and just go away.

Users don’t check their quarantines

Putting spam e-mail in a quarantine folder, where users can inspect at their leisure and retrieve any good mail that accidentally wound up there, all sounds good in theory. But if you have a good spam filter, you will have a very low number of false positives (good mail marked as spam), which means that 98 percent of what winds up in quarantine is trash that nobody wants to read in the first place. With those kinds of odds, many users don’t ever look at their quarantine until there’s a problem, and by then, they may have forgotten even how to do it.

If your spam filter uses a rating system, see if you can sort the spam by its score, and just wholesale delete all the stuff with really high scores. If someone sent you important mail that received a really high score, there’s a good chance you didn’t want to read it anyway. Most of the false positives will have just barely scored high enough to get classified as spam, so it’s pretty easy to separate those legitimate messages from the crowd if your filter supports that.

Alternatively, if you are really good about maintaining whitelists (lists of people and companies that you never want marked as spam), you can just dive into the quarantine and delete everything every few days or so. You’ll never miss mail from anyone on your whitelist, but you might delete mail from random people you handed your business card to.

Important messages lost or delayed

No matter how you slice it, after you have a spam filter in place, a computer is making decisions about what e-mail you get to see and what you don’t. You’ve also introduced a new point of failure into the mail delivery system, which could behave in all sorts of annoying and unhelpful ways.

The very fact that a computer is now reading your e-mail to make the spam/not-spam determination means that your e-mail is delayed more than before. In the best of all circumstances, that delay is small, but if for some reason you suddenly have a high spam volume, regular mail might be delayed more than usual as well.

Truly lost mail, with no clues to what might have happened or where it might have gone, is quite rare, but it can happen. Now that more than just a couple of servers are talking to each other and delivering the mail, the chances for lost mail have increased, but almost always, a log, bounced e-mail, or something is left behind to tell you what might have gone wrong. Get to know the log files on your mail server and spam solution. You’ll be using them to ferret out these problems.

Your filter is no longer effective

Spammers are constantly trying to figure out how to get past spam filters. In many cases, they already own the same spam filter you have, and they test each of the items they want to send you through that filter before sending it. Over time, any filtering technology will become less effective in blocking the new spam strains.

A good vendor constantly adapts its technology to meet new challenges from spammers. For some, that means a subscription-based approach, much like virus scanners, so that you constantly have the latest ideas in filtering. For others, this adaptation takes the form of software updates, which refresh the whole software package a few times each year. In the worst case, your vendor’s approach is a dead end, and there’s no way for it to update or refresh other than starting from scratch with a new approach. Be sure that you understand what you are getting in terms of software upgrade support from your vendor. Most contracts that really keep you up to date cost about 20 percent of the purchase price each year in software support.

An ASP-based solution avoids the issue to some degree because this spam-filtering approach doesn’t require a customer to deploy new software and technologies. The ASP provider just installs these at the data center and rolls out quickly to all customers as needed.

Mail delivery becomes more complex

When e-mail isn’t working correctly, it’s hard enough to diagnose the problem without throwing new places to fail into the picture. But that’s just what you’ve done with a new spam filter.

Get to know the mechanics of how your spam filter receives and delivers e-mail. Know how to interpret the log files and explain what they’re telling you. Also, if you aren’t already familiar with the rest of your e-mail infrastructure and how to troubleshoot problems within it, you need to get up to speed, because you’ll be using this knowledge more in the new environment.

Log file management in this area is your key to success. If you can trace an e-mail all along its path — both outside the company and inside — by examining its traces in your log files, you can handle most of the mail delivery problems that come your way.

Your Internet connection seems slow

After you have an in-house spam filter in place, you can easily forget that all the spam that was clogging up your pipes before you set up the filter is still getting delivered. The fact that you’re not seeing the spam anymore can mask how much spam is still coming in. For example, when a new spam network comes online, incoming spam can spike, increasing by 400 percent in your organization. But because the filter siphons away most of the spam, this increase doesn’t impact your inbox.

The increase can affect your Internet connection by simply filling up your connection with incoming spam because you don’t have the opportunity to reject it until it’s already been delivered. In some cases, spammers are sending to hundreds of nonexistent addresses at your company and the bounces are filling up your connection as well!

If your spam filter generates statistics on how much it’s blocking versus the overall volume of e-mail, keep track of those percentages. It’s even better if your spam filter can graph this sort of information over time because you can use these graphs to see spikes in spam delivery, as well as trends in how much e-mail and spam the company receives. Trends can show you when you will need to increase the capacity of your Internet connection or your mail infrastructure or both.

If your spam filter is an ASP, or even hosted off-site, this particular problem will not afflict you, because the ASP stops the spam before delivering your good e-mail across your connection. Keep in mind that over time, higher and higher loads probably burden the ASP, and so it may have performance problems if it isn’t proactively gearing up.