Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spam Filtering For Small/Medium Business?

kdawson posted more than 6 years ago | from the dumpster-diving dept.

Spam 453

or_is_it writes "The company I work for has been growing dramatically and I've been charged with the task of being the gatekeeper for our GFI Spam filters. This involves manually inspecting the subject line/to/from for all caught messages in each filter rule folder. For a company of about 50 people, in one day the number of spam messages can exceed 2,000. Neglect it for a day and you end up with quite a task on your hands. I've made the rules lax enough so important messages can go through, along with a few stray spams, for which I get bitched at. Tighten the rules up and then maybe an important time-sensitive email never gets to its intended recipient, and I get bitched at. Manually reading through all those subject lines is supposed to prevent that, but I'm only human and genuine messages can easily get overlooked. How do larger organizations deal with the spam issue? I can't imagine having one centralized person manually inspecting everyone's junk-mail header is the optimal solution. Purchasing a different commercial mail filter product is a possibility, but I'd like to hear some anecdotal evidence before jumping ship."

cancel ×

453 comments

Despite other issues (0, Funny)

Anonymous Coward | more than 6 years ago | (#23368182)

I just run my mail through a google account and it does great spam filtering.

Re:Despite other issues (3, Insightful)

Dan541 (1032000) | more than 6 years ago | (#23368380)

Why do people keep suggesting gmail as a viable option?

It's really not that good.

Re:Despite other issues (2, Interesting)

neokushan (932374) | more than 6 years ago | (#23368510)

I'm not really "in the know" of what's good or bad when it comes to spam filtering packages, but in the years I've been using gmail, I'd estimate maybe less than 20 emails that have hit my inbox have been spam. It only happens to me once every couple of months and I get around 100 pieces of spam a day, so I'd say that's pretty good.
As for the "false positives", only the most dubious of mailing lists seems to get caught (I still regularly check my spam just in case) and when I report them as "not spam", they never get mistaken for spam again, so I can't really complain either.
I'm not disagreeing with you, I'm simply just curious as to what makes it bad? Have I just been fortunate enough to not have any major problems or is there something that it should (or shouldn't) do when it comes to corporate use?

ASSP is your answer (3, Informative)

Lershac (240419) | more than 6 years ago | (#23368724)

I manage self-hosted email for several small-medium companies. ASSP is platform independent, low resource, and does a VERY good job. VERY very configurable, and free, open source, easy to modify, easy upkeep (almost zero action required beyond checking the logs to keep an eye on things) and free software.

In a company of about 75 email accounts it has blocked 4 million spams in a little over a year.

The false negative rate is so low it might as well be zero, and the false positive rate as well.

It uses among many other things whitelists,so your people never miss an email from an established contact, redlists, so a known spammer cannot ever be accidentally added to the whitelist, does spf checking, checks headers against spoofing, has an antivirus component, can forward a copy of all spam to a spamlover address and much much more.

and its free.

For a single sbs server, you can install it on the same box and zero out of pocket costs except for your time to install it (I would personally budget 20 hours for R&D for a first time administrator to install it).

Please email me if you want more detailed information on how it works for my clients. I can also put you in contact with end users at the executive level of these companies to ask how they like it (the final litmus test)

Good luck

Client-based? (5, Informative)

Gaxx (76064) | more than 6 years ago | (#23368192)

To be honest, for somewhere of that size I'd be tempted to use some sort of client-based filtering (along the lines of spambayes [http://spambayes.sourceforge.net/]) which would put the power and responsibility in the hands of your users.

Combined effort is necessary (3, Informative)

Z00L00K (682162) | more than 6 years ago | (#23368326)

I have a setup where I use a configuration of Sendmail as first line protection and I use several sources for spam filtering.

dnsbl/enhdnsbl is enabled for zen.spamhaus.org, bl.spamcop.net, combined.njabl.org, list.dsbl.org, dnsbl-1.uceprotect.net, dnsbl-2.uceprotect.net, dnsbl-3.uceprotect.net and sbl-xbl.spamhaus.org. With all these enabled there are very few spam messages falling through.

Adding to this I am using Mozilla Thunderbird which has a very good intelligent junk mail filter. The only disadvantage is that the junk mail filter has to learn what's junk or not.

The use of dnsbl/enhdnsbl also does bounce back to the sender with a reasonable message for the cases where a message is denied so the sender shall be informed about any messages that are denied. Of course - it isn't fool-proof, but it works for me.

Re:Combined effort is necessary (2, Informative)

Wolfkin (17910) | more than 6 years ago | (#23368434)

zen.spamhaus.org IS sbl-xbl.spamhaus.org , per their website.

Re:Combined effort is necessary (5, Informative)

entrigant (233266) | more than 6 years ago | (#23368504)

The use of dnsbl/enhdnsbl also does bounce back to the sender with a reasonable message for the cases where a message is denied so the sender shall be informed about any messages that are denied. Of course - it isn't fool-proof, but it works for me.

Do you generate a bounce, or do you reject with a 500 error and a proper message at spam time? You should not generate a bounce to remote mail. Ever. This is the cause of e-mail backscatter and is a significant problem. Always reject at SMTP time with a 500 error.

Re:Client-based? (-1, Troll)

smitty_one_each (243267) | more than 6 years ago | (#23368394)

To be honest
("you" in the following refers to a generic sales weenie)
No, lie to us and tell us that vendor X can fix that for us real easy.
We'll pay too much for system Y, which you will have about 80% of the functionality of the existing crap-heap.
Then you'll gradually sell piecemeal upgrades to system Y, eventually reaching 95% of the functionality of the now-fondly-remembered crap-heap that Y replaced.
Then you'll switch to vendor Z, excrement the loop counter, and the whole scatalogical cycle repeats.

Barracuda SPAM filter (4, Informative)

spacepimp (664856) | more than 6 years ago | (#23368202)

I purchased a Barracuda for my organization of about 120 employees, and it has been fantastic. I fine tuned a few options on the config and it has blocked about 200,000 emails in the almost two months i have deployed it. There are very few false positives, and very few that get through its filters. I actually get calls of gratitude from the end users about how happy they were not receiving any more SPAM messages. The hardest part was informing them the user base on the difference between the mailing lists they were on and SPAM. Barracudas support has been good as well.

Re:Barracuda SPAM filter (0)

Anonymous Coward | more than 6 years ago | (#23368256)

HAH - I had the same problem with my users, they just couldn't understand that the "Myhome.ie Monthly Newsletter" or whatever was not in fact spam, they understand perfectly that spam has to be unsolicited .. BUT claim to have never signed up to this newsletter although they are regular users of the site. I say we do away with our users, maybe organize a mass suicide or something? Save us the hassle of dealing with them!

Re:Barracuda SPAM filter (2, Interesting)

B00yah (213676) | more than 6 years ago | (#23368260)

Ya, i rolled a baracuda out in a similar environment back in 04, and the users couldn't stop singing the praises compared to the filtering our mx offered + my manual filtering. I strongly recommend baracuda for this size roll-out.

Re:Barracuda SPAM filter (1)

ewwhite (533880) | more than 6 years ago | (#23368378)

I'd also have to recommend the Barracuda. We moved to a Barracuda Spam FIlter 300 from Symantec's software product for Exchange. Although we didn't have an issue with Symantec's offering, the Barracuda was cheaper over the long-term and much more configurable. The logging is also a benefit. I think the OP's firm can get by with a Spam Filter 200.

Re:Barracuda SPAM filter (1)

SlamMan (221834) | more than 6 years ago | (#23368388)

Seconded. We've since outsourced our mail, but back in '06 we purchased a Barracuda for my 200 users, and had nothing but praise. A little spam still made it through (with a spam/ham ratio of 18 to 1, its impossible to let not a little through), but almost no false positives.

Re:Barracuda SPAM filter (0)

Anonymous Coward | more than 6 years ago | (#23368416)

Agreed. While I normally stay away from commercial products, this one is a winner. The combination of per-user filters plus quarantine of borderline email just solves the problem.

ARGH! Barracuda SPAM filter (1, Insightful)

Anonymous Coward | more than 6 years ago | (#23368620)

I've got so much backscatter from ill-configured Barracudas that I suspect them to have some really sick defaults.

To me, Barracuda has become more a synonymous of spam. Sigh.

Re:Barracuda SPAM filter (1)

Astralmind (120317) | more than 6 years ago | (#23368642)

The problem's I've noticed with Barracuda's is they seem to like to accept then bounce emails. I've had to put special checks in my email filter to block them and a lot of places I know that have them end up on RBLs that watch for backscatter.

dajones70 (2, Informative)

Anonymous Coward | more than 6 years ago | (#23368204)

Use MailScanner with the MailWatch GUI and after a few weeks or so of monitoring and tweaking, it will run on autopilot and you can sleep well. http://mailscanner.info I have it running on a number of small businesses and they are very happy with it.

Re:dajones70 (2, Informative)

Linker3000 (626634) | more than 6 years ago | (#23368702)

Absolutely MailScanner - thread over!

http://www.mailscanner.info/ [mailscanner.info]

Our organisation runs 5 Linux Servers around the UK for mail services and they are all using MailScanner + Postfix + SpamAssassin + ClamAV + Bitdefender.

Great installation instructions (all-but bitdefender) here: http://www.hughesjr.com/content/view/14/ [hughesjr.com]

The mailing list for MailScanner is very well supported by the users and the devs.

Why doesn't spam filtering work? (0, Offtopic)

XxtraLarGe (551297) | more than 6 years ago | (#23368206)

I use Apple's mail client on OS X 10.3.9 as my main e-mail, and the junk filtering is only so-so. I set it up so that unless a recipient's e-mail address is in my address book, it should go to the "junk" folder. Still, I get about a half-dozen junk e-mails in my regular mail in-box every day. I looked at the headers and there's nothing hidden in there to suggest that they're forging an e-mail address in my address book, but they still make it through. Seriously, the set-up is very straight-forward, why does it still not work?!?

Re:Why doesn't spam filtering work? (1)

RiotingPacifist (1228016) | more than 6 years ago | (#23368494)

Thats just apple sucking, while spam filtering sucks if your working on a whitelist you should get no-spam in your inbox but lots of emails in your spam box.
Last spam filtering i used was turning up false positives too often, although its been a while since i botherd with an automated system, i just relly on social engeniering now (dont give out my email to strangers, and use a webmail(yahoo as i had one lying about) for any signups.

SpamAssassin (1)

hlt32 (1177391) | more than 6 years ago | (#23368210)

Re:SpamAssassin (3, Insightful)

Dan541 (1032000) | more than 6 years ago | (#23368408)

I cast my vote for SpamAssassin.

When set-up with good rules and RBLs it blocks at least 99% spam with very low false positives (I've never had a false positive).

Send anything tagged as spam to another account such as spam@domain (I do this) then you can manually check for false positives to further reduce the chance of losing legit email. (or if a user complains that an email they expected never arrived)

Re:SpamAssassin (0)

Anonymous Coward | more than 6 years ago | (#23368728)

Seconded. After throwing a few months worth of mail at sa-learn, no one's complained to me about a single false negative and I've only received a handful of false positives (again, easily thrown at sa-learn). Even if you don't have a mountain of spam/ham ready to throw at it, SpamAssasin can also run messages past DCC/Pyzor and various DNSRBLs to make up for it. (As for RBLs, I recommend zen.spamhaus.org.)

email != IM (4, Insightful)

Viraptor (898832) | more than 6 years ago | (#23368212)

> maybe an important time-sensitive email never gets to its intended recipient

When will users learn...
Email is not instant messaging - with bad greylisting / random connection reset / busy server, you can get >=2 hours delay. And it's normal.

Re:email != IM (4, Insightful)

cfulmer (3166) | more than 6 years ago | (#23368516)

Your assessment of the current state of email is correct. But, blaming users for using it to fill a need when there is no realistic alternative is silly.

email is ubiquitous and easy. 99.5% of the time, it's nearly instantaneous. Should I really have to get an IM account on google, yahoo, aim, microsoft, etc.... so I can deal with time-critical messages? And, for that matter, should everybody else?

Re:email != IM (3, Interesting)

SCHecklerX (229973) | more than 6 years ago | (#23368616)

Businesses shouldn't be using those for internal communications anyway. Set up a jabber or irc server internally for that.

Re:email != IM (1)

phoenixwade (997892) | more than 6 years ago | (#23368630)

Your assessment of the current state of email is correct. But, blaming users for using it to fill a need when there is no realistic alternative is silly.

email is ubiquitous and easy. 99.5% of the time, it's nearly instantaneous. Should I really have to get an IM account on google, yahoo, aim, microsoft, etc.... so I can deal with time-critical messages? And, for that matter, should everybody else?
if it's time critical, pick up the phone or send a fax, and IM, a text message, or use features in one of the groupware offerings, there are viable alternatives in the wild, using old and new technology.

The simple fact of life is that if you depend on eMail for time critical message transfer, then you will, sooner or later, get burned.

Re:email != IM (1)

Dan541 (1032000) | more than 6 years ago | (#23368612)

Email isn't intended to be used as instant messaging but it is instant in most case's I've tested my email in the past againsed MSN Messenger and sometimes it's faster.

So it's easy to understand why user's assume that the email is instant (Altho their still wrong to assume so), most email delays I've gotten have been with large amounts of attachments

Take a tip from the BOFH (0)

Anonymous Coward | more than 6 years ago | (#23368214)

You cannot win. Redirect the lot to /dev/null and quit.

Greylisting (1)

Kiall (873674) | more than 6 years ago | (#23368218)

I've found Greylisting to be very effective... The only issue is that it delays the first e-mail from someone outside the domain by a few mins. http://en.wikipedia.org/wiki/Greylisting [wikipedia.org]

Re:Greylisting (0)

Anonymous Coward | more than 6 years ago | (#23368598)

We had to stop using Greylisting because many state and federal agencies use email appliances that are incompatible with Greylisting and respond to any 400 reply as if it were a 500 reply. That is, when told to try again later, they treat it as a fatal error.

Force keywords in the subject line (3, Interesting)

therufus (677843) | more than 6 years ago | (#23368224)

I've had to send emails to recipients within the Australian Defence Force (specifically, the Army), and every email sent from a civilian must include a keyword within the subject line. The keyword is to do with whether or not the information is classified or unclassified. Sure, getting all the clients to send all their emails with [companyname] in the subject line is a little annoying, and may not be possible depending on your circumstances, but the chances of spam having that keyword within it is virtually impossible.

Set up an automated filter whereby anything that doesn't have the keyword in the subject gets dumped into a spam box to be sorted later. If the senders do the right thing, it assures their emails will be directed to the correct person.

This is just one example of active spam filtering as opposed to the passive spam filtering used in IT today.

Re:Force keywords in the subject line (1)

liquidpele (663430) | more than 6 years ago | (#23368470)

Honestly, that would work for a *very* small or specialized group, but for any real business it's insane. Sorry.

Re:Force keywords in the subject line (0)

Anonymous Coward | more than 6 years ago | (#23368512)

I'm fairly certain that the classification keyword system has nothing to do with spam, rather it is designed as a informational service between AU government departments. (the classified, unclassified system)

I'm not actually sure the gain, but you are meant to configure your gateway to deny/accept based on the trust level of the sending gov department.

It would be a trivial system to work around as a spammer if implemented with the intention of reducing spam

Power to the people :) (5, Insightful)

grantdh (72401) | more than 6 years ago | (#23368230)

Whatever solution you get, the simple answer is:

1) Set up the system to put junk mails in a folder the user can see

2) Train the end user to check their junk mails

3) Show the user how to set the spam triggers high or low and what the implications are

If user says they're too busy/important, advise them that due to your workload, their email box will be added to the "manually checked list" which gets done once per week. Point out the impact of losing a time-critical email wrongly flagged.

Most times they do it themselves. For those who are dead set on having someone else do it, hire a temp or arrange for an office junior to do it.

If you're in IT, you have better & more important things to do than check for real mail in a junk mail box...

Re:Power to the people :) (0)

Anonymous Coward | more than 6 years ago | (#23368374)

1) Set up the system to put junk mails in a folder the user can see
2) Train the end user to check their junk mails
I don't understand why spamfilters come up with this solution. What is the point if I still have to go through each and every mail manually ?

Re:Power to the people :) (1)

paganizer (566360) | more than 6 years ago | (#23368450)

BOFH, is that you?
Up until 2006 (I retired) I ran a in-house mail server (well, in-basement, actually) with about 250 users; when the SPAM started hitting the 200+ mark per day I figured the bandwidth savings alone would be a good reason to stop it as much as possible at the server.
I used ORBS, blocked all of asia-pacific net, and ran ASSP (Anti-Spam SMTP Proxy). After around 5 days of training I had SPAM down to maybe 3-5 a day per mailbox; I never could beat that number.

Re:Power to the people :) (1)

phoenixwade (997892) | more than 6 years ago | (#23368680)

I used ORBS, blocked all of asia-pacific net, and ran ASSP (Anti-Spam SMTP Proxy). After around 5 days of training I had SPAM down to maybe 3-5 a day per mailbox; I never could beat that number.
I'm managing a little better than that with Spamassassin, a few SARE rules and some tweaks to the scoring (mostly upping the scores on the RBL's) We seem to be averaging around 2/day/act for around 3000 user accounts.

The sacrifice is 2 or 3 false positives a month.

If I can get an acceptable handle on the backscatter problem we're currently dealing with, we can improve this, I believe.

Nothing's perfect... (2, Insightful)

msauve (701917) | more than 6 years ago | (#23368232)

As you've found, an automated system can be tuned, but you'll always have false positives/negatives.

I like the way spamassassin [apache.org] works - it can provide a rating for each message, which provides a mechanism for users to set the bar to their own preference, instead of having a single setting for the entire organization.

I'm not talking about using individual configurations for spamassassin, it's not realistic to expect most users to be able to deal with all the gory detail of spam filters.

Rather, spamassassin can set a header to indicate its confidence that a message is spam:

X-Spam-Level: ****
It adds an asterisk for each "point" of spam score. Users should be able to create an email filter which picks off suspected spam and puts it into a separate folder based on a header like that. Maybe drop all 10+ messages centrally, and let users tweak a local filter to their liking, depending on whether they prefer false positives or negatives.

I use spamassassin as an example only because that's what I use. There are no doubt others which can provide something similar which users could filter on.

Commercial Services (1)

Secrity (742221) | more than 6 years ago | (#23368234)

You might want to consider using a commercial email filtering service, such as messagelabs.com.

Re:Commercial Services (1)

testostertwo (1203692) | more than 6 years ago | (#23368464)

I agree, you should check these out at least.

When we first implemented messagelabs' spam filtering my biggest problem was dealing with a large number of users thinking their email setup was broken, there was such a drop in traffic.

hosted spam filtering (0)

Anonymous Coward | more than 6 years ago | (#23368238)

I'd say it really depends on the budget. For 50 users, I'd use hosted solution like from Google Postini which cost about $12 per user per year. The trend nowadays for any spam filtering is really look like going toward SAAS model.

Alternatively, if you prefer an in house solution, you could use Barracuda Spam Firewall, but it still requires some tweaking building the bayessian filter by marking legitimate emails and spam.

Best purchase ever... (0)

Anonymous Coward | more than 6 years ago | (#23368240)

Postini.com completely managed service.

Postini (2, Informative)

chill (34294) | more than 6 years ago | (#23368242)

Postini's anti-spam service does wonders. We use it for about 200 accounts and people love it. It works, rarely gets things wrong and is simple. IT (me) loves it because spam is no longer my problem. For a fee that would be less than my effort and aggravation is worth, they take care of it. We are currently investigating expanding use to compliance filtering and archiving as well.

For the record, Google purchased Postini in the not to distant past.

Re:Postini (1)

SkyDude (919251) | more than 6 years ago | (#23368604)

Postini's anti-spam service does wonders.

I would second that. My former employer went with Postini in 2003 and the management of spam became a piece of cake. I used to see about 2-3 false positives in my email each month, but it usually was due to the sender creating newsletters that were "spammy", in other words, had many spam characteristics. After several attempts to get them to test their emails on a testing site, they finally did and never got caught in the Postini filters again.

We had used SpamAssasin from 2000 until 2003 and while it worked well, the definitions had to be updated regularly or spam would creep through.

Re:Postini (1)

Nimloth (704789) | more than 6 years ago | (#23368692)

I agree. We wanted to make the move out of a similar service we were using: Modus Gate. Simply wasn't cutting it anymore. I tried to setup GFI but the tweaking and triple-checking was just too much work for me (IT) alone. We went back to Modus.
Last month I proposed switching to Postini for which I'd read a few positive reviews, the switch was easy, the complete setup for 30 users was done in under an hour, and it's been working GREAT so far.
We paid 3$/month/user with Modus Gate. Positi gives us the same service with better results for 3$/user/YEAR!
Try it, your headache will go away.

Frontbridge Spamshark (3, Interesting)

_Hellfire_ (170113) | more than 6 years ago | (#23368246)

How do larger organizations deal with the spam issue?

I used to work for a mining company you've heard of. Our department had responsibility for managing the email vendor, who used Spamshark to filter spam coming into the organisation. From my limited knowledge of the setup, Spamshark does basic blacklisting etc. but also does selective blacklisting on specific IPs when an email is flagged by a user. So Alice flags a message as spam, Spamshark figures out the message id, grabs the IP address it came from (it knows because it previously handled the email), and then blacklists that IP for a certain amount of time. Now this internal blacklist is then shared to all the other customers who use Spamshark, so they are now protected too; resulting in a 5 nines hit rate on spam.

Like I said we just handled vendor relations, and the above description might not be totally accurate, but this is what I gathered when we dealt with them. I also remember getting about 10 complaints of spam a month for an organisation with 10's of thousands of email addresses - so it was very effective.

Re:Frontbridge Spamshark (2, Informative)

badger.foo (447981) | more than 6 years ago | (#23368334)

> Now this internal blacklist is then shared to all the other customers who use Spamshark, so they are now protected too; resulting in a 5 nines hit rate on spam.

And more false posistives than you would actually like to have. I've been at the business end of one of Frontbridge's blacklists. One of the domains I admin got blacklisted a full three weeks after the hosting company screwed up and let phishers set up a paypal scam site as the "test1" user to live for all of 22 hours. Three weeks later, one of the company's main customers, who happens to be a frontbridge customer, is no longer able to receive mail from us. A an unfinished writeup is at bsdly.net [bsdly.net] - I just gave up in disgust after trying to write an article about the incident.

Re:Frontbridge Spamshark (1)

liquidpele (663430) | more than 6 years ago | (#23368496)

I've seen spam servers add bogus headers so it looks like the original email came from 127.0.0.1 or 1.2.3.4 or other fake IP addresses (it basically adds those when initially sending the email so it looks like it's just relaying the message when it's a actually doing the sending). That type of spam would tear that system apart without SPF or some other type of auth.

Re:Frontbridge Spamshark (1)

_Hellfire_ (170113) | more than 6 years ago | (#23368708)

I don't know if it would be as simplistic as 1) get email 2) check for spam 3) if spam then blacklist host. If I was creating a spam firewall for use by large corps I'd employ some sort of hit counter and other funky mathematics to determine heuristically if the connecting server is an open relay; or if it is a closed relay relaying one or two dodgy messages.

Re:Frontbridge Spamshark (1)

mrbooze (49713) | more than 6 years ago | (#23368690)

Friends of mine in various retail businesses say it is *very* common for a few customers who actually requested to join their mailing list to report them as spam later. They have to deal with being blacklisted for their opt-in only mailing list 2-3 times a month.

Time to ditch GFI (1)

RichMeatyTaste (519596) | more than 6 years ago | (#23368248)

The lack of OCR image scanning is reason enough to ditch GFI. My previous employer sold GFI for years but as it became less reliable we switched to SonicWall Mail Security appliances. They are less expensive than Barracuda, but the accuracy rate has been out of this world. A little secret: the devices don't enforce their license limits. No matter what size you buy (among the smaller units) the devices are the same. I've found that the device works fine as is, but if your company gets a lot of spam (say 200+ daily per person) you might want to enable at least one DNS black list. I usually added the entire sorbs DNS black list. I also set up catch all email addresses (john.smith@xxxx.com) that the device uses to train itself. The device reads all email sent to these nonexistent users and uses it to identify spam/train itself for everyone else. The device can be configured to send daily summary emails that users can read and unjunk directly from the email if need be. In all honesty after a few months the users will find it so accurate that they will just ignore the email alltogether. Make sure you update it out of the box, they never ship them with the current hd image). You can view the web UI at the SonicWall site, they have a demo unit set up. The device costs more than GFI (about 2G up front for the smallest unit, a few hundred a year to renew the updates) but trust me it will pay for itself in terms of less spam management labor all around. I've installed/configured about 20 of the SonicWall devices and probably 80 GFI ME/MS and they really don't compare. You can go with outsourced solutions, but the truth is that people will never log in and check their spam.

Charged with WHAT TASK? (0)

Anonymous Coward | more than 6 years ago | (#23368252)

Charged with WHAT TASK? Manually sift through the entire company's spam folder?

Somebody, please tell me this is not a regular thing at U.S. companies. It's not, right? It's not, no, it's not? It just can't be, no? You can't just tell a human being to read all junk mail for fifty people, 'cause it's inhuman, right? Right?

(a European A.C. about to move to the Americas)

OpenBSD spamd (4, Informative)

DaMattster (977781) | more than 6 years ago | (#23368272)

I've had excellent results with this particular product. Spamd uses blacklisting, greylisting, and tarpitting. It really is delightfully evil and still makes me smile because it includes a fake smtp daemon which sets the tcp rcv window to 1. This is a kick in the nuts to the spammer. I've used it with resounding success at a client who was recieving 2000 spam emails a day. Prior to implementing spamd, we were using just a Barracuda. When I combined spamd and the Barracuda, spamd caught about 1975 of the spam messages and the barracuda took over from there. No false positives and we've been running for three months. This link details how to set it up, http://www.linux.com/feature/61103 [linux.com] .

Re:OpenBSD spamd (0)

Anonymous Coward | more than 6 years ago | (#23368286)

spamd is superb. The University of Alberta uses it to filter out 95% of the spam hitting the network. If you use the universities whitelist, you'll have a great starting point.

Re:OpenBSD spamd (1)

grub (11606) | more than 6 years ago | (#23368684)


I'll second (or third) OpenBSD and spamd. I've been using it since very early on and it's just outright awesome.

Even if you don't want to use any of the cool firewalling features in the system, just putting a box with this in front of your mail server acting as an SMTP 'prefilter' will save you oodles of pain. Not a unixish person? Hell, mail me and I'll help you set it up.

SPAM solution (0)

Anonymous Coward | more than 6 years ago | (#23368276)

I work for a company with about 500 users on the network for email purposes and we use Trend Micro IMSS (InterScan Messaging Security Suite)7.0 for Linux. (They offer a windows solution for IMSS but we prefer the Linux solution) This is basically a linux box (RHEL 4.0/CENTOS 4.0) with postfix as an MTA and the postfix server is used as an email gateway for our Microsoft Exchange server. This system catches about up to 10,000 spam a day with a miss rate for less than 1 % (I track these numbers every day). In the month of April we caught about 267,000 spam for the month. The reason why we don't use the windows version of IMSS is while running version 5.7 of the linux version we had an attack that would have allowed a hacker to gain admin rights on the box had it have been a windows box. We were considering changing to a windows version of IMSS (I have one co-worker who is VERY windows centric and just doesn't understand linux at all!) at that time but that one attack sold us on the linux version of IMSS. I have no idea what this all cost, I don't get involved in that side of the business but as a solution it is great! I'm sure you could also build a CENTOS 4.0 with Postfix and spamassassin with the same effect. Much good luck.

Maia (1)

online-shopper (159186) | more than 6 years ago | (#23368284)

I wouldn't bother with most commercial systems, and greylisting is only part of the solution. What I have done multiple places (and always been happy with) is to have an offsite mail filter / mail backup such as no-ip.com(I happen to use them, anybody with similar service is fine should be no more than around $50/year). They do some basic filtering. then send the mail on to you. At that point I use maia mailguard ( http://www.maiamailguard.com/maia/wiki ), it's essentially a frontend to spamassassin(which is what most commercial appliances use) that gives each user the ability to set their own spam threshold as well as how often they get notifications of spam. It provides per user statisitics as well.

For example, at work I have my spam threshold set to 2, while the suppport mailbox is 10. so I get very little spam, but the occasional email is blocked, while support email always goes through, but we get a bit of spam.

I have the opposite problem... (0)

Anonymous Coward | more than 6 years ago | (#23368290)

We run a mid sized hosting company and we need a way to filter the spam complaints out to our customers. The problem is that every spam database sends a different kind of email with different information, most include the mail server IP but some don't. Is there any solution available for that?

Subscription based anti-spam solution (1)

LinuxDon (925232) | more than 6 years ago | (#23368292)

IMHO, in the long run a subscription based anti-spam solution is the only way to go. Spam is mutating every day and having to keep up with it yourself is an exhausting task. So you'll have to treat the spam problem as you do with viruses: purchase a subscription product that is updated daily.

We're using Astaro Mail Security (www.astaro.com), which works great. Spam is down to a minimum, and it delivers much better results than open source solution I had in place before that.
FYI: I receive about 300 spam messages a day and only once in a few days one or two messages slip through with the solution mentioned above.

But please note that there are a lot of different anti-spam vendors, all with their own advantages/disadvantages, price tag and quality.

In my personal experience, while I'm a big fan of open source, open source anti-spam solutions require too much configuration and maintenance to really be practical in the long run. But your mileage may vary depending on the requirements your company sets forth.

ESVA all day long (2, Informative)

erroneus (253617) | more than 6 years ago | (#23368298)

I've been running this for quite some time with fantastic results. It's a VMWare appliance.

Inside, there is greylisting and MailScanner. Within MailScanner, there is SpamAssassin, some RBL, ClamAV and all sorts of things.

For my organization, I find that in addition to everything else "stock" I can safely filter out all countries but the U.S. since we don't do business outside of our state, let alone our country... so it's safe to assume that anything from outside the US will be spam.

It is extremely effective. I have helped to get the VM set up in environments with multiple domains and it works very well too.

One problem with it is that it is rapidly aging. The user community has made some effort to get the VM up to date in some ways, but the 2.0 version as far as anyone can tell is still in discussion and planning. The project creator and leader is a one-man-show and he seems to have a life outside of this project for some reason. The user community is frantic to get something to replace the aging 1.7.1.5 machine we all use as the reference point for our installs.

Set up greylisting, preferably OpenBSD PF + spamd (1)

badger.foo (447981) | more than 6 years ago | (#23368302)

Subject says it all, really. The best approach is to set up an OpenBSD machine as your gateway, filter traffic using PF to any degree you desire, and please set up spamd in greylisting mode (the default).

That will take care of most of your spam right there, and you could usefully have something like a spamasassin and clamav combo running in the delivery phase on your real mail server.

Useful references: Firewalling with OpenBSD's PF [home.nuug.no] (tutorial)
The Book of PF [nostarch.com]
and Effective spam and malware countermeasures: Network noise reduction using free tools [home.nuug.no]

And yes, I've blogged a bit about this too, over at my blog [blogspot.com]

This is largely a known-solved problem (4, Informative)

Arrogant-Bastard (141720) | more than 6 years ago | (#23368308)

The place to ask this question isn't here, it's on the "spam-l" mailing list, which arguably has the highest concentration of the world's most experienced anti-spam researchers and developers. Simple techniques for tackling this have been repeatedly covered there over a period of many years, and their behavior is well-understood and predictable, making them viable choices for production systems. So I would suggest that you subscribe to that list (via listserv@peach.ease.lsoft.com) and repeat your question there, along with some indication of your MTA environment.

Meanwhile, here is some general guidance. First, do not waste your money on commercial products -- they're expensive, poorly-maintained, and in many cases (e.g. Barracuda) actually make the spam problem worse via backscatter. (There are now several thousand Barracudas on a communally-maintained blacklist, making it obvious to everyone working in this field that Barracuda is completely incompetent.) Second, do invest your money and time in open-source solutions: it is easy for anyone who possesses baseline competence in mail to craft their own, superior spam handling system using postfix or sendmail or another open-source MTA, DNSBLs, RHSBLs, judicious configuration, and other tools such as rbldnsd, mimedefang, SpamAssassin, ClamAV, and so on. Third, a little googling will reveal near-cookbook procedures for combining these pieces of software together into a useful system; which cookbook procedure is appropriate for you depends on your environment -- which brings me to the fourth point, which is that you need to perform log analysis in order to understand your particular mix of spam/not-spam. Everyone's is different, which is why one-size-fits-all solutions usually fail. Only after you have some clue about the size and shape of your problem will you be able to determine which approach(es) are likely to minimize both false negatives (FN) and false positives (FP).

As an aside, one set of highly effective anti-spam tactics involves enforcing RFC requirements that have been in place for many years: for example, all mail servers must have rDNS; that rDNS must resolve to a host which in turn resolves back to the IP; the domain of the host must exist; the host must HELO as a valid FQDN or bracketed-quad IP; the envelope-sender's domain must exist; the host must not HELO as you; the host must wait for the SMTP greeting before HELO'ing; the host must handle a multi-line SMTP greeting; the MX records for the host must point to valid IP space; and so on. Enforcement of these requirements yields differing rates of spam control (which is again why log analysis is crucial) but has the very valuable property that it can be done at low computational and bandwidth cost. Substantial experience with these suggests that enabling them and augmenting them with a few DNSBLs (especially the Spamhaus Zen zone) is enough to deal with the overwhelming majority of the spam problem at most sites, reducing what's left to a much smaller issue to be dealt with.

Re:This is largely a known-solved problem (1)

SlamMan (221834) | more than 6 years ago | (#23368430)

Barracudas have a checkbox to disable sending backscatter. Their documentation even recommends checking it.

Re:This is largely a known-solved problem (1)

Arrogant-Bastard (141720) | more than 6 years ago | (#23368544)

We know. We've known for years, and in fact it is the advocacy of the professional members of the anti-spam community which directly led to Barracuda's reluctant decision to change the default state of that checkbox. The problem is that this should not even be an option because -- as we are painfully well aware -- many people who do not fully understand the consequences of that checkbox will set it to the incorrect state, promptly begin spewing spam, and soon after get themselves blacklisted.

This is by no means the only problem with Barracuda systems (their miserably poor security is another, for example) but it's the one that directly impacts everyone else on the Internet, since it results in an anti-spam strategy consisting largely of "throw your garbage at someone else".

As an aside, it's quite telling that across all the mailing lists used by experienced professionals to discuss spam -- spam-l, ietf-asrg, spamtools, etc. -- that there are no active participants from Barracuda. This speaks volumes not only about their systemic failure to learn from the far-more-experienced members of the community but about their willingness to explore solutions beyond merely stopping spam. (After all: if the spam problem were actually significantly reduced in scope, what would Barracuda sell?)

Re:This is largely a known-solved problem (1)

TiredOfCrap (885340) | more than 6 years ago | (#23368596)

I absolutely endorse everything you say. We are a corporate web hosting company, and constantly receive praise for the lack of spam received.

There is, however, a downside. The solution you advocate, which is the system we use, takes time and expertise to administer, making e-mail hosting a proverbial pain.

We enforce RFC requirements, and this occassionally causes a problem, and we are forced to whitelist an IP to overcome it, but it is becoming less of a problem as mail admins are learning that the rules are there for a purpose. Anything with an X-Spam level of 10 or more is automatically rejected. Anything with an X-Spam level between 5.0 and 10 is retained for administrative sorting, and is then either delivered to the recipient as valid, dumped into a special mail folder for bayesian filter training, or plain dumped.

There are really three kinds of mail: valid mail, semi valid mail and viral/spam mail.

Using the systems Arrogant-Bastard has advocated means that valid mail passes through, semi-valid mail is held for administrator attention, and 99% of spam is rejected. Consequently your prime worry is the semi-valid mail. This is usually bulk e-mail sent by legitimate companies like Amazon or Borders. It is pure advertising, and the mail admin has to determine whether to dump it or move it along, and we make this decision based on the principle that all our mail users are corporate users who require real messages, and do not want their mailboxes cluttered with advertising from a website they once made a purchase from.

There is no simple "one-stop" fix for this problem, it does require administration, but administering 50 users is a lot easier than administering thousands of users, and, once configured, your admin effort will probably be about 1 hour per day.

Google Message Filtering service (0)

Anonymous Coward | more than 6 years ago | (#23368336)

The best service I ever subscribed for: $3/user/year. As a non-profit, my company got another 50% discount.

http://www.google.com/a/help/intl/en/security/compare.html#utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha&utm_term=google%20message%20filtering

This came from Google's Postini acquisition.

For this service, you change your MX record to Google's filtering server and set your mail server to only receive incoming SMTP traffic from Google. Google's email filtering for spam and virus is real-time. Google do not retain your email so your privacy is assured. I was able to cut down 80% of traffic from my SMTP server.

Use a bayesian filter system (1)

mconstable (103362) | more than 6 years ago | (#23368338)

You could try a dynamic bayesian filter system like Bogofilter or Dpsam. If the internal staff use IMAP then create a couple of training folders and let the end users train up their own filter database by dragging ham or spam from their Inbox and Spam folders to the appropriate retraining folder. A bash script on a 5 minute cron job can do the retraining, which is effectively instant retraining. Bogofilter on it's own in tri-mode (ham, spam, unsure) works great without even thinking about Spamassassin. I use Dspam now and get about 1 spam per day in my Inbox out of 100 to 200 spams in my Spam folder. It takes me 5 seconds to drag it into the retraining folder, ie; no effort at all. All spam is kept in the Spam.Unsure folder for 24 hours but that could easily be for a week, or more, so nothing is actually immediately deleted. If the end-user checks their Spam.Unsure and Spam folder every now and then for false positives then you don't have to do anything. Woops, maybe you need the job... hang on, leave things the way they are and keep your job.

sender IP (1)

stabiesoft (733417) | more than 6 years ago | (#23368340)

I've found filtering on sender IP to be very effective. Greylist IP's that don't match sender domain name, blacklist all unknown sender IP's and all dynamically assigned IP's. (Real companies don't use an ADSL or cable dynamic IP address). My latest tweak (and I'm not excited about adding it) is to do a check of the nameserver for the domain. If it is domaincontrol.com, I dump it. I guess the spammer's have figured out some of the registrar's will collude with the spammers for the 10 bucks per domain. After all that, I get 5 spam's per week(max) and have not had complaints of bounced mail. Because it is not examining content, it is very fast as well.

Re:sender IP (0)

Anonymous Coward | more than 6 years ago | (#23368732)

Unfortunately, many blacklists that claim to only contain dynamic IPs also lump in IP ranges that appear to by dynamic but aren't. I run my own mail server from my ADSL line, and occasionally get my mail blocked (or worse, silently deleted) because some dumb sysadmin accepts the result from a single blacklist.

PS: You won't get complaints of bounced mail if the sender can't contact you. :-)

SpamStopshere will solve it (1)

websiteadvice (1287436) | more than 6 years ago | (#23368350)

I don't work for them, but I sing their praises. http://www.spamstopshere.com/ [spamstopshere.com] Tell them Scott Clark sent you. Good Karma.

earthlink does whitelist only: (1)

simplerThanPossible (1056682) | more than 6 years ago | (#23368364)

This the email earthlink sends out:

I apologize for this automatic reply to your email.

To control spam, I now allow incoming messages only from senders I have approved beforehand.

If you would like to be added to my list of approved senders, please fill out the short request form (see link below). Once I approve you, I will receive your original message in my inbox. You do not need to resend your message. I apologize for this one-time inconvenience.

Click the link below to fill out the request:

https://webmail.atl.earthlink.net/wam/addme?a=%5BEMAILHERE%5D&id=%5BIDNUMHERE%5D [earthlink.net]
Does anyone have experience with this?

Re:earthlink does whitelist only: (1)

SCHecklerX (229973) | more than 6 years ago | (#23368636)

As a sender, yeah. I'm sorry but unless you actually want mail from me, you're not going to make me jump through hoops to send it. This is a broken design. Not to mention all of the automated emails from online business transactions you would lose. Not a good idea.

Exim + Spamassassin (1)

_ivy_ivy_ (1081273) | more than 6 years ago | (#23368370)

I use exim4 with the sa-exim patches to allow spamassassin checks while the TCP connections is open. We use this in a 160 user company.

Be sure your setup does all the checks at while the SMTP connection is open, so you can avoid backscatter. I use greylisting to help avoid false positives. I also use callbacks to verify the authenticity of the sender. I'd recommend caution here, because this can really cause false positives.

Be sure to have good HELO filtering rules, as that will detect a surprising majority of spam and viruses, as well as misconfigured exchange servers that don't use a FQDN in the HELO line.

Add a fronline Spam Filter Relay (1)

RaBiDFLY (38196) | more than 6 years ago | (#23368376)

We've been using PureMessage for Unix for about 3 years, but most likely won't be next year when it's time to renew.

We use a dedicated postfix server (that comes with PureMessage). Each message is sent to PureMessage via "content_filter=". After the message has been tagged as spam, it's sent back to postfix with the subject line tagged with "[SPAM:####" (the number of #'s are an indication to the messages spam level). Then the message is relayed to our Exchange server.

Yesterday afternoon I was working on configuring the postfix system to perform message checks to get rid backscatter http://en.wikipedia.org/wiki/Backscatter_(e-mail)

While searching for ways to have postfix do this I ran across some basic spam fighting tips. Before I implemented the below postix additions, I myself was recieving on average 5 messages an hour tagged with [SPAM:####]. Not one single spam message has hit my inbox since yesterday, and I've been watching /var/log/maillog to make sure nothing is being rejected that shouldn't be.

#main.cf
smtpd_recipient_restrictions =
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    permit_mynetworks,
    reject_unauth_destination,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client list.dsbl.org,
    reject_rbl_client zen.spamhaus.org,
    permit

So far everything that has been blocked is due to the sending server being listed on those RBL lists. RBL checks can be easily added to other MTAs if you're not using Postfix.

Of course I'll be monitoring the situation closely for awhile to make sure nothing is being rejected that shouldn't be, but if this sort of configuration can save you from looking at hundreds of messages a day, it might be worth a look.

Dan

Kind of obvious (1)

SCHecklerX (229973) | more than 6 years ago | (#23368412)

Use whatever you want for your internal mail server, but use sendmail with miltering for your internet facing relays.

With sendmail, use mimedefang, spamassassin, and milter-greylist (actually that last can be implemented yourself in mimedefang, I just never had the time).

The nice thing about this solution is that it does not require you to pay some third party a huge amount of money each month, while doing exactly what they do (actually better), and it is fully customizable to fit into your environment (want to do a virus quarantine? Custom rules per employee? do interesting things based on different domains?). You can really get to pretty much 0 false positives while removing all of the cruft with this solution.

In sendmail configuration, use greet pause, bad receipt throttling, and all of the privacy flags.

For your mimedefang filter, add rejects for these things:
  - relay is in the spamhaus zen list or dsbl.org blacklist
  - helo of sending relay is not FQDN or IP Address
  - sender claims to be from your domain
  - relay's helo claims to be a system on your domain
  - relay's helo is RFC1918 address

For your spamassassin (which now that you are rejecting obvious stupidity, won't be called as often, saving CPU and Disk cycles on your relays!) use automatic SARE rules.

Train your help desk on basic mail troubleshooting (greylisting can be troublesome at first) so that they can help with the trivial stuff rather than call your mail admins all of the time. Give them an interface to see what is going on in the logs.

that's actually a good solution (3, Interesting)

nguy (1207026) | more than 6 years ago | (#23368418)

I can't imagine having one centralized person manually inspecting everyone's junk-mail header is the optimal solution

Actually, that strikes me as a good solution; it's certainly better than having other employees dealing with spam as part of their daily routine and losing 30 minutes/day for everybody in the company. And by centralizing it, you have the ability to pick the tools to make your work more efficient, as opposed to having 50 employees each fiddle with their own spam filters.

ASSP (1)

chipperdog (169552) | more than 6 years ago | (#23368422)

I've found ASSP [asspsmtp.org] to be very effective in our organization of 150 mailboxes. Supports Greylisting, Bayesian filtering, SPF, RBL, REGEX, and more...It is a two-way filter, so recipients of mail sent from your organization will be whitelisted for a period of time, and SPAM is stopped at the SMTP level (resulting in a SMTP failure), so no messages should be lost...end users can submit spam messages by simply forwarding them to a specific address (e.g. asspspam@domain). All spam can also be sent to a specific email address for easy retrieval of false positives (although after the Bayesian filter is trained properly, there is VERY little), in addition, all legit messages can be cc'd to another email address, which we use for email archiving (maildir is tar.gz'd weekly)

This... is a joke, right? (0)

Anonymous Coward | more than 6 years ago | (#23368426)

This has to be an utter fake. 50 employees and you're hand-tagging the spam? I'd say it's possible you've never heard of spamassassin, but this is SLASHDOT for fucks' sake.

SpamAssassin (0)

Anonymous Coward | more than 6 years ago | (#23368452)

If you have the technical ability to roll your own, I HIGHLY recommend a SpamAssassin solution. We run SpamAssassin/Amavis/ClamAV running on OpenSUSE 10.3 and Maia Mailguard for quarantine management. It is VERY effective at stopping spam.

MXLogic is good choice (1)

linkerjpatrick (826862) | more than 6 years ago | (#23368456)

I run a small business who primary source of income is web development and we were recently approached by MXLogic to be a partner. We tried out the service first before offering it to our current and future customers and it is the best solution I have encountered and glad we can offer it as a solution to our customers. MXLogic works by directing your e-mail through their servers first so your servers don't have to do the extra work. You actually get a better deal working through a partner and directly through MXLogic. I don't want to give a direct link because I don't think comments should be used to advertise but you can contact me via my profile to learn more. I think it was eWeek or Information Week or similar magazine rated it the top solution.

GMail for domains (0)

Anonymous Coward | more than 6 years ago | (#23368466)

Have you considered migrating to GMail for your domain [google.com] ? That way, Google does the SPAM filtering for you.

In addition, you get an excellent webmailer and additional apps, if you want.

Lots of optinions and solutions out there... (1)

gonk (20202) | more than 6 years ago | (#23368474)

You're going to get a ton of different advice. A lot of it will be total crap. A lot of it will be valid. It is going to be hard to know the difference.

Personally, like many folks, I've been battling spam for years, and have used a lot of different solutions: DSPAM, SpamAssassin (SA), and a lot of other random tools. DSPAM and SA both worked reasonably well for me, but many of my users, for one reason or another, had troubles with them. I'm sure I could have put effort into making either of them work better, but frankly, a fair amount of labor had already gone into them, and I didn't want to invest more. About a year ago, I decided to try Kaspersky Anti-Spam[1], and have been very, very happy with the results. It was a simple install, there aren't too many options, and it seems to "just work".

Professionally, I have administered some very large mail service provider systems. The largest of them used a pool of Proofpoint[2] PPS servers to filter mail. While I am not sure it was the best product for what we were doing, it was an impressive product, and if I were handling mail for a business of any size, I would seriously consider this product. It is highly configurable and the results were solid.

Good luck,

robert

[1] http://usa.kaspersky.com/products_services/anti-spam3.php [kaspersky.com]

[2] http://www.proofpoint.com/products/pps.php [proofpoint.com]

3 Steps (3, Interesting)

v(*_*)vvvv (233078) | more than 6 years ago | (#23368478)

This is just a simple guide compiled from my experience:

1. Do what you can on the server. I like to use SpamAssassin to add spam scores to beginning of subject lines, so they sort by score in my inbox (I use "/*_SCORE(0)_*/"). I also automatically delete anything over a score of 11, since the highest I've ever seen a legitimate email score has been "10.something". Realistically, anything above an 8 is the sender's fault and they need to do something about it and anything above an 11 you can safely blame the sender (you won't be the only spam filter deleting their emails).

2. Provide the tools on the client. ThunderBird's "spam marker" is a must, and because it learns from what you mark, you aren't just marking them in vain. Also, to deal with spam in real-time, instead of using the junk folder, I like using the "delete junk!" button from the "Buttons!" add-on. Incoming junk gets marked and marked as read, and after marking the spam the filter missed, I hit "delete junk". Very easy and quick. Pre-configure Thunderbird for everyone.

3. Educate and support. If you have 1 and 2 in place, then make sure everyone knows what you are doing and why you chose to do it. Write a short manual or something. Educate them about their tools. They also need to know NOT to publish their addresses.

The idea is to make spam highly visible, and to make it *quick and easy* to deal with. Knowing you've facilitated these two goals should be enough to impress your employer and earn the respect you deserve from everyone you serve :)

I spent a few days migrating 100,000 emails from Windows Mail, because it was horrible. Thunderbird is a godsend and the add-ons make all the difference. If there is something you dislike or want, chances are someone made an add-on for it.

btw 2000 messages is *not* a lot of spam. It will get far worse with time.

You could outsource it ? (0)

Anonymous Coward | more than 6 years ago | (#23368482)

I suspect your allready paying for backup email servers. Why not expand this with spam/anti virus. By using smarthost servers. Shoudn't cost too much.
  http://en.wikipedia.org/wiki/Smarthost

Often ISP have very expensive equipment todo the job perfectly wich you could never buy yourself.

And another + is that they will prolly be better suited to 0 day attacks and your e-mail server isn't publicly known by the word (hence its not mentioned in the MX records).

But get informed of what solution they are using so you make the right choice for your organisation.

Don't accept spam messages. (0)

Anonymous Coward | more than 6 years ago | (#23368492)

If you accept a spam message (i.e. if you don't reject it before the SMTP dialog is finished), you've made it your problem and the rest is only a matter of finding the person whose time is the least expensive to take care of it.

Dealing with spam means rejecting it as early as possible. You can't "bounce" after accepting mail. Bouncing mail after the fact would only create backscatter and the people whose addresses have been forged in the header will not take that lightly.

Once the mail has been accepted, it is your responsibility. Mistakenly deleting it may cause a liability for your company. That's another reason for identifying spam before it is accepted by the border SMTP server.

Rejecting mail at the border server will provide a notification to legitimate senders, who can then try and contact you in a different way or work with you to correct whatever causes the misclassification.

mail-scanning.com (0)

Anonymous Coward | more than 6 years ago | (#23368520)

This company [mail-scanning.com] allows you to outsource spam filtering. The founder is a well-known OS developer, so it may be worth a try.

Barracuda (1)

certain death (947081) | more than 6 years ago | (#23368558)

Barracuda costs about $800.00 US. They do a great job, and you can delegate the releasing or deleting to your users. It has a decent web interface, and with a little training, you can go on to other more important things.

The Best Answer (1)

bensode (203634) | more than 6 years ago | (#23368580)

http://www.mailwatch.com/ [mailwatch.com]

It's cheap and it's extremely effective. I've been using them for our small business for over 5 years now. Enjoy!

MessageLabs vs Google Apps (1)

nevali (942731) | more than 6 years ago | (#23368584)

We use both MessageLabs and Google Apps for different domains.

Personally, I find the two pretty comparable in terms of spam filtering (Google lets less through, but has the odd false-positive, in MessageLabs' case, I-as an end-user-don't even SEE potential false-positives, which means ultimately I prefer Google).

PS. When is Slashdot going to fix UTF-8 handling of this poxy in-line comment box? Why can't I use â(TM) (apostrophe) or â" (em-dash)?

Untangle (0)

Anonymous Coward | more than 6 years ago | (#23368610)

For an open source solution, I recommend Untangle.

The best open source projects, integrated and made easier for spam blocking, web filtering, remote access and more

        * Commercial-grade open source alternative to SonicWALL and WatchGuard
        * 14 integrated apps - use one or all of them
        * Runs on off-the-shelf hardware

Site: http://www.untangle.com/

filtering services (0)

Anonymous Coward | more than 6 years ago | (#23368614)



i use what was formerally called frontbridge. now called microsoft exchange hosted services. it is a very accurate system that you can use to just scan incoming messages, and send them on to your mail server. very little config to worry about and very acurate. it isnt terribly expensive either.
www.frontbridge.com

Let Sprint or someone else do it for you (1)

mgoldey (1287446) | more than 6 years ago | (#23368618)

If you want to outsource the entire problem, try a service like Sprint's "SEPS", which costs $250/month, and works very well. 97% of e-mail to our domain is spam, and SEPS handles it correctly to at least 4 9's. All admin is via web browser and, although it's sometimes slow, it's pretty straightforward. Set up a reject list, put your valid users on it, and save SPAM for a day or so, just in case. Then, you simply point your DNS for incoming mail to SEPS IP address, and collect your mail internally from their mail server instead of yours. A side advantage is that, if your MTA goes down, or you lose Internet service, etc., SEPS queues the mail up for you, and delivers it when you come back online. If you can spend $3000 a year, it's one less headache and worth the cost, IMHO. http://www.sprint.com/business/products/products/spamFiltering_tabA.html [sprint.com] or thereabouts, to get started.

Spamassassin for dummies (nospamtoday) (1)

transporter_ii (986545) | more than 6 years ago | (#23368644)

In a small business wanting to not devote a lot of time to this issue, we are using nospamtoday. There isn't anything perfect, and it isn't either, but it does a good job, is fairly priced, and is server side. Basically it is a front-end for spamassassin, with some RBLs and other measures used as well. Yeah, you could install spamassassin for free, but this gives you an easy installer and at least someone to e-mail if you have issues. And it is a one time fee, as there are no monthly or yearly subscription fees!

Educate your users (1)

gregmark (750089) | more than 6 years ago | (#23368646)

I've seen a lot of good responses here, covering several different strategies, attitudes/perspectives, and of course, our favorite products. Let me add another dimension: user education.

1. Create an FAQ that covers all the big boogie monsters in spam: false positives, false negatives, spam backscatter, MAIL FROMs are 100% forgeable and offer no guarantee of identity, outright blocking by rarely works anymore, and above all, no spam system -anywhere- is perfect.

2. Provide your users with a meaningful way to report false positives and negatives. You don't have to provide guarantees, just let them know that they're being heard.

3. This is the most important one: Show them the statistics. If you're blocking 2,000 a day, illustrate! This can be particularly dramatic in a large organization like mine, where 95% of SMTP connections/messages get dropped. A nice little bar graph puts little miss bitchy-face's 1-2 spams per day in stark perspective.

Spam sucks the big one, boy howdy. Cheers!

Totally Wrong (1)

TheMysteriousFuture (707972) | more than 6 years ago | (#23368686)

The best solution currently in the marketplace, *BY FAR* is CloudMark. http://www.cloudmark.com/ [cloudmark.com]

They have a desktop and a server version and charge per user. I think we pay about $1000usd per year for 50 users. They catch everything except the occasional backscatter Non deliverable report from when your address is joejobbed.

The way it works is they generate various hashes from message content and aggregate those in their central DB.

Mail (from what I remember) is never blocked until a sufficient number users, who are weighted differently based on trust (reporting history), mark it as spam.

This doesn't cause any delay as they have zillions of users, and I believe most of the reporting comes from users of their desktop versions. I don't believe I have *ever* had a false positive, as in zero in 2 years of use.

Can't recommend them highly enough. Software used to be a little crappy and would hang sometimes (runs as a service hooking to exchange...or maybe it's mapi), but they've fixed that earlier this year.

Any questions let me know

Spamassassin (1)

Idimmu Xul (204345) | more than 6 years ago | (#23368688)

We catch about 12,000 spam emails daily for our customers using just spamassassin, it took a bit of setting up but works fine and it's as accurate as my gmail account

SpamAssassin! (1)

tyldis (712367) | more than 6 years ago | (#23368712)

I have made a virtual appliance I deploy to my customers, mainly in the 10-100 employee range.
It has Ubuntu server LTS-release, postfix, amavisd-new, postfix-policy-dæmon, clamav and spamassassin. It works really great, and I have have Postfix insert Exchange-compatible headers so that the users can use the features included in Outlook/Exchange.

Fully integrated, no quarantine management (other than the 'junk'-folder) and from what I can tell: no false positives and extremely low rate for false negatives (my guesstimate is less than 0,5%).

And all I need is a server present with some free RAM!

Automatic updates of all the components and automatic bayes learning means the system is self-supporting aswell.

Well, if you want an *anecdote*... (1, Interesting)

Anonymous Coward | more than 6 years ago | (#23368722)

I'm listed as the technical support contact for my employer's listings on eBay, and our PayPal account links to me as well. No spam filter on God's green earth is going to cull the spam from the ham for me.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...