Return to Sender: 8 Easy Spam Filter Fixes

More Tips

5. Choose blacklists and reputation lists wisely.

If your organization relies on a blacklist or reputation list to stop spam, Jennings urges you to consider carefully which one to use. He points out that many spam filter products let the customer configure the product as to which blacklist, if any, to use.

When choosing a blacklist, Jennings recommends that you check the management policies of the lists. For example, some blacklists and reputation lists are driven purely by user complaints, says GWU's Briggs, and relying on them will invariably lead to false positives.

Not sure where to start? Ask your spam filter vendor for recommendations, suggests Jennings.

It's also important to keep up with the status of your blacklist or reputation list. Jennings cites the example of ORDB, a blacklist that was shut down in 2006, but which nonetheless still received queries from systems following the shutdown. These queries, according to Jennings, overwhelmed the servers that had housed ORDB, preventing the former ORDB administrators from doing other work. (In other words, the queries amounted to a denial-of-service attack, unintentional though it was.)

In early 2008, to stop these queries, the operators brought ORDB back online but set it up to flag every IP address reported to it as a spam source -- the only way, they believed, to gain the attention of e-mail administrators and get them to stop querying ORDB. Had these administrators been more alert to begin with, they would have investigated, discovered that ORDB was going away and redesigned their procedures accordingly, without requiring drastic measures from the ORDB operators.

6. Make sure you're not sending out spam.

If spam goes out from your systems, even unintentionally, it hurts your reputation and increases the likelihood you'll end up on spam blacklists. If you send enough spam, Jennings says, your reputation may suffer to the point that you will have trouble sending legitimate e-mail.

A three-pronged approach will help keep your reputation intact:

First, suggests Stephen Pao, vice president of product management at security vendor Barracuda Networks, curb your users' questionable Web browsing. If users visit dangerous or objectionable sites, malware from those sites could be installed on their computers, which could then be used to send spam from your systems. To prevent this, set clear acceptable-use policies and deploy Web monitoring or filtering software from a trusted security vendor such as Websense or Sophos on your users' systems. Note that monitoring your employees' Web use could involve legal and privacy issues, so be sure that you are complying with any applicable statutes, giving your users appropriate notice if necessary.

Along the same lines, Pao recommends that you stay up to date with security patches and virus and malware definitions to ensure that spammers can't take over your systems and use them to send spam.

Finally, Jennings recommends using outbound filtering to make absolutely sure no spam is being sent from your systems.

7. Check your own spam reputation.

If your organization is on a blacklist, your recipients might not receive your outgoing e-mail. For that reason, Lochart recommends regularly checking your own reputation. He suggests, for example, visiting habeas.com, a site that provides companies with a free reputation check and helps them otherwise manage their online reputations.

If you do find your company unjustifiably on such a list, Lochart suggests that you contact its administrator to voice your concerns. In some cases, though, a major league umpire would sooner reverse his called third strike than the administrator "un-blacklist" you. The inflexibility of such blacklists adds to the occurrence of false positives -- yet another reason to be careful when choosing your own blacklist or reputation list.

8. Warn your users to be wary of "red flag" words.

If you're waiting in line for security screening at Dulles Airport, you would be ill-advised to discuss bombs, weapons or hijacking. In the same way, Gonzalez recommends that in sending e-mail, you avoid those red flag words that are associated with spam.

Although keyword spam filtering is less desirable and less common these days, your recipient still might be using it. Therefore, if you can, avoid those words that might trigger a response from the filter, not all of which are intuitive. Gonzalez specifically mentions words such as "hey" or "hello." Other suspects include "free," "enlarge," "pharmacy," "alert" and "diploma."

Putting these words in a message or subject line may not automatically get your e-mail flagged as spam. Nonetheless, if you can avoid such words, so much the better.

Conversely, try to include recipient-specific information in your messages, such as project names or personal references unique to your recipient. Doing so can lessen the chance that Bayesian analysis of your message will cause it to be flagged.

By reducing false positives, you help ensure that real e-mail from your senders actually gets to you, and that real e-mail from you actually gets to them.

Calvin Sun consults with clients to improve their organizational effectiveness. He has written previously for Computerworld and for other major publications.

Subscribe to the Daily Downloads Newsletter

Comments