If more than one spam message per user is sneaking past your spam filter each day, then something’s wrong with your anti-spam defenses. Oh, and you shouldn’t get more than one false positive for every 200,000 legitimate messages, according to a new report from Forrester on best practices for spam management.

Forrester recommends setting up a “baseline” policy that defines just what your organization considers to be spam, and to block, rather than quarantine, those messages. “Depending on the nature of your business, you may find it useful to include other material in this category, such as newsletters, political campaigns, and product marketing messages,” according to the report.

The key is to also filter via user-specific or group-specific filtering policies, so that only users in engineering are allowed to receive email with executable files, for instance. And Forrester says an anti-spam tool should integrate and work along with your message transfer agent, archiving, and content protection tools.

Technologies that work best for anti-spam include what Forrester calls “connection management techniques,” or the first layer of filtering that doesn’t require looking at the content of the spam itself. This includes blacklisting, whitelisting, sender reputation, rate controls, and recipient verification. (Content analysis happens later in the process.)

Forrester suggests deploying anti-spam products that include user-specific quarantines so that users can manage their messages. Limiting bounced-message notifications also helps prevent spammers from abusing them for more targeted attacks.

And the right anti-spam defense should only take a few minutes a day of manpower to manage, according to the report.

— Kelly Jackson Higgins, Senior Editor, Dark Reading