June 27, 2008
If more than one spam message per user is sneaking past your spam filter each day, then something’s wrong with your anti-spam defenses. Oh, and you shouldn’t get more than one false positive for every 200,000 legitimate messages, according to a new report from Forrester on best practices for spam management.
Forrester recommends setting up a “baseline” policy that defines just what your organization considers to be spam, and to block, rather than quarantine, those messages. “Depending on the nature of your business, you may find it useful to include other material in this category, such as newsletters, political campaigns, and product marketing messages,” according to the report.
The key is to also filter via user-specific or group-specific filtering policies, so that only users in engineering are allowed to receive email with executable files, for instance. And Forrester says an anti-spam tool should integrate and work along with your message transfer agent, archiving, and content protection tools.
Technologies that work best for anti-spam include what Forrester calls “connection management techniques,” or the first layer of filtering that doesn’t require looking at the content of the spam itself. This includes blacklisting, whitelisting, sender reputation, rate controls, and recipient verification. (Content analysis happens later in the process.)
Forrester suggests deploying anti-spam products that include user-specific quarantines so that users can manage their messages. Limiting bounced-message notifications also helps prevent spammers from abusing them for more targeted attacks.
And the right anti-spam defense should only take a few minutes a day of manpower to manage, according to the report.
— Kelly Jackson Higgins, Senior Editor, Dark Reading
About the Author(s)
You May Also Like
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report
The Rise of Extended Detection & Response