The SPAM War Escalates
A recent spam hoax is a tough reminder of how vigilant we must be in the battle against unwanted mail.
May 7, 2004
Can IT nip this in the bud by implementing antispam tools with an overly aggressive rule set? Theoretically, yes--but a policy of "better to bounce than be spammed" is too draconian. Users don't like finding their e-mails in quarantine (see page 42 for our analysis and reviews of spam filters).
There's nothing wrong with configuring your spam- and malicious content-prevention tools to drop blacklisted IP addresses, require PTR records, bounce executables, sanitize URLs and do some Bayesian scanning. But beware: Vulnerabilities are discovered every day, and miscreants are endlessly inventive.
A belt-and-suspenders approach to security will minimize damage from all attacks. "Least privilege" configurations for inbound and outbound traffic--"permit what is allowed, but deny all else"--can stop many Trojan attacks. Ultimately, this type of network hardening will make your system safer from all attacks, not just mal-spam.
You May Also Like
Maximizing cloud potential: Building and operating an effective Cloud Center of Excellence (CCoE)
September 10, 2024Radical Automation of ITSM
September 19, 2024Unleash the power of the browser to secure any device in minutes
September 24, 2024