Spam is still a threat

We don’t seem to talk about spam much anymore. Services such as Postini and products like SurfControl have more or less removed spam from the corporate Inbox. While these products are generally effective, it still amazes me the percentage of email that is identified as spam: up to 90% of all inbound traffic at some periods.

Although we are adept at controlling spam targeted at our own mail servers, the biggest risk comes from allowing corporate users access to web-based email services from within the company network. And spammers are constantly looking for new ways to get their messages opened.


One of the newest is in the form of MP3 files posing as music clips as reported here. “The MessageLabs Intelligence Report for October reveals that spammers have sent at least 15 million emails so far in the form of MP3 music files, as they seek to expand the ways spam can be propagated.”

GFI report on this new trend on their website here:

MP3 spam is a natural progression from PDF and Excel spam whereby spammers are exploiting a new file format to be able to send spam. This is their latest attempt to evade anti-spam filters.

Saying that we need to remain vigilant to the spam threat is obvious. What I would like to do is block access to personal webmail accounts from the corporate network. True, we can mitigate a fair degree of the risk using various desktop controls, but I’d rather avoid the battle than fight it. Every now and again, our security will be breached – if it hasn’t already been so – through somebody downloading an attachment from their webmail account.

Once again, we hit on edication as having a large degree of affinity to the risk. But I’d also like to come back to the subject of personal accountability and making individuals on the network responsible for their action. I’m interested in how far other organisations go down this path.