Defences must be multi-layered

Spam blights many networks, but it can be managed and blocked

Spam blights many networks, but it can be managed and blocked

Despite the introduction of laws, and a seemingly never-ending list of arrests, the problem of spam is greater than ever.

The reason for this is simple - it works. As long as people are interested in buying little blue pills, or increasing the size of their anatomy, then spammers will continue to hawk their wares as long as it is cost-effective.

That is where anti-spam software comes in. It aims to stop spam from reaching end-users.

Over the past couple of years we have seen spammers get ever more sophisticated in the tricks they use to sneak past anti-spam technology. Some hide their messages in obfuscated HTML, embedding paragraphs of legitimate text to try to tip the balance in the anti-spam engine from "spam" to legitimate "ham".

Others pretend to be genuine communications, disguising them- selves by using e-mail addresses of personal contacts or domain names of recognisable firms.

As spammers become ever more desperate, they increasingly make use of the masses of insecure US broadband-enabled home computers that can be compromised and used to send spam.

If everyone kept their computers protected with the latest Microsoft security patches, up-to-date anti-virus and anti-spam software, as well as a decent firewall, it would be much harder for spammers to rally a zombie network to send out their messages.

When Sophos polled nearly 4,000 businesses earlier this year it found that 80% believed the flood of spam made them less productive. However, only 28% had an anti-spam product in place. It is clear that those running networks suffering from a barrage of spam need to take steps to avoid the onslaught.

First, IT managers need to ensure that network managers have implemented a top quality anti-spam product at the e-mail gateway which can filter even the latest spam tricks. Ideally, this will automatically update itself with information about new spam techniques to keep one step ahead of the latest attacks.

Not all anti-spam is created equal. Many companies have had bad experiences with inferior anti-spam software that either missed spam or blocked legitimate messages, so IT managers must choose carefully.

IT and HR departments must work closely to ensure that employees follow basic rules to block spam. Users should also be careful about how widely they distribute their e-mail addresses online - particularly on internet message boards and websites.

As the battle against spam becomes more intense, a sensible multi-layered defence can help ensure you are exposed to as little junk mail as possible.

Graham Cluley is a senior technology consultant at anti-virus group Sophos

Read more on Antivirus, firewall and IDS products