What are the effective goals of an enterprise anti-spam system?
Personally, I would like an anti-spam system to do three things really well:
- Keep the spam out of my inbox
- Protect the company from any risk of legal exposure (employees being phished using work computers, distribution and storage of offensive materials), application hygene (viruses, worms etc)
- Not capture legitimate messages in its various traps (aka False Positive)
I've had the brockmann.com domain since 1996 and have been in the Whois? database for a long time. My email has been sold, resold, sold, resold, re-resold dozens and dozens of times.
For fun and profit, over the last three years I have operated my own email and MX records from my data center (in my basement, next to the NBX). I've been using the ClamAV open source server product and have been training the server. Nevertheless, I get over 200 messages a day (95% of which are spam). My other accountholders share the same depressing loads, because they are targets too. I have been working with the filter rules of my email client to address the gaps, but frankly it just doesn't work.
As recently as yesterday, I got another message (from a client) trapped in my spam folder. This is a huge and frequent problem affecting the integrity of the mail system. This is like the 19th century mail car robberies and some pieces never making it to their destination. Fortunately I was expecting this and began to snoop around in the junk folder and lo and behold… there it was!
There is an arms race now underway between the spammers and the filter companies – the filters get too good at catching text, so the spammers create word variants (V1^GR^) that fool the filters which get good at filtering those word variants out and then move to gifs that the filters can't read… and so on. We need to break this game. Doing more of the same really isn't going to work.
I don't think it's going to be any industry-wide initiative that changes the dynamics of this environment. We don't have to change the email system (that works really really well). We don't have to create a broad security framework that imbeds strong authentication technology into every message. We don't even have to create better filters. Just like the lock on my front door won't really keep a determined thief out, it will just make it sufficiently time consuming that they'll want to go next door. I think we have to make it too hard for spammers to stop bugging me, especially at work. That has to be the goal. Make it easier to spam somebody else than it is to spam me.