Ways an SMB Can Implement Spam Filtering


I read with interest a news report about a Hong Kong businessman who pleaded guilty to using unsolicited e-mails to manipulate stock prices. Apparently, he was one of a group of 11 who were indicted earlier this year for what is known as "pump-and-dump stock manipulation spam" to artificially pump up the stock prices of selected Chinese companies in order to make a quick buck. What really caught my attention was the fact that this ruse allowed the ringleader to allegedly make $3 million in the summer of 2005 alone. With such huge profit margins - and the number of fools who still fall for these tricks -- it is hard to see spam coming down any time soon.


Indeed, the amount of spam is set to hit record levels in 2009, according to IT security firm Barracuda Networks, which predicts that more than 95 percent of all e-mails sent next year will be spam. This is a sobering figure, and a wake-up call. Much has already been said about the time-wasting nature of spam, so I'm not going to elaborate about that. What I am going to suggest, though, are a couple of methods that you can use to stop - or at least dramatically reduce, the amount of spam that finds its way to the collective inboxes of your organization.


One method of combating spam involves purchasing and using an anti-spam appliance such as the spam firewalls made by Barracuda Networks. Such appliances are available in various models ranging from low-end hardware to models with high-end specifications. These appliances run within the confines of the company network, and are typically placed next to the company's e-mail server. Companies that are paranoid about confidentiality will do well with such a solution. The downside is that such appliances do require an upfront investment to pay for the hardware, so they're not something that every SMB is prepared to fork out for.


Another possibility would be to subscribe to a managed filtering solution such as MessageLabs - recently acquired by Symantec, or Postini - acquired by Google. Implementing such a solution generally does not require more than a minor tweak on your domain's MX records to automatically route new e-mails directly to the managed provider. The provider will scan through all incoming e-mails accordingly before piping "cleansed" ones back to your own e-mail server. The advantage here is that there is no hardware to purchase or maintain. The main disadvantage is that such forwarding schemes are inevitably slower than a dedicated appliance located onsite. In addition, some state laws or industries might not even allow such a setup where e-mails are processed by a third party.


There are other solutions, of course, including rolling out your own anti-spam gateway using open source software. But I believe the above represents a good cross-section that the SMB can explore. (As usual, any specific products or services mentioned are for the readers' convenience only, and not an endorsement on my part.)