Providing security against email related threats has become a burden for most IT professionals in 2006. According to a recent study by Postini, spam and email viruses now make up to 80% of all emails sent out as compared to 50% in 2000. As a result, IT professionals now face a tougher challenge in providing network security for this amount of spam. IT professionals also have the disadvantage of defending against new forms of email threats such as spam zombies, directory harvest attacks, mass mailing trojans, as well as the latest email virus.

In this article, I have listed the seven most effective spam fighting tips for organizations with in-house mail servers. These seven tips are proven techniques I have used for my customers, partners and associates who wish to tighten their perimeter (network) security.

1. Firewall:
A firewall is your first line of defense against hackers, crackers, and spammers. Without a firewall, your network is a disaster waiting to happen and could give any novice hacker free reign over your network. If your organization has multiple Internet users, this tool is essential for securing your network.

2. Block Port 25:
On your firewall, allow outbound traffic on TCP port 25 for all mail servers. Block traffic on outbound TCP port 25 for all other computers and servers. On the Internet, TCP port 25 is used for email traffic through SMTP (Simple Mail Transport Protocol). Blocking this port is a good security practice and prevents mass mailing worms and spam zombies from sending mail from your users’ computers.

3. Managed Email Filtering:
Consider using a managed filtering solution such as Postini, Brightmail, or SpamSoap. Managed Email Filtering services quarantine spam, viruses, and email threats before reaching the email servers on your network. In comparison to desktop filters and server appliances, managed filtering services provide superior perimeter (network) protection by preventing delivery of spam and viruses to your network and servers.

4. Check Relay Setting:
A mail server’s relay setting controls which computers and servers are able to send SMTP email on your organization’s behalf. Check your settings and limit the IP address range to email users on your local network. Some mail servers have settings to limit email relay through authentication. If authentication-based relay is available, setup and configure it too. NOTE: If the relay is not set properly, spammers will be able to send email from your mail server. This exploit is commonly known as an “Open Relay” or a “Spam Relay.” Use the Open Relay test at http://www.abuse.net/relay.htm to check if spammers can relay mail from your server.

5. Black Lists:
Setup your mail server(s) with a black list. A black list (black hole list) is a database or listing of known spam sources. Most modern email servers can be configured to query inbound email against online blacklists. Messages originating from these sources can then be blocked. I recommend configuring your email server with SpamHaus blacklist. Spamhaus.org is an excellent free service to use. Some other good blacklists are DBSL and SpamCop.

6. Reverse DNS:
Reverse DNS (rDNS) associates an IP Address with a Domain Name. Most mail servers, as an anti-spam feature, often use a reverse DNS lookup to compare an email address domain name with its IP address. If the IP address found from the rDNS lookup does not match the domain name, it is probably spam. If you haven’t done so, setup and configure reverse DNS records on your DNS server.

7. Anti-Virus Scan:
There are many tools that provide adequate anti-virus protection for desktops at the workplace. Most anti-virus software is good at detecting viral threats that proliferate email spam such as mass mailing worms, trojans, and directory harvesters. Large organizations might want to use enterprise anti-spam software with management and monitoring tools that will allow tracking of network virus outbreaks.  

Recommended Links:
- http://www.spam-x.com [Postini service – managed filtering, 1 to 500 users]
- http://www.postini.com [Postini service – managed filtering, 500+ users]
- http://www.spamhaus.org [Blacklist]
- http://www.dbsl.org [Blacklist]
- http://www.spamcop.net [Blacklist]
- http://www.abuse.net/relay.htm [Open relay test]
- http://www.dnsreport.com [DNS report/open relay test]
- http://www.dnsstuff.com [Spam database lookup and open relay test]

Email viruses and related threats delivered through spam have cost businesses billions of dollars in expenses and lost productivity. Each spam email sent or received from your domain costs your organization money and bandwidth. By implementing these seven tips, your organization can reduce spam and recover costs.  

About the author: Todd Green is a partner of a Memphis-based IT consulting firm. He has over fourteen years’ experience in the field of Information Technology and has managed security on many corporate networks over the years. He is the owner of SPAM-X, a Postini reseller (http://www.spam-x.com) and a partner for Postini’s preemptive spam and virus filtering service.

This article: Copyright © 2006 Todd Green and free for republishing.

Tennessee resident K. C. “Khan” Smith owes the internet service provider EarthLink $24 million. According to the CNN, in August 2001 he was slapped with a lawsuit accusing him of violating federal and state Racketeering Influenced and Corrupt Organizations (RICO) statutes, the federal Computer Fraud and Abuse Act of 1984, the federal Electronic Communications Privacy Act of 1986 and numerous other state laws. On July 19, 2002 - having failed to appear in court - the judge ruled against him. Mr. Smith is a spammer.

Brightmail, a vendor of e-mail filters and anti-spam applications warned that close to 5 million spam “attacks” or “bursts” occurred in June 2002 and that spam has mushroomed 450 percent since June 2001. This pace continued unabated well into the beginning of 2004 when the introduction of spam filters began to take effect. PC World concurs.

Between one half and three quarters of all e-mail messages are spam or UCE (Unsolicited Commercial Email) - unsolicited and intrusive commercial ads, mostly concerned with sex, scams, get rich quick schemes, financial services and products, and health articles of dubious provenance. The messages are sent from spoofed or fake e-mail addresses. Some spammers hack into unsecured servers - mainly in China and Korea - to relay their missives anonymously.

Starting in 2003, malicious hackers began using spam to install malware - such as viruses, adware, spyware, and Trojans - on the unprotected personal computers of less savvy users. They thus transform these computers into “zombies”, organize them into spam-spewing “bots” (networks), and sell access to them to criminals on penumbral boards and forums all over the Net.

Spam is an industry. Mass e-mailers maintain lists of e-mail addresses, often “harvested” by spamware bots - specialized computer applications - from Web sites. These lists are rented out or sold to marketers who use bulk mail services. They come cheap - c. $100 for 10 million addresses. Bulk mailers provide servers and bandwidth, charging c. $300 per million messages sent.

As spam recipients become more inured, ISPs less tolerant, and both more litigious - spammers multiply their efforts in order to maintain the same response rate. Spam works. It is not universally unwanted - which makes it tricky to outlaw. It elicits between 0.1 and 1 percent in positive follow ups, depending on the message. Many messages now include HTML, JavaScript, and ActiveX coding and thus resemble (or actually contain) viruses and Trojans.

Jupiter Media Matrix predicted in 2001 that the number of spam messages annually received by a typical Internet user will double to 1400 and spending on legitimate e-mail marketing will reach $9.4 billion by 2006 - compared to $1 billion in 2001. Forrester Research pegs the number at $4.8 billion in 2003.

More than 2.3-5 billion spam messages are sent daily. eMarketer puts the figures a lot lower at 76 billion messages in 2002. By 2006, daily spam output will soar to c. 15 billion missives, says Radicati Group. Jupiter projects a more modest 268 billion annual messages this year (2005). An average communication costs the spammer 0.00032 cents.

PC World quotes the European Union as pegging the bandwidth costs of spam worldwide in 2002 at $8-10 billion annually. Other damages include server crashes, time spent purging unwanted messages, lower productivity, aggravation, and increased cost of Internet access.

Inevitably, the spam industry gave rise to an anti-spam industry. According to a Radicati Group report titled “Anti-virus, anti-spam, and content filtering market trends 2002-2006″, anti-spam revenues were projected to exceed $88 million in 2002 - and more than double by 2006. List blockers, report and complaint generators, advocacy groups, registers of known spammers, and spam filters all proliferate. The Wall Street Journal reported in its June 25, 2002 issue about a resurgence of anti-spam startups financed by eager venture capital.

ISPs are bent on preventing abuse - reported by victims - by expunging the accounts of spammers. But the latter simply switch ISPs or sign on with free services like Hotmail and Yahoo! Barriers to entry are getting lower by the day as the costs of hardware, software, and communications plummet.

The use of e-mail and broadband connections by the general population is spreading. Hundreds of thousands of technologically-savvy operators have joined the market in the last five years, as the dotcom bubble burst. Still, Steve Linford of the UK-based Spamhaus.org insists that most spam emanates from c. 80 large operators.

Now, according to Jupiter Media, ISPs and portals are poised to begin to charge advertisers in a tier-based system, replete with premium services. Writing back in 1998, Bill Gates described a solution also espoused by Esther Dyson, chair of the Electronic Frontier Foundation:

“As I first described in my book ‘The Road Ahead’ in 1995, I expect that eventually you’ll be paid to read unsolicited e-mail. You’ll tell your e-mail program to discard all unsolicited messages that don’t offer an amount of money that you’ll choose. If you open a paid message and discover it’s from a long-lost friend or somebody else who has a legitimate reason to contact you, you’ll be able to cancel the payment. Otherwise, you’ll be paid for your time.”

Subscribers may not be appreciative of the joint ventures between gatekeepers and inbox clutterers. Moreover, dominant ISPs, such as AT&T and PSINet have recurrently been accused of knowingly collaborating with spammers. ISPs rely on the data traffic that spam generates for their revenues in an ever-harsher business environment.

The Financial Times and others described how WorldCom refuses to ban the sale of spamware over its network, claiming that it does not regulate content. When “pink” (the color of canned spam) contracts came to light, the implicated ISPs blame the whole affair on rogue employees.

PC World begs to differ:

“Ronnie Scelson, a self-described spammer who signed such a contract with PSInet, (says) that backbone providers are more than happy to do business with bulk e-mailers. ‘I’ve signed up with the biggest 50 carriers two or three times’, says Scelson … The Louisiana-based spammer claims to send 84 million commercial e-mail messages a day over his three 45-megabit-per-second DS3 circuits. ‘If you were getting $40,000 a month for each circuit’, Scelson asks, ‘would you want to shut me down?’”

The line between permission-based or “opt-in” e-mail marketing and spam is getting thinner by the day. Some list resellers guarantee the consensual nature of their wares. According to the Direct Marketing Association’s guidelines, quoted by PC World, not responding to an unsolicited e-mail amounts to “opting-in” - a marketing strategy known as “opting out”. Most experts, though, strongly urge spam victims not to respond to spammers, lest their e-mail address is confirmed.

But spam is crossing technological boundaries. Japan has just legislated against wireless SMS spam targeted at hapless mobile phone users. Many states in the USA as well as the European parliament have followed suit. Ideas regarding a “do not spam” list akin to the “do not call” list in telemarketing have been floated. Mobile phone users will place their phone numbers on the list to avoid receiving UCE (spam). Email subscribers enjoy the benefits of a similar list under the CAN-Spam Act of 2003.

Expensive and slow connections make mobile phone spam and spim (instant messaging spam) particularly resented. Still, according to Britain’s Mobile Channel, a mobile advertising company quoted by “The Economist”, SMS advertising - a novelty - attracts a 10-20 percent response rate - compared to direct mail’s 1-3 percent.

Net identification systems - like Microsoft’s Passport and the one proposed by Liberty Alliance - will make it even easier for marketers to target prospects.

The reaction to spam can be described only as mass hysteria. Reporting someone as a spammer - even when he is not - has become a favorite pastime of vengeful, self-appointed, vigilante “cyber-cops”. Perfectly legitimate, opt-in, email marketing businesses and discussion forums often find themselves in one or more black lists - their reputation and business ruined.

In January 2002, CMGI-owned Yesmail was awarded a temporary restraining order against MAPS - Mail Abuse Prevention System - forbidding it to place the reputable e-mail marketer on its Real-time Blackhole list. The case was settled out of court.

Harris Interactive, a large online opinion polling company, sued not only MAPS, but ISPs who blocked its email messages when it found itself included in MAPS’ Blackhole. Their CEO accused one of their competitors for the allegations that led to Harris’ inclusion in the list.

Coupled with other pernicious phenomena - such as viruses, Trojans, and spyware - the very foundation of the Internet as a fun, relatively safe, mode of communication and data acquisition is at stake.

Spammers, it emerges, have their own organizations. NOIC - the National Organization of Internet Commerce threatened to post to its Web site the e-mail addresses of millions of AOL members. AOL has aggressive anti-spamming policies. “AOL is blocking bulk email because it wants the advertising revenues for itself (by selling pop-up ads)” the president of NOIC, Damien Melle, complained to CNET.

Spam is a classic “free rider” problem. For any given individual, the cost of blocking a spammer far outweighs the benefits. It is cheaper and easier to hit the “delete” key. Individuals, therefore, prefer to let others do the job and enjoy the outcome - the public good of a spam-free Internet. They cannot be left out of the benefits of such an aftermath - public goods are, by definition, “non-excludable”. Nor is a public good diminished by a growing number of “non-rival” users.

Such a situation resembles a market failure and requires government intervention through legislation and enforcement. The FTC - the US Federal Trade Commission - has taken legal action against more than 100 spammers for promoting scams and fraudulent goods and services.

“Project Mailbox” is an anti-spam collaboration between American law enforcement agencies and the private sector. Non government organizations have entered the fray, as have lobbying groups, such as CAUCE - the Coalition Against Unsolicited Commercial E-mail.

But, a few recent anti-spam and anti-spyware Acts notwithstanding, Congress is curiously reluctant to enact stringent laws against spam. Reasons cited are free speech, limits on state powers to regulate commerce, avoiding unfair restrictions on trade, and the interests of small business. The courts equivocate as well. In some cases - e.g., Missouri vs. American Blast Fax - US courts found “that the provision prohibiting the sending of unsolicited advertisements is unconstitutional”.

According to Spamlaws.com, the 107th Congress, for instance, discussed these laws but never enacted them:

Unsolicited Commercial Electronic Mail Act of 2001 (H.R. 95), Wireless Telephone Spam Protection Act (H.R. 113), Anti-Spamming Act of 2001 (H.R. 718), Anti-Spamming Act of 2001 (H.R. 1017), Who Is E-Mailing Our Kids Act (H.R. 1846), Protect Children From E-Mail Smut Act of 2001 (H.R. 2472), Netizens Protection Act of 2001 (H.R. 3146), “CAN SPAM” Act of 2001 (S. 630).

Anti-spam laws fared no better in the 106th Congress. Some of the states have picked up the slack. Arkansas, California, Colorado, Connecticut, Delaware, Idaho, Illinois, Iowa, Kansas, Louisiana, Maryland, Minnesota, Missouri, Nevada, North Carolina, Oklahoma, Pennsylvania, Rhode Island, South Dakota, Tennessee, Utah, Virginia, Washington, West Virginia, and Wisconsin.

The situation is no better across the pond. The European parliament decided in 2001 to allow each member country to enact its own spam laws, thus avoiding a continent-wide directive and directly confronting the communications ministers of the union. Paradoxically, it also decided, in March 2002, to restrict SMS spam. Confusion clearly reigns. Finally, in May 2002, it adopted strong anti-spam provisions as part of a Directive on Data Protection.

Responding to this unfavorable legal environment, spam is relocating to developing countries, such as Malaysia, Nepal, and Nigeria. In a May 2005 report, the OECD (Organization for Economic Cooperation and Development) warned that these countries lack the technical know-how and financial resources (let alone the will) to combat spam. Their users, anyhow deprived of bandwidth, endure, as a result, a less reliable service and an intermittent access to the Internet;

“Spam is a much more serious issue in developing countries…as it is a heavy drain on resources that are scarcer and costlier in developing countries than elsewhere” - writes the report’s author, Suresh Ramasubramanian, an OECD advisor and postmaster for Outblaze.com.

ISPs, spam monitoring services, and governments in the rich industrialized world react by placing entire countries - such as Macedonia and Costa Rica - on black lists and, thus denying access to their users en bloc.

International collaboration against the looming destruction of the Internet by crime organizations is budding. The FTC had just announced that it will work with its counterparts abroad to cut zombie computers off the network. A welcome step - but about three years late. Spammers the world over are still six steps ahead and are having the upper hand. 

Sam Vaknin ( samvak.tripod.com ) is the author of Malignant Self Love - Narcissism Revisited and After the Rain - How the West Lost the East. He served as a columnist for Global Politician, Central Europe Review, PopMatters, Bellaonline, and eBookWeb, a United Press International (UPI) Senior Business Correspondent, and the editor of mental health and Central East Europe categories in The Open Directory and Suite101. Until recently, he served as the Economic Advisor to the Government of Macedonia. Visit Sam’s Web site at samvak.tripod.com

Microsoft scores one for the good guys

Scott Richter, the self-proclaimed “Spam King,” just can’t seem to get enough attention. Admittedly responsible for sending literally billions of Unsolicited Commercial Email messages (UCE), Richter made headlines again recently when his spam-fed cash cow, OptInRealBig.com, filed for bankruptcy protection in U.S. federal court in his home state of Colorado. According to Richter’s father (who is also his attorney), “It’s the legal fees that are battering the company. OptIn is profitable but for these lawsuits.”

At the time of its bankruptcy filing, OptInRealBig.com claimed assets of less than $10 million and liabilities of over $50 million. Richter claimed his company made $15 million a year sending more than 15 million email messages per day. However, in 2003, OptInRealBig was dealt a powerful 1-2 punch from Microsoft and Eliot Spitzer, the Attorney General of New York; both sued Richter under local state anti spam laws. Although the New York case was settled out of court last year, Richter has had no such luck dealing with Microsoft, whose claims top $19 million.

A Case of Global Amnesia?

Richter’s company and others like it market products ranging from diet pills to pornography. He’s also been accused of using spam to extract personal information from unsuspecting recipients. For instance, one alleged scheme hatched by Richter and his associates promised recipients a copy of a “Girls Gone Wild” DVD if the recipient registered on a website. The registration information was then used to bombard the recipient with more and more spam.

Richter contends that his methods are all legal, and that he’s just a regular guy trying to do right by the world; he’s even gone so far as to claim that he’s a “victim” of overzealous anti spam companies and prosecutors. “We don’t spam,” explained Richter in an August 2004 PC World interview. “The biggest problem is when people get an email that they think they didn’t sign up for or don’t remember signing up for, and they call it spam.”

To hear Richter tell it, tens of millions of people simply forgot that they had previously asked to receive his messages. According to the state of New York, however, he falsified header information and used deceptive routing and domain purchase practices in order to get his messages through. The lawsuit also accused Richter of using a network of approximately 500 “zombie” computers to send his messages. When asked how so many users could have subscribed and not remember doing so, Richter claimed the signups must have been via anonymous “partners of our partners” web sites, the names of which slipped his mind.

Not Just an Online Threat

Evidently not satisfied with stealing bandwidth, Richter also shows a penchant for heavy equipment. In an unrelated 2003 case, he was put on probation after pleading guilty to a felony charge of receiving stolen items worth more than $10,000. According to court records, an informant’s tip regarding a stolen Bobcat loader led undercover officers to Richter. Over the course of 13 months, the officers proceeded to strike deals with him for a Honda generator, hundreds of cases of cigarettes, three laptop computers and other items, all offered at suspiciously low prices and purchased in some of Denver’s seediest neighborhoods. In addition to probation, Richter was also ordered to pay $38,000 in restitution for the stolen goods.

Despite his guilty plea, Richter maintains his innocence, saying he pleaded guilty to the felony charges because it was “easier to be done with it,” and he had “too much stuff going on in my life.”

What’s Next for Scott Richter?

The 5-year-old OptInRealBig.com, which employed 25 people last year and had 350 clients, will continue to operate under Chapter 11 bankruptcy protection. While the bankruptcy filing shows the power of legislation and legal action from parties with a vested interest in stopping spam, Richter is not likely to fade quietly into the sunset. Under Chapter 11 bankruptcy laws, the company must follow a court-supervised “debt rehabilitation” plan to pay off creditors, but is not required to modify its business practices. None of OptInRealBig’s assets will be liquidated, meaning the company’s stable of spam cannons will remain active. The bottom line: Scott Richter will not be required to stop sending UCE in the immediate future, pending ongoing litigation intended to determine exactly what spam is in legal terms. In the meantime, the best defense against spam is a comprehensive gateway solution that will guard against all manner of email threats, especially spammers like Scott Richter.

I exercise regularly and follow a healthy diet. My weight is right on the money. So every invitation “to loose 30 pounds in 20 days” insults more than just my intelligence and literary taste. Yet until now I managed to treat Unsolicited Commercial Email (UCE) or simply SPAM as a nuisance that wastes my time and resources, but does not represent a serious problem. Not any more!

The message that changed my attitude looked rather innocent: “Hello [fname], I am so-and-so. You are receiving this message because I saw your online business site…” The next day I got another similar message from different so-and-so. Soon, the number escalated to a dozen a day. Very disturbing was also the fact that the messages were arriving to my “strictly business” email addresses reserved exclusively for my customers and business partners. A little research quickly revealed the name of my new enemy - Spam Bot.

Spam Bot is much like a search engine spider. Twenty-four hours a day, seven days a week it crawls from page to page looking for email addresses. Even single Spam Bot is able to quickly produce huge list of addresses (only addresses - that’s why they called me [fname]!) which are used to send SPAM. Unfortunately, there are many of them… Another problem is that being extremely easy to generate and thus very cheap, these lists are sold and re-sold over and over again to naïve (obtuse?) “netrepreneurs”.

Looks like a serious self-perpetuating problem for anyone with business email address posted on the Internet. Is there a solution? Well, yes - you can completely eliminate this type of SPAM by making your email address unrecognizable for Spam Bots. Here are several possible approaches:

1. Use the FORM MAIL whenever possible. This not only conceals your email address, but also makes it easier for real visitors to contact you. Here is a working example: http://www.megaone.com/hbb/savemoney/ Anyone can email me a question by typing it in the window right on my page and hitting the “Submit Query” button. Yet the address itself is hidden from my human visitors as well as Spam Bots.

2. Replace your “mailto:” link with an IMAGE of your email address. To see an example go to http://www.pcpages.com/ rafficy/links.html Feel free to examine the HTML code of the page by right- clicking anywhere in the window and then scrolling to “View source” in the drop-down menu. Instead of my email address you (and Uncle Spam Bot as well!) will only see a link to “emaddress.gif”. In this case additional security brings about some inconvenience - the address is not “clickable” and thus one has to memorize it or write it down. This slight disadvantage is circumvented in the next approach.

3. Replace several REAL characters in your email address with so-called SPECIAL characters. These special characters always begin with “&” and end with “;”. Whatever is in between determines how the browser will interpret that particular special character. For example, typing “&” “#” “6″ “4″ “;” (without quotation marks and spaces) is equivalent to using the real character “@”.

If you are skeptical that this replacement alone is enough to fool the Spam Bot (that, by the way, makes two of us) - proceed with replacing other characters in your email address. Here is your cheat-sheet to substitute all vowels: a=#97, e=#101, i=#105, o=#111 and u=#117. Remember to start every special character with “&” and end with “;”. You can see how it works by going to http://www.megaone.com/hbb/savemoney/links.html

My human visitors can see and click on my email address by using “Click here to get my email address” link. When viewing the code of the little window, you will not find the address in an explicit form - just a long string of special characters with some letters in between. This (hopefully!) is enough to confuse Spam Bots visiting my site.

We will never be able to totally eliminate SPAM that seems to come with the cyberspace “territory”. Yet I should feel just a little better if the above suggestions at least partially shield your inbox from unwelcome (and often very badly phrased) offers to consolidate the debts you don’t have or safely enlarge a part of your body that… well, you do not have either.

Copyright (C) by Irina 2003.

About the Author: Irina helps people save on healthcare and create steady stream of residual income working from home http://www.megaone.com/hbb/savemoney/ http://www.megaone.com/hbb/makemoney/

With anti spam vendors offering low cost licensing, businesses can now afford advanced email spam and virus protection with a simple to use interface at a much lower cost. The great thing about technology is that as it evolves it gets faster, additional features and economical. Over the past few years the same evolution has taken place with anti spam technology and services. In large part this can be attributed to the open source software community plus enterprising companies enhancing the capabilities of this software and packaging it into easy to use anti spam appliances.

It is not practical to have anti spam software running on desktops in a networked business environment. Managing all employee junk email software at the desktop is not realistic. It can be a nightmare and costly in terms time and licensing.

Spam appliances sit in front of your email server so that when email comes in it will first go to the spam appliance and the email will be scanned for spam as well as viruses. The filter will block the message if it identified as know spam. If the filter is not sure if the email is genuine it will quarantine and hold the email at the filter and it will be stored until the recipient deletes it, releases it to their email box, or they can white list a trusted correspondent so that future emails will not be held back. This will greatly reduce the load on your email server and reduce your bandwidth needs. We have seen anti spam systems block up to 83% of incoming messages. This could help extend the life of your email server and push back the need for upgraded capacity.

Most virus outbreaks occur via email and for little cost an appliance can block viruses before they reach your network and user’s inboxes. This provides an extra layer of defense in addition to your current anti virus solution.

Businesses have two options if they use an appliance based solution for their spam and virus control. They can purchase and administer their own filter. This is a good option if you have a large number of employee mailboxes to protect and the technical staff to administer the spam appliance. Businesses also have the option to outsource their spam control as a hosted service. This is a good choice for smaller companies and if information technology is not your specialty.

If you purchase your own spam filter, a subscription to updates may also be required. Make sure you get upfront pricing for the add-ons that you will need. If you have more than 100 email users and the technical staff to maintain the spam appliance, buying your own filter may be your best option. Generally the basic model will work for most organizations. Large organizations with thousands of users will require a spam filter appliance with increases capacity and features. Spam appliances are designed to work with all mail systems but some do have specific enhancements for Exchange server Microsoft’s popular collaboration software and mail servers that support LDAP (light weight directory access protocol). Spam appliances use the LDAP protocol to verify recipients before delivering messages to your email server, this avoids consuming server resources.

If your business has five to one hundred employees, then an outsourced anti spam and virus filter service is going to be a good economical choice for your organization. Fees are based on the number of users and you only pay for what you use. You will not have hardware to buy, maintain, and upgrade. The upfront cost is minimal and most email filtering providers will let you try the service for free at first. Another added benefit to outsourcing your spam control is redundancy. It is important that you choose a provider that has their spam and virus filters colocated at secure internet data center facilities. Data centers provide redundant network connections and power, so if your email server or internet connection is down unexpectedly the spam appliance will hold your email until your email server becomes available, minus spam and viruses.

Anti spam technology is constantly improving and the costs are getting lower. With increased productivity and an added layer of defense against virus attacks, an anti spam appliance or service is something your business can not afford to be without.