IN THIS ISSUE

Email has become the life blood of business-to-business communications but, as everyone knows, it has become swamped with spam. Email is also one of the main carriers for well-disguised worms and viruses, which unsuspecting employees let loose within a company's systems. In order to stop bad emails, companies are using anti-spam and anti-virus software tools that sometimes do their job too well. When legitimate emails are blocked or placed in bulk mail folders by spam filters, these are referred to as 'false positives.'

"There's always the possibility of 'false positives,'" explains Noel McDermott, operations manger for IE Internet, "where a spam filter will incorrectly flag a legitimate email as spam. This is usually because the filter's definition of what constitutes spam is not the same as your definition. In fact, the more effective your anti-spam filter software is, the higher your chances of losing legitimate email. It is a delicate balancing act to get it right."

There are a number of routes a small company can take to help reduce spam and ensure that they are not losing valuable email. These can range from simple procedures and internal filter solutions to increasingly popular -- and cost effective -- outsourced services.

Tips for recipients: ensuring you get the mail you want

1. If you are not using anti-spam software, use the tools within your existing email software. You can create 'blacklists' of email addresses to block as well as 'whitelists' of trusted senders. For instance, on newer versions of Microsoft's Outlook, you can right-click on an email, click Junk Email, and then Add Sender to Blocked Senders List. The same process can be used to quickly add a sender to the Safe Senders List.
2. Whitelists are handy but are limited since they do not cater for legitimate email from new senders. "The problem with whitelists is that only people you know are going to get through to you," explains Conor Flynn, technical director with RITS Information Security. "This can often create more lost email scenarios than blacklists. For instance, if you have a 'Request for Information' link on your website, it's possible that emails from potential customers are being blocked."
3. If users report that email is not arriving, check that the email system itself is working before disabling any anti-spam or anti-virus software. Flynn explains: "Get the person to resend the mail to the IT manager's own address. If that does not work, remove any attachments and send it again. It could be an attachment or some content that prompted it being blocked. A test email with nothing in it will prove that the email system is working and that it's an issue with an attachment or your filter software."
4. Check the settings on your anti-spam software. It is quite common that the settings are too high, leading to legitimate email being blocked along with the rubbish. "Work your way up with spam software, not down," McDermott recommends. "Even if you start as low as 60 percent, work your way up slowly, tightening the security until you find a comfortable level that isn't costing you valuable emails. It's no good starting off with the filter set to 99 percent."
5. If you use anti-spam software, be prepared to monitor it. One of the main downsides to running an in-house anti-spam solution properly is the time needed. "Anti-spam packages are cheap but you have to spend a lot of time monitoring what is being blocked and keeping the software up to date," Flynn says. "Like the seat belt in your car, if you don't put it on all of the time, it's useless. Once you invest in this kind of software you have to keep it on, monitored and updated constantly." McDermott agrees: "It's a time and knowledge thing. Any customers that I have come across that have done it themselves by opting for a cheap software package have ended up paying the price."
6. Outsource the headache to someone else -- it's cheaper than you think and reduces the chances of losing legitimate email. Configuring and monitoring anti-spam software is not easy and it is time-consuming. Outsourcing the responsibility for scanning your email for spam and viruses to a third party is a cheap option these days -- under EUR250 per annum from Irish companies like IE Internet, and on a per-user basis from TopSec Technology.
7. What are the advantages of outsourcing? According to Flynn: "Outsourcing is the way forward. External providers have the expertise and resources to deal with email scanning and delivery. There are also real savings involved, including the productivity gains of employees not having to wade through lots of spam, or being tempted to open malicious files without knowing. No one has to monitor it or update on a daily basis. Also, when you consider that 70-80 percent of mail is bogus, that can mean a big saving on your broadband costs because the service company stops it before it ever reaches your servers".

Tips for senders: ensuring your recipients get the message

1. Companies who send out legitimate marketing material need to ensure that they are not also falling victim to increased email security. They may be falling foul of their recipients' internal spam filters and ISPs' IP blocking procedures or -- worst of all -- they may appear on a widely used, public blacklist. Legitimate marketing companies are finding it increasingly difficult to overcome these obstacles. Flynn advises: "Ensure that you include an 'opt-out' or 'unsubscribe' line on all material sent out. Prove that what you are sending is solicited. Be compliant with the Data Protection Act -- if you have signed up to that you should be fine. Check regularly that your company does not appear on a blacklist and if you do, get in contact and get it fixed." Check with some of the bigger, publicly listed blacklists like www.spamhaus.org, www.spews.org and www.spamcop.net.
2. Authentication services are one the newest methods of avoiding being treated like a spammer. The Bonded Sender Program, from IronPort, is one of the most popular and works by certifying bulk email senders who put up a financial bond, pay an annual licence fee, and agree to abide by certain email sending practices. Microsoft has said it will use the Bonded Sender list of legitimate bulk mailers on its Hotmail service, ensuring that its marketing emails get through to users. The Bonded Sender Program is also open to European companies -- go to www.bondedsender.com.
3. Email authentication is the next step in combating spam and works by confirming that an email you receive actually came from where it should have. Today, half of the emails on Hotmail are from spoofed addresses -- authentication aims to put a stop to that. Sender ID from Microsoft and DomainKeys from Yahoo are two of the leading solutions but they are still awaiting ratification by Internet standards groups. It is expected to be a slow process. Flynn concludes: "Email authentication will be a good thing but it could take a long time for it get through the Internet Engineering Task Force, which oversees standards on the Net. It's important that something like this is an industry-driven not vendor-driven standard."