Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

user's e-mail address is everywhere on the Web 6

Status
Not open for further replies.

hinesward

MIS
Mar 20, 2009
99
US

I've got a PIA user who bitches a lot about all the spam he gets. I recently told him that our filter catches about 400 spams per day. That isn't enough for him.

I decided to google for his e-mail address. I wasn't surprised by what I found. I got 57 hits. Two of them were our company web site, and the rest included lots of different sites.

Obviously it's good for the company that our people write articles on-line and get the company's name out there. At the same time, these users are doing something that causes them to get a lot of spam.

And I know he isn't the only one.
 
A couple of suggestions:

1. On your company web site, instead of publishing individual staff email addresses, have a general "feedback" or "Contact Us" form.
This way, the data gets written into a database or sent to a nominated generic mailbox that can be manually sorted.

Within articles, put "To contact the author, please use the contact us feature at rather than direct contact information.

2. Staff (both those who write articles and Reception or other teams who deal with external contacts all the time) need to be educated not to put direct personal contact details in their articles (email address, phone nos etc) and instad to advise people to use the internet facilities. If they don't have internet access (web, email) they should be instructed to write a letter to the company and post it.

John
 

Well, how do I educate these people?

I couldn't care a less about phone numbers. That has nothing to do with spam.

I'm the one who has to spend all this time deleting all the spams that get into our filter. It gets old really fast.
 
Surely the spam filter allows you to set up scheduled jobs to remove anything over a certain age? If not, you should certainly be able to do it via a scheduled job through the operating system.

For the educating, I would start with those ultimately responsible for IT policy within your organisation by demonstrating to to them:
- the quantities of spam that are captured on average by the spam filter (over a month, week etc).
- the number of false positives (ie those that you have to release onto the recipient).
- Your (and colleagues) time spent in doing this when you could be doing other things (think of long outstanding projects that will have great benefits for your organisation).
- the reasons for the vast majority of this happenning (inclusion of email addresses on public web sites being harvested for use)
- the security risk this brings in by having direct contact details in the public domain; transmission of spam and other nasties (eg means of bringing in viruses, spyware etc) to your network.
- Savings made in terms of less server load (less coming in so less to store and process); less staff time (both yours and end users) in dealing with this etc.

Suggest this as one means of reducing the quantity of spam generated for mailboxes at your organisation.

Re Phone numbers - talk to your reception staff and see what they get about cold calling salesmen; the chances are they have the same sort of problems. It just won't be on the same sort of quantity.

John
 
hinesward said:
Obviously it's good for the company that our people write articles on-line and get the company's name out there. At the same time, these users are doing something that causes them to get a lot of spam.
...
Well, how do I educate these people?
You can't.
People who write articles are expected to put in there their contact information. In the past years, that was usually your company's official mailing address; maybe also a phone number with an extension.

These days, that just won't cut it. Scientists, college professors, all people who are creating new technologies/new theories, inventing and patenting their inventions, etc. are expected to have their contact information other than snail mail address published. Check any scientific jornal or magazine, on any topic - you won't find many articles without an e-mail address in the header. That's why they have it - to be contacted by the collegues and other interested parties, not to chat with a faraway grandma and not to annoy you. There is nothing you can do about it. Only in some cases a company's website with a contact link may substitute for a direct e-mail address.

The only thing you can do is to look at it this way. It's not "them" are there for you to create you some work to do. It's you (and the whole IT department, or whatever you have there) are there to serve the company and "them". In most cases, "they" existed and did their jobs long before your job was even invented. They needed and hired you to assist them do their work in the Internet age, not the other way around.

So your job is to fine-tune your spam filter the best you can, and to teach the users to fine-tune whatever tools of sorting and organizing their e-mail they have in their posession to take care of the rest. I don't think you can tell them to not put their e-mail address into their articles.

 
Are the posts of his/her email address serving a legitimate business purpose? If so then I agree with Stella.

If not I would get with HR and review your business use policies to see if this covers personal use of company email addresses. If it doesn't, change it. If it does, come down on him/her, as warranted.

Software Sales, Training, Implementation and Support for Macola, Synergy, and Crystal Reports. Check out our Macola tools:
 
Also, if you have not done so already, block NNTP (Usenet) for this guy. Lots of spam originates there.

-- Francis
I'd like to change the world, but I can't find the source code.
 
The simple solution is just a better SPAM solution. Really. I have users who have their email all over the place, and can count on one hand the total number of spam they've received in the last 6 months.

You can't control whether spam is going to be sent to your users. You can only control what you do with it.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
What are you using for your spam filter? I've used a number of products in the past that use a combination of methods for blocking spam, and they have all been far superior than anything that uses a single methodology. I usually recommend a combination of blacklists, greylisting, and (after tuning) a Bayesian filter. At my last job I implemented a new spam filter and cut the volume of spam that got through from thousands of messages a day to under ten by simply implementing blacklisting and greylisting. It was over a year before I even got around to building up the Bayesian filters because the blacklist/greylist combination worked so well.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Hyper-V
MCTS:System Center Virtual Machine Manager
MCSE:Security 2003
MCITP:Enterprise Administrator
 
enabling recipient filtering (and tarpitting), connection and sender filtering, and you've most of the way there.

Some cloud based solutions are VERY good, and drastically cut down on bandwidth used by email since only the valid email hits your wire.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
There are a number of things that you can do to cut down on the amount of spam.

Turning on rules in your e-mail server helps; stuff like verifying the e-mail is coming from the domain that they're listing, using Open Relay database lookups, and blocking from DHCP addresses. Since most spam is generated by bots, and 99% of those bots are on DHCP, just blocking emails from DHCP IP's will reduce it drastically.

Then, using a product like SpamAssassin should nip the majority of what DOES get through in the bud.



Just my 2¢

"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."

--Greg
 
Blocking from DHCP is a double edged sword though. Some Comcast business connectiones are persistent DHCP. So legitmate businesses could get blocked.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 

It looks like this thread has went completely off course. I initially asked about how one educates users on a security issue.

The human being is still the greatest security breach. Writing down your password and posting it on your monitor is a security breach. And so is putting your e-mail address out everywhere in a scannable form.

I recently even discovered that an e-mail address for one of our distribution lists was in a spammer's database. An e-mail address for an internal distribution list should never be given out. I ended up changing the address for the list.

All these users have to do is something like this:

user(at)company(dot)com

I don't trust most spam filters. Every three months or so, I have to deal with some issue that involves somebody at my company not being able to send to somebody else because of some stupid spam filter.
 
True, but internal email DLs should be configured to only accept email from internal recipients. Problem solved for that.

Someone's email address becoming public is nowhere near what I would call a security breach. It's a form of communication, and is probably listed on business cards and other places. Spam filters, when properly administered, work great. But spam prevention isn't set it and forget it. New and evolving technologies are constantly changing. 1 year ago, you could send to a lot more places than you can today - completely because no one was checking SPF records. That's changing. And quickly.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
To be fair, most organisations use some standard format like firstname.familyname@somethingcompanyish.country.com, which renders the whole thing fairly obvious anyway, unless you take great trouble to ensure the names of your employees never come out in public in any form.
 
Ho hines,

I've 'scanned' the responses, so please ignore if I'm duplicating, but are you aware of lists of 'spammers' out there on the 'net - download-able as CSV?

Have a system in place for individual employees to add emails to a spam-list (let them do some of the donkey-work - you cannot identify all spam for them), but, also cover as much as you can via publicly available spammer-list updates.

Educate users that this is 'par-for-the-course' with no 'magic bullet'.

;-)

J



 
58sniper,

Nobody in this entire discussion has come up with a valid solution to the actual problem.

If my users are going to put their e-mail addresses everywhere on the Web, then they should accept the spam that will inevitably come from doing so. First and foremost, you avoid spam by keeping your e-mail address out of spammer databases.
 
hinesward said:
Nobody in this entire discussion has come up with a valid solution to the actual problem.

If my users are going to put their e-mail addresses everywhere on the Web, then they should accept the spam that will inevitably come from doing so. First and foremost, you avoid spam by keeping your e-mail address out of spammer databases.

Well, there you go. I have been spammed, somehow, even at work. I never use my work e-mail for anything non-work related. Spammers are not stupid.

You will be on a spammer's list within an hour of getting a new e-mail address.

The best solution for me, personally, is using Gmail. Their spam filter is very good; better than any other spam filter I've seen. Very few false positives (for me, maybe one every month or so).

The best solution in general is education. There will always be some gullible newbies out there, but the fewer naifs there are, the less profit there will be for these sleazebag spammers. Don't click - delete!

-- Francis
I'd like to change the world, but I can't find the source code.
 
Bah!

A properly configured antispam solution will handle nearly all inbound spam. That should take place at the gateway/perimeter. Any legitimate business needs to address it. It doesn't matter if the user advertised their email address on a billboard in the middle of town, or the user never gives out their address. A business email system will be sent spam. Period.

Imagine this - you have a user who sends their spouse an email. The spouse saves the email address of your user in their Contacts/Address Book. Their machine gets infected with an email-bourne malware that grabs the Contact list and sends it back to a database. Neither user did anything wrong - yet now the email address is on a list that will be sold to spammers. You simply cannot stop an email address from getting publicized. You can only deal with the results of that.

And a business has no way of knowing HOW that address got onto a specific spammer list that resulted in a specific email getting sent to their mailbox.

Imagine a user goes on vacation, and turns on their Out Of Office setting, with a message that says "I'm away.... for assistance, please contact bob@yourdomain.com". Spam hits the mailbox, gets the OOF reply, and now knows two things: the original email address is valid, and so is Bob's.

Any business that says it's the users fault for getting spam is just trying to deflect the blame to avoid having to admit fault. There are many simple solutions that resolve the problem nearly 100%. Some are cloud based, some are on-premise. But all should happen near the perimeter.

I don't say this because corporate messaging is my line of work and I want some business. I say it because I see this all the time, it's not terribly difficult to resolve, and a businessed can reap the rewards by addressing it with determination.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top