Estimated Reading Time: 5 minutes
If you’re being lambasted with junk e-mail known as spam, you need to solve the problem. Not only does it expose staff to unsavory/unwanted messages, it steals time from productive assignments, it’s a security risk and it can clog your e-mail system–or worse, shut it down — for legitimate users. Being aware of the mailers’ methods can help you deflect future incoming junk e-mail.
Spam is the distribution of unsolicited commercial e-mail by mass mailing to millions of addresses. Addresses are attained in a couple of ways:
The bad news is you can’t eliminate all junk e-mail. The good news is you can eliminate a lot of it.
Here is some advice that will cost you $0.00 to implement.
A multilayered anti-spam strategy using a combination of content filters, white lists, and blacklists is the best way to get spam to cease and desist — at least in your organization’s e-mail boxes. Solutions are based on 1) the identity of the sender or 2) the message content. Many strategies combine the two types. The solution can reside on the gateway, server or users. The server-based approach is the most seamless because it doesn’t take up space on individual PCs or involve training. The following is summarized from
InfoWorld, July 21, 2003, pages 40-48, “Canning Spam,” by Jon Udell.
Anti-spam technologies include:
Blacklists indicate who to keep out. Blacklists can create false positives of legitimate bulk mailings. (such as this e-news).
Run inbound e-mail through a series of checks defined by organizational policy. You decide which identity or content-oriented spam-detection modules to use and whether to reject quarantine or tag a message that meets the checkpoints.
A DSN-based blacklist keeps spammers from connecting to targeted mail servers. They look up a sender’s IP (Internet Provider) address in databases that track and report spammers. Some anti-spam vendors ship their wares with DNSBL disabled and leave it up to the customer to enact it. Others use them by default, but as part of an overall score (for the spam message).
DNS-based white list is user driven. The system alerts the user to a potential piece of spam. The user indicates whether he/she wants to receive mail from this sender. The program “learns” the preferences of the user and checks content before allowing the message through in the future.
A DNS MX record creates a mail route for a domain name. The domain owner uses RMX records to identify hosts within the domain that are authorized to send mail. The server receiving mail would check incoming mail against the lists and only allow entry to those listed. The other mail can be rejected or quarantined.
An S/MIME allows digital signatures and encryption. Although digital signatures would plug holes in the system that leaks information through e-mail; encryption would not allow other anti-spam strategies, such as content analysis.
All states except Arkansas, Florida, Georgia, Hawaii, Indiana, Kentucky, Massachusetts, Michigan, Missouri, Montana, Nebraska, New Hampshire, New Jersey, New York, Oregon, Pennsylvania, South Carolina, Texas, and Vermont have some form of anti-spam legislation, according to Jon Udell. Some have been challenged on grounds of free speech; some don’t allow individual action by recipients of ISPs, some offer the spammer more protection than the recipient.
The response to the federal do-not-call list to harness telemarketing is spurring Congress to look at anti-spam legislation. Two competing bills (the Burr bill and the Wilson-Green bill) are under consideration, each with its own backers and detractors. Two differences keep consensus from being reached: 1) how to define spam: as legitimate commercial e-mail or as fraudulent e-mail, and 2) the rights of citizens to sue spammers. Layer onto this the viewpoints of the consumer constituents versus the ISP constituents: one wants peace of mind; the other wants a piece of the pie. For more information on this topic read: “Spam heats up Capitol Hill,” by Caron Carlson, eWeek, July 21, 2003, page 45; and “Throwing the Book at Spam,” InfoWorld, July 21, 2003, pages 42-43.
“First let me congratulate you on a conference well done. I had a great time at the Nonprofit Employee Benefits Conference and walked away with some valuable tools and questions that we’ll need to be addressing in both the short and long term. Thanks to you and your staff for all you do to provide us with quality resources in support of our missions.”
“BBYO’s engagement of the Center to conduct a risk assessment was one of the most valuable processes undertaken over the past five years. Numerous programmatic and procedural changes were recommended and have since been implemented. Additionally, dozens (literally) of insurance coverage gaps were identified that would never have been without the work of the Center. This assessment led to a broker bidding process that resulted in BBYO’s selection of a new broker that we have been extremely satisfied with. I unconditionally recommend the Center for their consultative services.
“Melanie Herman has provided expert, insightful, timely and well resourced information to our Executive Team and Board of Directors. Our corporation recently experienced massive growth through merger and the Board has been working to better integrate their expanded set of roles and responsibilities. Melanie presented at our Annual Board of Director’s Retreat and captured the interest of our Board members. As a result of her excellent presentation the Board has engaged in focused review which is having immediate effects on governance.”
“The Nonprofit Risk Management Center has been an outstanding partner for us. They are attentive to our needs, and work hard to successfully meet our requests for information. Being an Affiliate member gave us access to so many time- and money-saving resources that it easily paid for itself! Nonprofit Risk Management Center is truly a valued partner of The Community Foundation of Elkhart County and we are continuously able to optimize staff time with the support given by their team.”
“The board and staff of the Prince George’s Child Resource Center are extremely pleased with the results of the risk assessment conducted by the Nonprofit Risk Management Center. A thorough scan revealed that while we are a well run organization, we had risks that we never imagined. We are grateful to know that we have now minimized our organizational risks and we recommend the Center to other nonprofits.”
Great American Insurance Group’s Specialty Human Services is committed to protecting those who improve your communities. The Center team has committed to delivering dynamic risk management solutions tailored to nonprofit organizations. These organizations have many and varied risk issues, hence the need for specialized coverage and expert knowledge for their protection. We’ve had Melanie speak on several occasions to employees and our agents. She is always on point and delivers such great value. Thank you for the terrific partnership and allowing our nonprofits to focus on their mission!