Security Management Strategies for the CIORequires Free Membership to View
Your approach of automatically deleting non-whitelist email messages will certainly keep image spam to a minimum -- in fact, close to 100%. When it comes to tackling spam, whitelists are certainly a better approach than blacklists. Spammers continually create new email addresses to send messages from, or new keywords to use in their email, so blacklists are nearly always out of date.
A major drawback of whitelists, however, is their inordinate number of false positives. With whitelists, it's easy for a number of genuine emails to be deleted. An email from a potential supplier, for example, may include a corporate logo. Unless the company is already on the whitelist, the email will be deleted.
Trying to avoid the number of false positives requires an up-to-date whitelist. Maintaining this catalog of trusted sources is another drawback. Whether you use specific email addresses, IP addresses or trusted domains, gathering the list can be a very time–consuming and labor-intensive task.
If most of your legitimate email comes from a relatively small and fixed set of senders, then I would stick with your current tactic. The effectiveness of the strategy justifies the work involved in maintaining the list. However, if your users are likely to register for online services or subscribe to online newsletters, you could run into problems. For example, if you don't immediately add a new email source to your whitelist, or if the domain or IP address is entered incorrectly, the communication will fail. In these circumstances, instead of deleting emails containing images, I would quarantine them. Then, the recipient can quickly review the "from" and "subject" fields before allowing them to be downloaded to his or her inbox. Most gateway spam filters provide this type of functionality.
You could also institute a challenge-response test. When an unknown sender writes an email to one of your users, the system can automatically send a challenge back to the sender. The sender has to respond to this email in order for the message to be delivered. Since spammers are unlikely to bother with a response, the approach can be an effective one. The technology can be irritating, however, for your genuine correspondents.
Unfortunately, there's no perfect antispam strategy, but you should definitely back up your technology-based defenses with security awareness training and a strong email policy. Many users are still unaware of the often malicious nature of spam.
More information:
This was first published in September 2007
Join the conversationComment
Share
Comments
Results
Contribute to the conversation