Security Quiz Answer

Fighting spam and viruses: Quiz answers

Fighting spam and viruses

1.) The term "cocktail" has been used to describe an antispam technique. What is it?

The cocktail really isn't a single technique. The term describes a mixture of techniques you or your antispam vendor use to determine whether or not a message is spam. A cocktail can have many components, including algorithms that look at content, protocol and headers, and external information, such as IP-based black lists.

From the webcast:

Listen to the webcast for further explanation.

<< Back to quiz
























































Fighting spam and viruses

2.) Is it better to run antispam at the external MTA or on the e-mail client (such as Outlook)?

"Better" is always a difficult term in IT. The real answer is that you should run antispam at the point that makes the most sense for your organization, taking into account issues such as the handling of false positives and system performance. However, most antispam vendors have discovered that the closer to the Internet their product is, the better it can perform. This is because a direct connection between the antispam system and the spammer gives the system more information, including the real IP address of the sender and even some of the SMTP protocol behavior. If you push antispam towards the user's e-mail client, much of this information is lost or potentially obscured. However, depending on your tolerance for false positives and the actual e-mail load, you may find that some users prefer to have control at their local system or that local control is more appropriate.

From the webcast:

Listen to the webcast for further explanation.

<< Back to quiz
























































Fighting spam and viruses

3.) A company recently announced that its antispam product has no false positives. How is this possible?

You can assure that your antispam product has no false positives by never marking any message as spam. By increasing the false-negative rate to 100% (i.e., every single spam is missed), you are assured that no message will be accidentally called spam when it is not. However, as soon as you start to label messages as "spam" or "not-spam," you are assured that there will be both false positives and false negatives.

While many products have dropped their false positive rate to a very low level, none can truthfully boast that they have no false positives. Products often claim to have a lower false positive rate than they really do because of the inherent errors in the reporting of false positives. People tend to ignore "gray mail" false positives (such as messages from mailing lists that are not technically spam), and there is generally a bias to under-report errors in a product that is otherwise very satisfactory.

From the webcast:

Listen to the webcast for further explanation.

<< Back to quiz
























































Fighting spam and viruses

4.) You have designed an antivirus strategy that says that all messages with viruses in them are deleted, while all messages without viruses in them are passed on. What have you forgotten?

Every virus scanner has three answers: yes, no and "I don't know." You need to include in your strategy a plan for dealing with messages that might or might not have a virus in them. Some examples of messages that might show up as "I don't know" include encrypted e-mail, messages that cause the virus scanner to crash, or messages with archives that are not supported by the virus scanner or would otherwise exceed the time and space limitations in place for expanding e-mail.

From the webcast:

Listen to the webcast for further explanation.

<< Back to quiz
























































Fighting spam and viruses

5.) When mail is received at an SMTP MTA, it is not always known whether the recipient is valid. If, later on, the recipient is found to be invalid, it's probably because the message is spam. What's wrong with simply deleting that message?

It's true that e-mail addressed to invalid recipients are generally spam messages, because this is a common and heavily used spam technique. However, invalid recipients are also the result of spelling errors, from either new incoming e-mail (where the sender didn't know how to type a username or domain name) or replies where the sender made a 'fat-fingered' error. You can weigh the tradeoffs yourself, but it's important that you be aware of the consequences of simply deleting misaddressed e-mail.

Read the article for further explanation.

<< Back to quiz

This was first published in November 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: