Keep e-mail as a service, not a security black hole

Enterprise Networks & Servers, May 2005 by Patterson, Michael

E-mail makes communication easier than ever before. Just dash off a quick note and click send. But, like other open communication systems, its ease of use also leaves it wide open to a variety of security and productivity issues.

The original concern was in the area of viruses. Now it is blended threats and attacks such as last year's SQL Slammer, which doesn't use e-mail. There are still plenty of e-mail viruses out there, but they usually only wreak havoc with those who aren't keeping their systems' updated.

But there are three other areas where e-mail remains destructive:

* Litigation - E-mail that is full of idle comments, jokes and complaints. Even if deleted immediately after the user reads it, that e-maillives forever on backup tapes. Such e-mails increasingly decide the outcome of litigation.

* Resource hogging - E-mail with PDF or PowerPoint attachments take up a lot of space. If someone e-mails an attachment to 100 people internally you can end up with thousands of clones sitting in e-mail and file servers, replication servers and backup tapes.

* Wasting time - According to the British e-mail filtering company, MessageLabs Ltd., spam made up 65 percent of its customers' e-mail in December 2003. Add to that all the jokes and other personal e-mail that employees send and receive throughout the day, and e-mail can produce a huge drain on productivity.

Those are just a few of the major problems with e-mail. You can probably think of more. But just as companies are learning to prevent virus losses, so can other problems be detected and reduced or eliminated. Doing so doesn't have to be expensive or time consuming. Here are examples of how to do this for those using Ipswitch Inc.'s IMail Server. Other e-mail programs have similar functions, so consult your instruction manual to see what to do with the program you are using.

Virus blocking - If you want to block a virus like SoBig, click on the hostname in IMail Administrator, select the Inbound Rules tab and click Add. From the dropdown box, select "If the body text" and paste in the following: filename=.*\.scr

Click add condition and then insert OR. In the text box, paste once again: filename=.*\.pif

Click add condition and OK. Finally, select the action to be taken, "recommended delete for e-mails that match this rule."

Spam - IMail contains several features to block spam. These include:

* Real-Time Blackhole Lists (RBL) blocking mail from domain names and IP addresses known to be used by spammers.

* EHLO/HELO verification that the sending mail server domain exists in DNS.

* Kill lists for blocking particular e-mail addresses or domain names.

* Trusted IP address lists.

* Statistical, phrase and HTML filtering to detect nested tables, hyperlinks, images, scripts, invalid tags, mailto links, deceptive URLs, and embedded comments.

Content filtering - Administrators can create rules to block certain terms (Viagra, enlargement) in the headers or messages.

These types of rules do constantly require tweaking as spammers try to stay one step ahead of the filters, but it is more cost effective to keep an eye on this area than to waste all the users' time with spam.

In addition to using the features of your e-mail server, you can also buy an enterprise or personal spam blocker. There are many options in this area. In addition to the commercial products, an open source one that I like is SpamBytes (spambytes. sourceforge.net). It installs on desktops and resides in Microsoft Outlook. It catches spam that makes it through the IMail Server and moves it to a Junk E-mail folder. If it isn't sure whether something is spam, it puts it into a "Junk Suspects" folder for the user to decide. It then learns from the user's decisions and, over time, improves its filtering.

Internal hogs - Keeping out the spam helps a lot, but employees can be even worse. Before upgrading to Gigabit Ethernet or adding another e-mail server, find out who is sending all the e-mail and what they are sending. You can do this using an event log and syslog manager that operates with IMail Server such as Logalot. It allows you to run a report on the top 10 e-mail originators and recipients. From there, you can look at exactly what they are sending and receiving. This is a good way to track down who is wasting company time on jokes or worthless chatter. You can also find who is slowing down the network by broadcasting e-mails with multi-megabyte attachments, rather than just sending a link to a file.

Relay attempts - One other problem that has become increasingly prevalent is the use of innocent servers to send spam. You can run a report in Logalot to find any relay attempts using your servers. Clicking on the "Remote Server" address in the report pulls up detailed information on each relay attempt, including IP and domain information, as well as the ISP's contact information so you can get them blacklisted.

E-mail today is far from achieving its full potential. It is like owning a Ferrari, but being stuck behind a herd of slow-moving semis. The steps listed above are a few of the actions you can take to speed up that traffic and keep your employees working rather than sifting through all the garbage looking for something worthwhile. It takes tools and it takes discipline to make email an effective company resource rather than a productivity drain.