Reducing junk e-mail
At its best, spam, or unsolicited commercial e-mail, is unwanted and annoying. At its worst, spam is fraudulent and often objectionable, clogging e-mail systems and disrupting the productivity of computer users. To minimize the negative effects of spam, Arlington County, Va., has begun employee education intiatives and has installed filtering and recording software.
According to Dave Jordan, Arlington County’s chief information security officer, thousands of spam messages were coming into the county’s network each day. Some county employees were receiving upwards of 100 a day in their e-mail inboxes.
Arlington County’s first step in fighting spam was to educate county workers about the problem and its consequences, such as potential e-mail-borne viruses, reduced network storage space or the deletion of legitimate e-mail communications. In November 2002, the county launched an ongoing spam awareness campaign targeting workers at all levels of the network.
Through the campaign, the county tries to shift the perception of e-mail as a casual communications vehicle to that of a business tool and privilege. Employees are learning how to alter their use of subject lines and are encouraged to contact the security office when they are uncertain of an e-mail’s legitimacy or believe they are not receiving real messages. Also, they are encouraged to be cautious at home, because many employees take work home and can introduce a virus into the network when bringing that work back to the office. To ensure that new-hires adequately are prepared to follow safe computing practices, a detailed discussion of computer security policies also was added to the county’s new-employee orientation classes.
After it boosted education about spam, the county deployed anti-spam technology in early 2003. It installed Symantec AntiVirus for Simple Mail Transfer Protocol (SMTP) Gateways, from Cupertino, Calif.-based Symantec. In addition to protecting against viruses and user-defined inappropriate content, the software uses filters to identify and block spam according to sender address or domain, subject line, attachment, message size, and country of origin.
Filtered messages are logged into a quarantine account, providing e-mail administrators with a record of how accurately e-mail is being filtered. On average, 7,000 e-mails are filtered out each day.
To stay ahead of the spam curve, the county’s Department of Technology Services generates a weekly information security report. Using data extracted from the filtering software, the team can track the top spam generators and trends, and then add the domains to a custom sender block list to reject future e-mails from those locations. The report not only keeps IT personnel in the security loop, but it also provides documentation of the county’s success in curbing the proliferation of unwanted e-mail.
Arlington County employees no longer have to waste time wading through inappropriate messages. Jordan says that in the past 12 months, the county has eliminated approximately 50 percent of its spam, and he projects that the reduction will continue.
