(Steven Andrés, PC World) Whether your business is a big fish or a small-fry home office, you can get hacked just the same, and the stakes are higher than a few canceled credit cards. Here are a few tips to protect your users and your networks - steps that even enterprise-class security specialists may slip up on.

Steps for small businesses and enterprise-class security specialists:

1. Know Who Might Be Targeted - and How and Why
2. Don't Take the Bait
3. Use Unique Email Addresses to Keep Password Reset Emails at Bay
4. Don't click on anything in email
5. Patch Early, Patch Often
6. Don't Let Bob Stop You From Running a Secure Network
7. The P of P2P Is Personal, Not Business
8. Nail Down Your Network

Read more by following the "full article" link.

(Ellen Messmer, Network World) Botnet attacks are increasing, as cybercrime gangs use compromised computers to send spam, steal personal data, perpetrate click fraud and clobber Web sites in denial-of-service attacks. Ranked by size and strength, these article presents the 10 most damaging botnets in the U.S.

1. Zeus
Compromised U.S. computers: 3.6 million. Main crime use: The Zeus Trojan uses key-logging techniques to steal sensitive data such as user names, passwords, account numbers and credit card numbers.
2. Koobface
Compromised U.S. computers: 2.9 million. Main crime use: This malware spreads via social networking sites with faked messages or comments from "friends."
3. TidServ
Compromised U.S. computers: 1.5 million. Main crime use: This downloader Trojan spreads through spam e-mail, arriving as an attachment.[...]

Read more by following the "full article" link.

(Lance Whitney, CNET News) "Bomb Blast." "Jackson is still alive: proof." "Obama cursed by Pope." These are just a few of the subjects used by cybercriminals last year to trick people into opening malware-infected e-mails.

Spam that uses the latest news headlines was just one of the hot trends last year in the world of cybercrime, according to McAfee's "Q4 Threats Report", released Tuesday. The latest threat assessment also noted a rise in "hacktivism," or politically motivated cyberattacks.

Though spam levels in the fourth quarter actually dropped by 24% from the third quarter, the daily volume of junk mail around the world still averaged 135.5 billion per day. To reach that level, spammers relied heavily on news stories, especially tragedies.

(Tina, makeuseof.com) While spam protection has become quite effective at recognizing unsolicited bulk email, it’s still impossible to filter out and stop receiving spam. The easiest way is to control the information you’re releasing about yourself.

Besides regular spam, you receive a lot of advertising in your inbox. Although these emails are often personalized, they still classify as spam. However, these emails were usually created based on information you made available about yourself, rather than straight forward email guessing.

Hence, in order to stop receiving spam, you must protect and hide your email address, by:

1. Scrambling it
2. Hiding it in an image
3. Encoding it
4. Hiding it behind a test
5. Not sharing it [...]

Read more by following the full article link.

(by hjkim, MailRadar Community) When most people think about email security, they think in terms of virus and spam protection. The typical questions are: 'How do I protect my users from viruses and spam?', 'What about phishing?', 'How are Trojans and other threats stopped?'. What is missing is a comprehensive, holistic approach to email security.

The above are some of the issues that a company needs to consider. However, there are many other issues that need to be addressed:

1. Educating the employees and helping them understand how security affects their livelihood
2. Reviewing physical security regularly
3. Checking the network security
4. Validating the administrators managing your email server
5. Software security

Email security encompasses much more than just anti-virus and spam protection. The biggest threat does not occur outside of the company; most of the threats are within the company where information can be easily shared and hacked.

(Matthew Broersma, ZDNet UK) Less than five percent of all email is delivered to mailboxes, as the rest is junk blocked by spam-fighting efforts, according to Enisa, the European Network and Information Security Agency.

While anti-spam measures are well used by providers, junk email remains a key problem for them and takes up a large part of their annual budgets, according to the report. [...] One-quarter of very small providers said they spent more than €10,000 (£8,700) per year on fighting spam, and one-third of very large providers invested more than €1m per year.

"The data on aborted SMTP connections and filtered emails seems to show that anti-spam measures are currently highly effective," study says. The result is that only 4.4% of all email was delivered, down from 6% in Enisa's last spam report 2 years ago.

The agency noted that many providers, though not all, currently use collaborative measures to fight junk mail, such as working with spam-sending ISPs to eliminate the problem. It recommended that more service providers should work together on the problem.

(Debra Littlejohn Shinder, TechRepublic) If it seems like you’re getting hit with more email scams than ever, you’re right. Email scams have been with us since the Internet went commercial back in the early 1990s. But scammers have gotten more sophisticated, and some of the more recent email scams are harder to detect — unless you know what you’re looking for.

Let’s look at some of the email scams that are currently going around the Internet and how you (and your users) can recognize them and keep from being victimized by them:

1. Fake Facebook “friend” messages
2. Fake admin messages
3. Fear-mongering messages
4. Account cancellation scams
5. Bogus holiday cards
6. Phantom packages
7. Threats from the government
8. Census survey says…
9. In Microsoft (or Apple or Dell or HP) we trust
10. You’re a winner! [...]

View the original article and learn more about email scams by clicking on the "full article" link.

This article performs a comprehensive analysis of Axigen Identity Confirmation© - a Challenge / Response-based anti-spam system embedded in the Axigen solution. It is a pertinent presentation of the concept, characteristics and benefits entailed by Identity Confirmation in the context of the overall existing Challenge / Response anti-spam filtering technology and the way it has been, until now, approached and made available to the general public.

It is not a matter of novelty to any efficiency-oriented business professional that in nowadays email communication environment, the security issue is not one to ignore. Particularly when talking about the fast-adapting spamming methods which, at the spam-receiving end, can easily be translated as detrimental to the general productivity (therefore wasted) time.

On the other hand, anti-spam measures are constantly implemented, and filters consistently improving. However, the ongoing spam problem has been gaining a lot of ground lately as spammers keep changing tactics frequently enough to make even the best, most adaptive filtering systems unable to cope. The spam-increasing situation has been heavily tackled with for several years now, and strong voices emerged, stating that the best anti-spam approach might not be filtering at all, but a Challenge / Response (C/R) system.

The problem with electronic mail today
Email is not what it was supposed to be. Its inventors have not foreseen the dan¬gers associated with this new form of communication. Means of protection were added later on, but do little to protect people’s mailboxes. As a result, most of the mail traffic these days is unwanted: spam, malware, phishing. How can we use the AXIGEN Mail Server and existing free anti-spam, antivirus and anti-phishing software and technologies so that the result is more than the sum of the parts?

Traditional filtering in AXIGEN
From its very beginnings, AXIGEN has integrated open-source filters such as SpamAssassin and ClamAV and has used the fastest way to process mails through them by interfacing with their daemons directly. But this usage scenario had a major downside: mail messages were scanned in the queue, after having been accepted by the mail server. As a result, “Spam” folders had the tendency to grow indefinitely and waste space in the server storage and backup mediums.

A new approach to email filtering
Starting with version 6.2.2, AXIGEN can integrate with a Milter filter at the SMTP level, enabling scanning of the incoming SMTP connections. The possibility to scan a message before receiving it opens up new perspectives, as it enables us to refuse a message if the content filters strongly indicate that the scanned message is unwanted.

Let’s take a simple example, in which the decision to reject a mail was taken by the Milter filter by evaluating the results of the antivirus scanner. Why would this be a better choice than quarantining, for example, or tagging?

For one thing, we do not accept the message and no further resources are allocated to this mail: processing, storage, backup, double-checks etc. For unwanted traffic, this is a very good thing as it minimizes your problems. However, what happens if, unfortunately, the refused message is a legitimate mail? Let’s compare the three valid choices: quarantining, tagging or refusing the message.

• Quarantining means that the unwanted mail would end up in a rather large quarantined space. Suppose we only do this for malware as detected by an antivirus content filter: viruses, worms, phishing. Can we alert the receiver for every quarantined mail that was heading to their inbox? Realistically, no, because the malware traffic can reach really high levels. Add to this that almost all of it is spoofed and you risk to get into situations in which innocent people are blamed for spreading malware, when their only fault would be the fact that their address is known by spammers. So, when a mail is quarantined, neither the sender, nor the recipients are usually aware of it. If through some other means one or both of them find out about the missing mail, typically the receiver will have to alert his/her administrator of the mishap in order to gain access to the quarantined mail.


• Tagging, often applied to spam messages, means the message will usually end up in a sub-folder of the recipient’s mailbox, typically named “Spam”. He/she may or may not check that folder for false positives, but as no filter is perfect, sooner or later some legitimate mail will end up in “Spam”. When that happens, neither the sender, nor the recipient will be aware of it. If through some other means, one or both of them find out about the missing mail, the receiver will usually have to dig through its spam folder to find the legitimate mail. This may be quick if he/she knows the exact coordinates of that mail (sender, date, subject), or may be a daunting task if the “Spam” folder is rather large and the data is very vague (eg. "Should have received a mail from a South American company with some financial info").

To learn more about our innovative, Milter-based filtering, please continue to read this whitepaper by clicking here: Innovative Mail Filtering, or contact us at: sales@axigen.com. We also invite you to sign up to our free, live webinar organized in partnership with the The Radicati Group:


About AXIGEN and Gecad Technologies
Gecad Technologies SA is the vendor of AXIGEN, a professional messaging solution that ensures an efficient and secure worldwide communication environment and business growth for both service providers and companies of all sizes. Our cutting-edge products, based on proprietary architectures such as AXIGEN GrowSecure™, AXIGEN SmartProcessing™ and AXIGEN UltraStorage™, are currently distributed internationally by over 170 partners from 80 countries, managing email traffic for more than 11,000 companies with 6 million end-users. For further details, please visit www.axigen.com

(Samara Lynn, ChannelWeb) In light of all the ongoing, and terrible, security trends and case studies involving credit-card-number theft, bot attacks and remote execution of malicious code, e-mail spam seems more like a minor nuisance rather than an outright data threat by comparison.

Spam, however, is undeniably part of the threat landscape. Viruses can piggyback on it, but more often than not, spam can build up at exponential rates that may cost users hours in lost productivity as they attempt to rid their e-mail boxes of it.
Spam buildup can also be indicative of holes in a network's security defense. Spammers will often take advantage of open ports on misconfigured firewalls and SMTP servers to relay their annoying messages.

There are lots of products out there to combat spam. Many of them are bundled as all-in-one security solutions that include antimalware, firewall and Web filtering services.

Lately, more and more companies that rely on IT services have begun to understand the true benefits of network subsystem interaction. Some of the well established examples are already accepted as being the de facto way of doing things. To a lot of people, the Apache integration with MySQL or PHP is no longer considered to be a bunch of independent software packages that cooperate. This cooperation is so productive that everything got merged into a single concept: the AMP (i.e. LAMP, WAMP etc.).

Along the same lines, the AXIGEN electronic messaging system can be expanded to provide external applications with the information required to perform advanced tasks in a very productive and cost effective way. You should bear in mind that some of the expansion methods described in this article are generic and can be applied to various situations while others are very specific.

(By David Hamilton, theWHIR.com) Two weeks since web hosting provider McColo - the alleged host to some of the most heinous criminals on the Internet - went offline, analytics firms across the web have found that global volume of spam has dropped by up to 75 percent and is staying low.

After staking out McColo (www.mccolo.com) for the past four months, the Washington Post's Security Fix blog found that the San Jose host was likely hosting "some of the most disreputable cyber-criminal gangs in business today," including child pornography, anti-virus scams and malicious software, which has stolen banking and credit card information from more than half a million people. Security Fix blogger Brian Krebs informed two of its upstream Internet providers, which subsequently ceased their service to McColo.

Since effectively blowing the whistle on McColo, Krebs has found spam levels have been remaining low. Citing email security firm IronPort's (www.ironport.com) reports that it blocked around 35 billion junk emails Monday, down from weeks ago when it would have typically flagged roughly 160 billion messages daily. He also noted that Spamcop.net's reports show spam volumes "well below half" the levels reported before McColo was taken down.

Well it looks like there's no stranger-danger when it comes to spam in the US. The generous amount of medicine, appendix enlargers and luxury items offered to you in unsolicited emails used to stream from the bosom of US spam-sugar-mamma McColo Corporation...

(Money.co.uk)"This week saw global spam levels drop significantly after two major US internet providers pulled the plug on spurious hosting firm McColo.

In the immediate aftermath anti-spam firms reported an astounding 70% reduction in the amount of junk mail in circulation.

Californian based McColo is believed to have hosted domains for spam gangs running some of the most prolific spam-producing botnets in the world, in addition to a number of fake pharmacy, antivirus, designer goods and child pornography sites.

ISPs Global Crossing and Hurricane Electric, who were together responsible for providing 90% of McColo’s access to the wider internet, shut off the firms access on Tuesday after receiving a detailed report from the Washington Post. The report culminated a four month investigation by Security Fix, the newspaper's security blog, into activity emanating from McColo-hosted domains.

While it is yet unclear as to whether McColo will be officially investigated and held legally responsible for the immoral activities of its clients, the company have responded by shutting down all operations."

But don't be fooled by the fall of one head of the hydra; even if it is a big one. McColo is soon to be replaced by other web hosting companies fronting for big-time spammers. Luckily there is hope still. If you want a safe haven against spam, know that Axigen is capable to integrate multiple antivirus and antispam applications at server level or SMTP level, building filtering chains that can be applied differentially at server or even domain level. How's that for proctection ?

(CRN Network) According to Trend Micro, India is the seventh largest spam sender in the world. It is the leader among Asian countries in spam, accounting for more than 4 percent of the total global spam. It is ahead of other Asian countries such as China (3.39 percent), Republic of Korea (2.57 percent) and Thailand (2.04 percent). Asia contributes 16.57 percent of the global spam volume. [...]

Globally, the Russian Federation heads the list of spammers accounting for more than 11 percent of total spam, followed by the United States of America at 9.36 percent. Trend Micro reports that the Bric countries (Brazil, Russia, India and China) together account for around 20 percent of all spam. Experts at Trend Micro further indicate that spam from emerging markets will continue to grow till the proper Internet infrastructure is in place. The world’s top 10 spam relaying countries account for about 57.4 percent of the global spam volumes.[...]

(ComputerWorld) Congratulations, you won the lottery in a country whose name you can't even pronounce! A wealthy oil executive in a far-off land wants to give you millions of dollars, right now! Sexy girls want to meet you!

Now let's be honest. If someone came to your door and told you any of those things, you'd tell him to get lost. So why do people still fall for this stuff when it's in their e-mail, as if a poorly written message made a weird-sounding pitch any more legitimate?

The saddest part is, the only reason annoying e-mail keeps filling your in-box is because it works. No matter the number of reports detailing e-mail hoaxes gone bad and tales of spammers taking people for all they're worth, people just keep on clicking.  Why? It's the law of percentages. The response rate for snail-mail spam is between 0.5% and 1%. That might not sound like a lot, but if you apply it to e-mail, it means a spammer can send 1 million messages -- without the cost of paper and postage -- and 5,000 to 10,000 people will answer. In fact, a study out this month indicates that nearly 30% of Internet users confessed to purchasing something from spam e-mail.

Spam is once again on the rise, and this time it's apparently being fueled by spam vendors that can't scale. That's the accusation being leveled by Google, which today revealed some surprising new spam figures.

The fight against spam has increased in traction for Google (NASDAQ: GOOG) with the acquisition of vendor Postini for $625 million last year.

Time of year plays a role in the increased volume of spam seen in July, according to Sundar Raghavan, a product marketing manager with the Google Apps Security & Compliance team

"Historically every summer there is increased activity in terms of spam volume, but the sophistication they are using this time around seems to be more robust," he told InternetNews.com.

"Between July and August we have started to see a very interesting pattern in term of volume and sophistication of e-mail threats incoming," Raghavan said. "Around July 20 we started seeing a spoofed UPS tracking e-mail messages going to users. On July 24 saw a peak of 10 million messages."

Panda Security and Commtouch have jointly issued an Email Threats Trend Report for the second quarter of 2008. Here are the major findings of the report, as released by the two companies:

  - Spam levels throughout the second quarter averaged 77%, ranging from a low of 64% to a peak of 94% of all email towards the end of the quarter
  - Top domains hosting zombies include: Telecom Italia, Brasil Telecom, and Verizon
  - 10 million zombie IP addresses are active each day, on average
  - United States dropped to 9th place in number of zombies globally. Turkey is #1 with 11% of all zombies
  - Pharmaceutical spam is the most popular topic, comprising 40% of all spam
  - Phishing scams took advantage of the higher education community, as well as Google adwords users
  - Spammers experimented with vertical display in Chinese-language spam

Sudden massive bot recruitment campaign by Srizbi botnet drives malicious spam up 9.9%, according to researchers at Marshal

A massive bot recruitment campaign appears to be behind a record surge early this month in the volume of malicious spam -- from 3 percent of all spam traffic to nearly 10 percent, according to researchers with  Marshal’s TRACE team .

The Srizbi botnet, which has been making bigger waves these days than the fizzling Storm botnet, is the main driver of this malware-laden spam, according to Marshal, which says malicious spam traffic tripled within just one week. Srizbi is behind nearly half of all spam, malicious or otherwise, according to the researchers.

“When you see a 9.9 percent jump in one week, that’s significant. They either accidentally sent out too much spam or are on an ambitious recruitment drive at the moment,” says Bradley Anstis, vice president of products for Marshal. Anstis says he thinks it’s more the latter.

MX Logic last week reported a worm that had generated over 8 million spam messages in an apparent attempt to recruit bots for Srizbi.

Tech vendors have made headway in the war on spam, yet spammers are returning volley with sheer numbers. Perhaps it's time for more drastic measures?

"The biggest reason we're not winning the war on spam has little to do with the anti-spam vendors," says Logan Harbaugh, a Test Center analyst. "It's more about the ever-increasing volume of spam."

Anti-spam email appliances work anonymously on the frontlines of IT security, blocking millions of pieces of spam (or unwanted e-mail) every day. And anti-spam vendors are doing a decent job: According to the Test Center, email appliances today catch an average of 96.1 per cent of spam, up from 95 per cent two years ago.

But vendor advancements pale in comparison to the swelling ranks of spammers. A Symantec report released this month shows that spam is on the rise. In March, more than 80 per cent of all email was spam, up from 78.5 per cent in January and February. Overall, spam volume is up 20 per cent compared to last year. The report also warns of a popular spammer trick called backscattering, which is the practice of bouncing emails around the globe until they're received.

E-mail users are receiving an increasing number of bounceback spam, known as backscatter, and security experts say this kind of spam is growing

The bounceback email messages come in at a trickle, maybe one or two every hour. The subject lines are disquieting: "Cyails, Vygara nad Levytar," "UNSOLICITED BULK EMAIL, apparently from you."

You eye your computer screen; you're nervous. What's going on ? Have you been hacked? Are you some kind of zombie botnet spammer? Nope, you're just getting a little backscatter -- bounceback messages from legitimate e-mail servers that have been fooled by the spammers.

Spammers like to put fake information in their e-mail messages in order to sneak them past e-mail filters. Because e-mail filters now just delete messages that come from nonexistent domains, the spammers like to make their messages look like they come from real e-mail addresses. That means, if your e-mail address has been published on the Web somewhere, you're a prime candidate for backscattering.

Small businesses are indeed the latest target for spammers. Most small businesses -- unlike their big business counterparts -- have less sophisticated anti-spam protection, and spammers have shifted their tactics to take advantage of an easier target.

Unwanted email is a threat to both productivity and security. Spam now comprises more than 50 percent of all enterprise email and represents somewhere between 40 and 70 percent of all Internet traffic. Some data show that more than 30 percent of spam is generated by virus-infected computers, and more than 30 percent of viruses are propagated by spam.

The increasing interconnectedness of big businesses with small businesses, which are employing at best basic desktop antivirus defenses and very little spam protection, means that a large percentage of spam, virus, and blended attacks are spawned small businesses.

But it’s not a losing battle. New technology can filter out more than 97 percent of spam — without axing legitimate messages.

SoftScan, a European managed-security services provider focused on messaging, reported that spam levels dipped slightly in January to 96.8 percent of all email scanned, compared with 97.02 percent in December 2007.

While SoftScan’s reported drop isn’t much of a break in unsolicited email (the company describes it as a “lull before the next surge”), other observers failed to detect even a limited respite.

“While logic would dictate that spam levels would subside after the holidays, they’ve continued to soar and reached 78.5 percent of all email traffic during January,” Symantec Corp. noted in its recent spam report.

Dead giveaways that an email is bogus — or phishing to steal your identity.

Each day, most Internet users are assaulted by "important" emails that require "immediate attention" about some type of banking or e-commerce matter. The email urges you to click a link to go to the company's site to straighten out the problem. The catch is that the link takes you to a site that has been designed to look exactly like the real company's site, but is instead just a front for gathering personal information.

Most financial or commercial crisis messages are bogus, but a few might not be. So how do you sort out the real email from the garbage? These tips from the Anti-Phishing Working Group can keep you from getting hooked as another phishing victim:

    - Be automatically suspicious of any email with urgent requests for personal financial information.
    - Don't use the links in an email, instant message or chat to get to any Web page if you suspect the message might not be authentic or you don't know the sender or user's name.

The definition of SPAM has changed from the permission-based regulatory definition of "unsolicited commercial email" to a subjective, perception-based definition centered on consumer dissatisfaction, according to a recent survey.

Jointly conducted by Chicago-based Q Interactive and Warren, R.I.-based MarketingSherpa, the survey's goal was to reveal consumers' perceptions of what they consider to be spam, why they report emails as spam and what they think happens when the "report spam" button is clicked.

An overwhelming number of consumers misuse and misunderstand the definition of spam, ultimately hurting legitimate marketers--but also consumers themselves who are seeking the messages they want, but instead are automatically being unsubscribed.

There is confusion among consumers regarding what they believe will happen as a result of clicking the "report spam" button. Over half of respondents (56%) reported it will "filter all email from that sender"--while 21% believe it will notify the sender that the recipient did not find that specific email useful, so the sender will "do a better job of mailing me" in the future. About 47% believe they will be unsubscribed from the list by clicking "report spam."

Authentication provides email senders and receivers some additional ways of differentiating legitimate email from spam, phishing and other forms of fraudulent email that threaten the safety of consumer and damage the reputation of the brands whose domain names are abused.

But wait, there's more!

Undertaking the sometimes daunting task of deploying authentication also provides a great excuse for IT managers to begin tackling the unruly and sprawling beast that is today's modern corporate email infrastructure.

One of the benefits of deploying authentication is that it necessarily requires you to survey – and perhaps rein in – all of the ways the organization uses email. Thus this process provides IT managers with an excellent opportunity to bring some order, or at least some understanding, to what can sometimes be a chaotic mess.

Ask any Internet user what they hate most about being online and you will usually hear an earful about spam. Spam is considered by many to be the scourge of the Internet. It is certainly a costly problem, both in time and in the costs organizations expend to fight it.

The first, and least common, is spammers that obtain temporary legal and real accounts with ISPs. This is less common because most ISPs quickly shut down these accounts. There are a few ISPs that turn a blind eye, but they are likely already known and blacklisted.

The second method used to send spam is through compromised hosts, usually workstations and home computers on high-speed connections such as DSL or cable modems. These systems are usually compromised and have become part of large networks of zombie systems called bot-nets.

Phishing is one of the most prevalent of all Internet scams. At any one time, a large number of major financial institutions and online entities around the world will be the target of phishing scammers. Some high profile institutions such as Citibank and PayPal are targeted almost continually. Phishing scams attempt to trick people into providing sensitive personal information such as credit card or banking details.

Phishing scams, exposed. Read about:
How Phishing Scams Work, How Scammers use Information Harvested from Phishing Scams, Common Characteristics of Phishing Scam Emails, What to do if you Receive a Suspected Phishing Scam, What to do if you Have Already Been Tricked into Submitted Information, How to Avoid Becoming a Victim of a Phishing Scam, and Examples of Phishing Scams.

A white-list is a list of email senders whom you trust and would like to receive mail from. Conversely, a blacklist contains those that are not to be trusted. Blacklists need to be configured and administered on a server, at the ISP (Internet Service Provider) level or on your network. If you do not have such access, and most people do not, you can use the blacklists by choosing email services from companies that use such blacklisting techniques.

A mail server is designated as having an open relay when mail is processed in a location that is not local to either the sender or receiver. The mail server is unrelated to either party, and as such, has no business processing that email. Think of driving from your home in Washington, DC to your friend's home in Boston. If you pass through New York City on the way, that is to be expected. However, if you stop in Dallas, the route becomes suspect. An open relay mail server, whether intentional or not, is allowing mail to be routed through it that shouldn't be.

Don't be surprised if you see a Valentine's spam originating from Europe that was linked on Google.

Symantec's February State of Spam report indicates that attackers are getting more sophisticated and elusive -- sending copious amounts of spam out of Europe and overseas, capitalizing on holidays and tax season and finding ways to get their sites at the top of the Google pages.[...]

Some of the those tactics include diversifying their geographic locations. Researchers found that European countries are hosting unprecedented amounts of spam compared to months and years past. The number of spam messages originating from Europe surpassed that of North America for the third month in a row, reaching approximately 44 percent of total spam, compared to spam sent from North America which composed about 35.1 percent.

How can we stop the madness? TQMCube’s David Hart, who currently runs a DNS blackhole list as an atonement of sorts for formerly serving as a consultant for a spammer, thinks that ISPs should simply block all unauthorized traffic on port 25, which computers use to send email. He believes that any port 25 traffic not destined for an ISP’s own mail server and accompanied with an authorized user name and password should be rejected.

Brian Livingston thinks the U.S. deserves a lot of the blame for having a weak spam law. The Can-Spam Act actually makes sending spam legal as long as the sender includes a street address and links to an unsubscribe process. While making spam illegal in the U.S. won’t wipe out the problem, “trying to stop shadowy, profitable activities is almost impossible if they aren’t illegal,” Livingston notes. “Only the existence of a Virginia law with real teeth tripped up Jeremy Jaymes [a notorious spammer]. A strong U.S. law could go a long way towards catching even more spammers.”

Meanwhile, some security vendors have released anti-botnet products, such as Trend Micro’s InterCloud Security Service for large network providers. The service identifies zombies on a network and can help stop them in real time. Trend Micro also says it has an anti-spam product that can detect and filter image spam.

Spam may be cheap for the people who send it, but it can be a serious expense for your business. According to a study conducted earlier this year by Nucleus Research Inc., spam management costs U.S. businesses more than $71 billion annually in lost productivity — $712 per employee.

Here's a quick look at the various ways that spam drains your company's bank account and how you can calculate the real cost to your business.

Anti-Spam Technology: Spam-fighting products and services are a big business, and anti-spam vendors aren't generating their revenue from the people sending junk email. Most companies not only spend thousands of dollars on anti-spam software and hardware solutions, but they also drop cash on employees and consultants to plan, deploy and maintain the technologies.

Lost Productivity: Spam wastes employees' time. The average employee spends 16 seconds reviewing and deleting each spam message, according to Nucleus Research. The company estimates that at businesses that quarantine spam (where junk messages are placed in a directory for review and confirmation by recipients), each user spends an average of 4.5 minutes per week reviewing messages. Deleting messages, however, turns out to be the most expensive spam strategy. The average employee at companies that delete spam messages loses an average of 7.3 minutes per week looking for lost legitimate messages.

In today's Internet environment, the spam issue cannot be eliminated 100%. It is a new problem, for which no conventional solutions have yet been designed. To address this increasing issue, many solutions for the stages before and after accepting mail messages were designed, to ensure most of the spam messages do not get to reach users’ mailboxes.

This article will focus on the most relevant ones, with a high degree of usability.

This article will focus on the tactics used by spammers to successfully deliver a mail message to the mailboxes on your server, despite any implemented sorting or blocking filters.

Just as the title implies, this article will focus on SPAM messages, on the "know your enemy" principle. We will first describe the different types of spam, to then move to analyzing the issue in perspective, and in detail.

The purpose of spam messages is marketing (advertising to be more precise), corresponding to the conventional ways of advertising, when you are normally able to choose which adverts you want to watch or not. Internet advertising has more options than the conventional ways, since no physical boundaries can be used to accurately select or sort the content (you cannot put a doorman to your server that is able to let the mailman in and keep the flier guys out), the virtual world offers new ways of doing advertising.

Here is an article I found on SearchSecurity.com (TechTarget), about how to prevent spam bots from hijacking an enterprise network. I think you will find it interesting and useful:

"Despite Bill Gates' assertion in 2004 that the problem of spam would be solved by now, it's still with us. In fact, it's on the increase. According to recent figures from Symantec, 61% of emails are spam, and almost 90% of emails emanating from some countries are spam.

Competitive Antispam products, proper legislation, efforts towards a better user education, it has all been tried in order to stop spam. However, unsolicited emails keep consuming the space and time of all email users. Moreover, spam messages can be the cause of serious virus and spyware outbreaks, while others “phish” for sensitive information like bank accounts and passwords.

All the spam I am getting in my inbox has made me look into some more effective antispam tools. While googling for more information, I came across this article about SpamAssassin. It looks good so far. Here is the article in full, written by Scott Sidel:

Spam isn't just about deposed Nigerian dictators who want to send you millions of dollars. Spam emails often contain malicious code, viruses, phishing attacks, and drive-by Trojans -- not to mention some inappropriate content. One of the best weapons available to defend your systems against spam is the open source software SpamAssassin.