HELP
BUSINESS SOLUTIONS
Taking spam off the menu
Spam has increased to such a degree that it is more harmful than viruses. Steve Baxter visits a school to
examine a system put in place by IT staff to try and stop the flood of junk email to teachers and pupils
CASE STUDY
THIS MONTH’S PROBLEM Bedford School is
an independent
school for around
T
his year might be remembered as the from genuine email – sometimes known 1,100 boys. An IT
year when spam messages first as ‘ham’ – has a significant effect on manager in a
outnumbered genuine emails. A productivity. We need add-ons to our school or college
report from email security firm MessageLabs email systems that deal with spam as faces different
says the company analysed almost one effectively as the software we use to problems to one in
billion email messages in May and found that fight viruses. a commercial company.
Whereas office workers
around 76 per cent, or over 700 million, were This is a challenge for developers tend to use the same com
puter every day,
spam (see Newsfile, Shopper September because spam messages don’t have the students use different com
2004). The problem is out of control. same characteristics as viruses. They puters all the time.
However, they need to
know that the different
Governments try to legislate against the tide tend to be non-executing, plain text computers will all behave
in the same way.
but they have been unsuccessful so far. messages. Distinguishing between spam A school also has a differe
In many ways, spam is a bigger problem and ham is a fine art; it’s not as simple nt ratio of users
to computers. A busine
ss may have almost
than viruses. Most PCs that become infected as cutting out messages that are sent to equal numbers but a sch
ool will have far more
either have no virus protection or protection hundreds of users. users than computers.
that’s out of date. If you are infected, The more users an email system Bob Eadie manages the
excellent tools exist to remove viruses. If has, the bigger the problem becomes. To senior school’s fibre-
connected IT network.
He’s responsible for
you’re organised, you can let the virus threat see how an effective shield can be built running the students’ com
puters and a smaller
fall to the back of your mind. against spam we went to visit the type network of computers
used by teaching and
Spam is far more intrusive and the of organisation that suffers more than administrative staff.
amount of time users waste filtering spam most: a school.
THE SOLUTION
S
pam started to become a access to hundreds of adolescent administrator can choose to
serious problem for Bob boys generated higher than usual delete the message before it
Eadie last year. Up until that traffic to sites of a, shall we say, reaches the user or flag it as
time, his main concern regarding titillating nature. It’s possible, though, probable spam and pass it
email had been viruses. These were and if you give an email address to to the user for a final
effectively countered by server- this sort of site you can guarantee decision. One thing Eadie
based anti-virus scanning. large quantities of spam daily. particularly likes about the
The way pupils and teachers MDaemon spam filter is
used their computers meant that the THE SERVER that, like the server’s other
school may have been particularly Bedford School uses MDaemon as its features, its default settings
prone to spam attacks. Most office main email server. This handles are realistic. He found that
workers use the internet for email messaging for the students and for it was possible to install it
and checking on leisure-related most of the teaching staff. It was and leave it, with fine-
topics such as holidays. In contrast, fortunate that just as Eadie noticed tuning needed only at a
at schools the internet is used the need for a spam filter, Alt-N later stage.
heavily for research. All users cast (www.altn.com), the server’s
their nets far and wide to websites developer, produced one. Because he FINE TUNING
and newsgroups, registering details has a close working relationship with With MDaemon, each email gets a score that rates Early spam filters, including
extensively and making school email the program’s UK distributor, Zen its chances of being spam MDaemon’s, were
addresses easy to find. Eadie believes Software (www.zensoftware.co.uk), unintelligent beasts that
newsgroup users are hit particularly he became a beta tester. likely it is to be spam. The spam blocked messages based on where
hard. It took a long time for The server’s main spam filter filters don’t stick their necks out and they came from instead of what
adequate techniques to emerge to works in much the same way as its say that a message is definitely they said. Such blacklisting systems
protect email addresses. competitors do. It checks the content spam, just in case it isn’t. still exist within MDaemon, if you
Understandably, Eadie wouldn’t of every message and awards it a Depending on the score a want to use them, but its latest filter
be drawn on whether giving internet score. The higher the score, the more message is given, the server is far more intelligent.
274 REPRINTED FROM • COMPUTER SHOPPER • OCTOBER 2004 Send your queries to business@computershopper.co.uk
Business Solutions HELP
STOP THE SPOOFERS
This filter improves its
accuracy through a process
called Bayesian Learning,
also known as Bayesian
filtering. This is not based Sender Policy
on hard and fast rules Framework (SPF) is a
designed to find spam. new weapon in the
Instead, it uses statistics and fight against spam.
probabilities to assign a This anti-spoofing
likelihood that a message is technology is now
either spam or real. This incorporated in
may sound complicated but MDaemon.
operating it is simple. Spoofing is a
If a spam message slips process where a
through the filter, the user spammer writes a
drops it into a Missed Spam message that claims
folder. Once a stock of 200 to come from an
such messages has been MDaemon’s latest filter becomes more efficient at address or server
spotting spam over time through Bayesian Learning
collected, the program uses other than the one
its Bayesian wizardry to that in fact sent it.
work out why it didn’t recognise their messages on the server and This technique keeps
them correctly. For the learning leave them there. the spammer
Foil the spammers with Sender Policy Framework,
process to work well, users must MDaemon’s advanced features, anonymous and stops MDaemon’s new tool that combats spoofing
also feed the other side of the including its spam filtering, work us pushing red-hot
Bayesian brain, the side that best when users have IMAP fuse wire under his
improves its recognition of genuine mailboxes. This fitted right into fingernails while force-feeding him raw road kill.
messages. This side needs to be fed a Bedford School’s plans. Eadie had SPF compares a message’s source address against the IP addresses
steady stream of genuine emails always wanted, indeed needed, a that are authorised to send messages from that address. If they match
(ham messages). system that would let pupils and the message is treated as genuine; if not it’s treated as a spoofed
We were wondering if Eadie had teachers access their email message or spam. SPF competes against similar systems from Microsoft
found this side of the equation to regardless of which computer they (Sender-ID) and Yahoo! (DomainKeys).
cause any problems. Feeding genuine were using. This was not possible
messages to a spam engine is, after with a POP3 system because
all, counter-intuitive. In practice it messages would be downloaded and Server before reaching the outside It’s an add-on to the email server
wasn’t a problem, but not because stored on whichever computer read world. This curious arrangement Bedford School already uses. So why
he could depend on users to feed them. This meant he had to base the evolved because the school’s does Eadie still maintain the
both sides of the engine. On the school’s email system on IMAP. administration staff needed the kind Exchange Server? We were intrigued.
contrary, he decided early on that When MDaemon’s spam filter of collaborative features that are Eadie’s answer was simple:
feeding the learning engine was not came along with its commitment to available only when using Outlook “If it ain’t broke, don’t fix it.” The
a job for normal users. His concern IMAP folders for missed spam and and Exchange Server. school bases most of its email
was that people would fail to make genuine ham, the school was able to The Exchange Server has its around MDaemon because
a distinction between messages they integrate it without a hiccup. own spam filter, an add-on MDaemon was far cheaper than
didn’t want and spam. A message Organisations using POP3 will have program called iHateSpam from Exchange when it set up its own
isn’t spam just because a user a harder time. Sunbelt Software (www.sunbelt- mail server. Microsoft may not do it
doesn’t want to read it, and if that software.com). Impressive though now, but it used to calculate licences
user incorrectly fed an unwanted OUTLOOK AND IMAP MDaemon’s spam filter is, per mailbox instead of per computer.
message to the Missed Spam folder Outlook presents particular iHateSpam weeds out a few more A 1,500-mailbox licence would be
the learning process would be problems. Microsoft’s excellent messages. Eadie does not consider beyond the budget of most
corrupted. Personal Information Manager (PIM) this a problem with MDaemon government ministries, let alone a
Eadie decided the best policy may have great features for but believes it’s an indication that modestly sized school.
was to have the learning process administration, organisation and spam filtering is still an imprecise The school could, however,
exclusively handled by the school’s collaboration but its IMAP support is science. Just as the best protection afford a small Exchange licence so
IT staff and a couple of special users weak. You can certainly access IMAP against viruses comes from using the administrative staff could work
who’d been particularly badly folders through Outlook but it won’t multiple systems (such as one at together. This system is working well
blighted by spam. These users work seamlessly with them. It’s hard the server and one on each and, although Eadie has run some
received more than enough spam to avoid Outlook saving files to, or workstation), he believes spam tests with Groupware, he knows
and ham between them to feed the trying to read them from, your hard filtering improves when two ‘minds’ there would be disruption if he went
engine and make significant disk rather than the IMAP server. are applied to it. live with it. Groupware version 2 is
improvements in accuracy. Outlook is a far worse IMAP client said to be a significant improvement
than Outlook Express, the free email GROUPWARE and much closer to emulating
FOLDERS reader that comes with all versions We said that certain collaborative Exchange. When it comes out later
Most people use a Post Office of Windows. If you use Outlook, be features are available only when you this year, Eadie says he will give it a
Protocol 3 (POP3) system to handle warned that you’ll need extra time use Outlook with Exchange Server, thorough test. CS
their email because it has been for configuration. but this is not entirely accurate.
established longer than the main MDaemon’s spam filter There are third-party programs
alternative, Internet Messaging
Access Protocol (IMAP). The most
operates an unusual dual role. Not
only does it protect MDaemon users,
available to mimic the collaborative
features of Exchange Server so that
CONTACT
STEVE BAXTER
noticeable difference between the it’s also the first line of defence for you can, for example, share calendars Email Steve Baxter for IT
two systems is that if you use POP3 the school’s Exchange Server and contacts or pass tasks from one solutions to your own
you collect your messages from the installation. Any email sent and user to another. business problem or objective
server and store them on your received through Exchange Server The best known of these utilities
business@computershopper.co.uk
workstation. IMAP users can view has to go through the MDaemon is called Groupware for MDaemon.
Send your queries to business@computershopper.co.uk REPRINTED FROM • COMPUTER SHOPPER • OCTOBER 2004 275