Mail server should pay attention to anti-spam

If you are a small and medium sized publishing company, a real estate economics company or a law firm's mail administrator, you are likely to have more spam than the email administrator in other industries. Now, no matter where you work, your mail server is likely to be attacked, and you may be unaware of it.

The above conclusions come from a detailed annual e-mail threat report from the Management service provider, Postini, released today. Postini handles 400 million SMTP and e-mail messages per day. "This is the most in-depth survey we've had so far," said Chris Smith, senior head of global product marketing at Postini. ”

Most of the company analysts ' conclusions from last year's digital analysis are not news for the industry. Despite the introduction of a new bill such as can-spam, spam accounts for 75% to 80% of corporate mail. Phishing is increasingly worrisome, with corporate financial data stolen every year costing 1 billion of billions of dollars. Millions of PCs infected with spam worms, such as Netsky and Bagle, are now the mail-forwarding accomplice to sending spammers.

By summing up, it can be found from this report that more and more companies are struggling with growing and more sophisticated cyber fraud and server attacks, which consume a great deal of human and material resources. Smith believes the report is designed to allow more companies around the world to take these statistics as a wake-up call and create better e-mail (security) mechanisms.

Some surprising discoveries can be drawn from the reports that some companies need to do more than others:

The size is different: The average employee receives 35 spam messages per day per person in smaller businesses below 100, while businesses with more than 10000 employees receive only 3 similar messages per day. The reason for this may be that large businesses generally use security tools to filter out spam. Another analysis speculates that spammers deliberately choose smaller businesses because they think small businesses are more vulnerable.

"I don't think spammers are that crafty, but we have to take into account the existence of both possibilities," Simth said. Small businesses, because they do not have some resources from large enterprises, are suffering from more junk mail. “

Don't expose yourself: the impact of spam on different industries shows a greater difference. Businesses that rely largely on electronic means of communication are clearly the main targets of spam, especially in the publishing industry, which ranks top of the list with 25 spam messages per person each day. These findings are not surprising. Like journalists, lawyers and consultants often put their e-mail addresses online when they practise their business.

So what should you do to reduce the spam entrance? The electronics industry, the food and beverage industry, or the pharmaceutical industry, which is doing the best, receives a spam message per day. Finance and banking, surprisingly, have done a good job of blocking spam.

e-mail addresses were stolen without being found, and the number of thefts was underestimated: over the past few years, Postini has been working to raise awareness about account-gathering attacks (Directory Harvest attack). The account-gathering attack launched a daily attack of up to 150 attacks on companies in the Postini system last year. 250 lookups per attack. Such an enterprise has to deal with an astonishing 40,000 lookups a day--and that's just a lookup from an attack, not a legitimate request.

In an account-gathering attack, spammers use a brute force attack on the mail server (brute force) to collect a detailed and valid mailing address for usage or sale. The mail server was flooded with too much probing, and a large number of unsent reports generated by the attack caused the mail server to refuse service. Lotus Domino and Microsoft Exchange are most vulnerable to these "NDR storms" because their servers accept all information by default within their domain.

"Account-gathering attacks are spreading at alarming rates and may be the most underrated threat of the 2004," Smith said. "He likened the ever-increasing attacks on mail servers to constant bites of mosquitoes. "Being bitten by a mosquito is not a fatal threat, but being bitten by a mosquito at 40000 is dangerous," he said. ”

Most mail administrators do not associate a large number of unsent reports with attacks, nor do they notice that rushing requests can slow down the server's response. "This is because of the mosquito bites, American companies are suffering from account-gathering attacks." They have created a worldwide corporate messaging administrator to spend more money on infrastructure than needed. This is a disaster in the email world. ”

"If you use e-mail often, it's a very painful thing to do," Smith concludes. The situation would be better by having a limited public mailing address. However, spammers are becoming more and more savvy about getting their email addresses. From what we have mastered, their means are very effective. This is a rather worrying trend. ”