Tuesday, May 31, 2005

Did I miss anything over Memorial Day?

Memorial Day has passed in the USA and warm days have arrived. In Michigan, where this author resides, it seems to have been a colder, drier spring than usual.

Since it was a long holiday weekend, I scanned my quarantine folder to see what I had missed.

"200 FREE CHANCES -- $260 MILLION JACKPOT"
I've missed my chance at easy money.

"ATTENTION! YOUR ACCOUNT HAS BEEN VIOLATED"
I've missed the opportunity to send credit card info to strangers.

"I CAN CALL YOU FROM CHILE"
I've missed the opportunity to have women call me (and bill me) from foreign lands.

I've missed "POWERCRYSTALS", "PENIS PILLS", "FUN GIRLS" "MICROCAP STOCKS" and the ever popular, though desperate sounding "THIS IS NOT A JOKE..."

But in my inbox were... "messages from friends", "email from business partners" and several "newsletters" I receive weekly.

I don't think I missed anything. Email filtering works.

AAS

posted by CMS Blog Master @ 10:49 AM 0 comments  

Monday, May 23, 2005

The 1/3 Rule of Life (and Spam)

Initially, OT but quickly veering back to spam talk. For the sake of discussion, I've chosen 1/3 for convenience. Higher, lower or anywhere else the truth is the same.

Say Mr. Greenspan and his Fed pals raise rates. 1/3 of the people panic, “OH MY GOD, INFLATION”, 1/3 are happy and 1/3 will not care.

Now say Mr. Greenspan and the Fed lower rates, 1/3 of the people panic “OH MY GOD, A SLOWING ECONOMY”, 1/3 are happy and 1/3 will not care.

Time for the obvious: You can’t make everyone happy.

Now on to spam filtering observations.

As mentioned often here, my company, CMS, has an email filter product, Praetor. One of its settings controls “spamicity”, as used by Bayesian filtering. The default value is “0.60” (scale from 0.0 to 1.00). Easily changed by an admin, an improper setting can invoke my “1/3” rule.

Set spamicity too high and unwanted mail in user inboxes increases and false positives decrease. 1/3 of the people panic, “OH MY GOD. I’M DROWNING IN SPAM”, 1/3 are happy and 1/3 will not care.

Set spamicity too low and unwanted mail in user inboxes decreases but false positives could increase. 1/3 of the people panic, “OH MY GOD. A QUARANTINED MESSAGE”, 1/3 are happy and 1/3 will not care.

(Note: Praetor’s Personal Log Viewer, easily empowers an individual to scan their quarantined messages and handle them accordingly.)

The moral: Periodically monitor your corporate email and adjust email filter settings.

Only an administrator, with knowledge of a company's internal policies and operations, can really determine this while "farming-out" these decisions could lead to problems. Admins must be in complete control. These email filter decisions do directly affect their business.

Incidently, a truism of my life is "leave as many things as possible at their default". Boy, does this reduce frustration and leave time for the really important things. (Hint, hint: Praetor at spamicity 0.60 should be just fine.)

AAS

posted by CMS Blog Master @ 11:04 AM 1 comments  

Thursday, May 19, 2005

Tigers Reach .500

Way OT from spam or content security but... The Detroit Tigers have reached .500 baseball.

A point of mediocrity for most teams, this is a Tiger milestone. From avoiding the title "worst team in the modern era" by one game in 2003 to .500 now is, for Tiger fans, a victory.

OK, baseball diversion is over. Now back to spam filters and email content security.

AAS

posted by CMS Blog Master @ 1:00 PM 0 comments  

Monday, May 16, 2005

The Gray Area of 'Private' Email

I saved an article on efforts in Australia to prevent employers from covertly monitoring employees 'private' email.

Compare this to the USA and the case of "Smyth v. Pillsbury Co." where the court stated "... the company's interest in preventing inappropriate and unprofessional comments or even illegal activity over its e-mail system outweighs any privacy interest the employee may have in those comments".

If enacted in Australia, how does an employer, concerned about proprietary data or trade secret loss (either accidentally or through malicious intent) legally filter email originating from their corporate computers? The Australian law says the employer must "Obtain a court order permitting surveillance" (lawyers get richer?).

Let’s see how that court order and delays it causes could work:

  1. You suspect trade secrets are being illegally transmitted using corporate email.

  2. Oops, the new products specs are sent outside the company via email.

  3. You contact counsel to start the process to obtain email scanning permission

  4. Oops, marketing strategies, more privileged data, slips away via email.

  5. Your counsel contacts a judge to present your case.

  6. Oops, internal memos on your business partners are sent out via email.

  7. You obtain permission to scan an employee’s corporate email.

  8. Oops, new product patent applications are sent illegally via email.

  9. You contact your IT guys to set up the email scan.

  10. Surprise, your business secrets are now out of the bag and floating around the Net.

Looks like a big hole has been created in corporate security.

Besides, how does a content security filter distinguish between a personal letter to my wife and my correspondence with clients? What about email arriving in an employee’s inbox? Can an employer scan personal correspondence that does not pertain to corporate business? This is ‘private’ email too. How does an email filter know?

Big gray area here: The "corporate rights" of a business owner vs. the "privacy rights" of an employee. So what are the corporate options?

  • Ban 'private' email, inbound and outbound. Draconian, unpopular and impossible to enforce (without scanning, but that's illegal under the proposed Austalian law).

  • Create detailed corporate email usage guide-lines. A good solution but enforcable only through scanning (That keeps popping up doesn't it?) or the honor system.

  • Rely on common sense (Yeah, in a perfect world... maybe).

So what will happen?

As we now hear "This call is being monitored..." in our business telephone calls, perhaps we now add "This email is being scanned..." to our correspondence.

AAS


posted by CMS Blog Master @ 10:57 AM 0 comments  

Monday, May 09, 2005

Reply To My Email To Prove You're Real


Can we all agree that spam email is devouring bandwidth? I thought we could. Some statistics show that up to 75% of all email is spam.

With this fact, I wanted to comment on these paragraphs taken from a letter a CMS employee received last week from a current CMS customer.
In a bid to stop spam, our organization blocks all messages from unknown email addresses. If you are contacting our company for the first time, please resend your message with the code "abro" (spanish for "I open") in the subject line. Your message will be delivered and your email address will automatically be added to a list of accepted email addresses.

We apologize for any inconvenience caused and appreciate your co-operation.

Simple math time.

If a single spammer sends out 1,000,000 letters a day (THINK BANDWIDTH) this "challenge" software would generate 1,000,000 response replies (THINK BANDWIDTH).

Multiply this single spammer by say 1,000 spammers. The 1,000,000 messages becomes 1,000,000,000 and generates 1,000,000,000 replies (THINK BANDWIDTH).

And even worse, the original spam email messages probably have faked sender addresses, so these 1 BILLION challenge messages have no valid recipient (THINK MASSIVELY WASTED BANDWIDTH).

Conclusion?

While challenge/response mail filters may reduce the volume of spam reaching your inbox, it almost doubles the amount email floating through the Internet... doubling bandwidth required, slowing delivery of important mail, forcing ISPs to up their bandwidth capabilites and possibly their fees. Incidently, upping the fees directly hits your corporate bottom line.

Sound like a perfect example of the Law of Unintended Consequences.

AAS

posted by CMS Blog Master @ 1:44 PM 3 comments  

Thursday, May 05, 2005

Praetor v2.1 Press Release

CMS NEWS ALERT

Read the PRESS RELEASE for Praetor v2.1

Faster Bayesian Filtering
Improved Administration
Adapted to Changing Spammer Tactics

AAS

posted by CMS Blog Master @ 3:03 PM 2 comments  

Monday, May 02, 2005

The Ancient Secret of Life (or Not)

Monday morning and serious 'writer's block'. Then browsing my quarantine folder I spotted this subject line, "The Ancient Secret of Life".

How can you pass that up? After all, didn't the ancients know much more than us? It's all over the Internet... space ship landing areas on Peruvian hill sides, mysterious Egyptian civilizations predating the Sphinx, lost cities under the North Pole.

So here is the ancient marvel cut straight from my quarantine folder:

"Kills ALL known deadly Viruses & Bacteria in the body that keep diseases, namely: Influenza, SARS, Cancer, HIV etc. etc. active".

Do doctors know about this? I sense a larger cover up? A world-wide conspiracy hiding a spectacular cure from 10 millennium ago. Sounds almost like the plot of a ‘B’ Movie

How gullible must a person be for spam like this to be a profitable endeavor for the message originator? There must be money to be made, otherwise the message would never have been sent.

At least after so many years I can still find some spam amusing. The good news is that it never made it to my inbox, It was trapped by my company's Praetor email filter and dropped into the quarantine folder (for my amusement).

Now if I can just determine who will play me in the movie?

AAS

posted by CMS Blog Master @ 10:33 AM 0 comments