The problem: TLS encrypted mail requires more processing power & storage space than non-TLS traffic.

The result: a greater degree of strain on your mail server.

Why spammers are doing it: It’s another way to evade law enforcement, TLS makes interception and subsequent infiltration of a botnet more difficult.

How to protect yourself:

1.     Make sure your anti-spam system is not configured to automatically accept TLS encrypted messages (although most don’t, some have in the past)

2.     Make sure you have a system in place to offload unnecessary mail traffic from your mail server (e.g. an email protection appliance that sits in front of your mail server or a hosted email protection solutions that processes the bulk of messages in the cloud).

IT people are (by and large) a cautious group, and for good reason. Even the slightest change or hiccup and the wrath of the entire executive team and user community will come down on them. While completely unfair this is the world we live in.

Unfortunately this has created an environment where IT people have simply become (for lack of a better word) afraid to take chances, choosing instead to continue with the tried and true.

Think about it - when was the last time your IT group really went out on a limb with a new solution that they just knew would help the company despite the fact it was “new” or “different”.

Go ahead, we'll give you a minute to think about it.

....

Not for quite some time - if ever, right? This is dangerous, and problematic. This crisis means “tried and true” rules the day - despite the game-changing (yet different) technology solutions now available.

In the world of IT different = risk + challenge =  bad. But in the world of reality, this is simply not true. "New" doesn't have to be a loaded term, it can just mean new. "New" can actually be a good thing (gasp) - and can breath new life into a department that is already stressed to its limits.

If there are 2 things IT has never had enough of its time and money.  Taking intelligent risks on new technologies can mean more of both of those things - time back for your team and money back into your budget.  

The 800 pound gorilla here is the content filter. Its a technology based on keeping the bad guys out and was created during a time when there were fewer bad guys than good - so we can follow the train of logic.  But today the bad far outweighs the good and the conversation needs to be reversed. 

All of our lives (IT personnel included) would be far easier if we focused on the good: let just the good people in and don't worry about the bad.

Why have to deal with 17 layers of protections and which one falsely identified the message as spam this time? Why not let users decide for themselves who to allow in (or not allow) and free up some valuable IT time for other, more important things?

Oh, that’s right, this is new and new is bad. And don’t forget, our users couldn’t possibly handle something like this (despite the fact they are already comfortable with places like FaceBook and LinkedIn which do the same thing). Come on – take a chance! Break the shackles of fear and complacency – there’s a brave new world of technology ready to make a difference for you and your users if you’re ready to give it a try. And what better place to start than here with anti-spam, and what better time to start than now?

If ever there was a single image that shined a spotlight on the arms race that has been escalating over the past decade between spammers and the entities seeking to disarm them, it is Fast Company’s Infographic of the day, courtesy of New Scientist.  A copy of the full image can be found here. 

It chronicles the rise and fall of overall spam levels since 2004 – the rise of botnets in ’06, the fall of McColo in ’08, a new spoofing technique unleashed earlier in the year and several others.

But more interesting than the spam levels themselves is the breakdown of emails to responses in one particular “spam campaign.” The campaign was comprised of pharmaceutical spam sent out over a one month period in 2008 by just 1.5 percent of one botnet called “Storm.” The numbers go something like this:

-       35 million emails sent

-       8.2 million arrived at valid email servers/recipients

-       10,500 recipients clicked the link in the message

-       28 bought products

From a marketing perspective, these numbers are terrible and translate to a conversion rate of 0.000008%.

But when you extrapolate over the whole network of Storm botnets, the numbers tell a different story – and generated around $3.5 million in “sales” for the year.

Given the low cost of spamming, this is nearly all profit. If $3.5 million is not incentive to keep doing something, we’re not quite sure what is.

Which puts the rest of the numbers into perspective – spammers are highly incentivized to continue to find ways around content filters, blacklists and “isp shut-downs” – and as the numbers show, they will.

Increasingly, there is a real need here for change.  Spammers are not going away, yet we continue to do battle against them using the same old, tired techniques. It might just be time to take a new mainstream approach here.

Dan Balsam doesn’t like spam.  In fact, he hates it. Enough so that he went to law school, left a career in marketing and now spends much of his time filing law suits against spammers.

And earlier today he was awarded $7k in a rare court ruling against a spamming organization ($1,000 for every offending email + legal fees).

The unsolicited email Balsam received was from 2007. The spammer (Trancos, Inc.) is now expected to appeal the decision.

When all is said and done here, this begs the question: was it worth it?

Let’s do the math:

3 years + Team of Attorneys = $7k – Imminent Appeal + More Legal Fees = No Real Change?

Dan’s website danhatesspam.com warns that “spam is threatening the legitimacy of email as a means for communication” – but we have the feeling that “spam” has already killed the legitimacy of email for Balsam.

His site boasts a no spam policy that warns of $25,000 fees upon his reading of any piece of unsolicited commercial email as well as nine other bullet points littered with legal speak.

The problem here: the real spammers will ignore this.  You might scare off a few friends but the real spammers won’t ever even see it, and will never give Dan a chance to reference it in court either.  

The most dangerous email spam is from sources that will never show-up to a court date – from sources that are not traceable, trackable or suable.

But what he will get: a few thousand dollars out of sloppy – but mostly legitimate – email marketing companies like Trancos (an Inc. magazine fastest growing private company of ’07).

What he won’t get: an end to spam.

Frustrated email consumers like Dan have a right to a spam free inbox, but it shouldn’t have to involve an entirely new career path and a new set of life goals.  Taking back control shouldn’t be this hard.

We don’t need an entire court system to tell us who can and cannot send us an email, we should decide for ourselves.

Remember that mention below of the “bad apple” email users – those email users that take undo risk when receiving, opening and responding to email from unknown sources? Well, here we have one such example.

419 Scams have been on the rise since early February, and today it was announced that a young woman from Frankfort South Africa fell for a well known variation of the scam and lost more than $178,000 US Dollars (1.2 Million South African Rands) to a group promising 1 million British pounds of prize money she had won.

After paying thousands of Rands into an anonymous bank account and paying various individuals for their assistance “helping” her claim her prize money, the woman had still not received any payout and reported the incident to police.

The dangers lurking in email inboxes – when they go unchecked - are incredible.  If you do not have an email protection solution in place that blocks email from illegitimate and/or unknown senders, make sure you and your email users are not opening email from sources you don’t recognize. 

419 scams are not going away, but are easily avoidable. For more information on 419 scams, click here.