Top steps during the implementation of a project related to Anti Spam Security

  • Incorporation of spam detectors to block malicious/ fraudulent e-mails
  • Installation of filters for automatic detection/ deletion of malicious software
  • Deployment of software for blocking outgoing delivery of sensitive information to malicious parties
  • Implementation of standard anti-virus, filtering, and anti-spam software solutions
  • Formulation of corporate policies for e-mail content
  • Providing a way for customers to validate e-mails
  • Implementing strong authentication at Web sites
  • Regular monitoring of Internet for potential phishing Web sites

(Read more:  Action List Before Adopting a Cloud Technology)

Top implementation mistakes or learning while implementing projects related to the domain

  • Usage of just one email account
  • Keeping spammed-out accounts for a very long time
  • Not closing the browser after logging out
  • Forgetting to delete browser cache, history, and passwords
  • Using insecure email accounts to send and receive sensitive corporate information
  • Forgetting the telephone option
  • Not using the Blind Carbon Copy (BCC) option
  • Being trigger happy with the "Reply All" button
  • Spamming as a result of forwarding email
  • Failing to back up emails
  • Mobile access: Presuming a backup exists
  • Thinking that an erased email is gone forever
  •  Believing that an individual has won the lottery … and other scam titles
  •  Not recognizing phishing attacks in email content.
  • Sending personal and financial information via email.
  • Unsubscribing to newsletters you never subscribed to
  • Trusting a friend's email
  • Deleting spam instead of blacklisting it
  • Disabling the email spam filter
  • Failing to scan all email attachments
  • Sharing your account information with others
  • Using simple and easy-to-guess passwords
  • Failing to encrypt your important emails.
  • Not encrypting your wireless connection
  • Failing to use digital signatures

(Read more:  CISO Guide for Denial-of-Service (DoS) Security)

Top challenges faced during such implementation

  • Which identity should be used and how does it relate to spamming behaviors? An author can create bad content, but the identity from the field of that content might not be the actual author, even if that field is validated. The message might have originated on a compromised machine and used the identity associated with it, unless known to the owner of the machine. Also the operator of the mail-sending network might have nothing to do with creating content, but it might be reasonable to hold the operator accountable for aggregate traffic problems.
  • How is the identity validated (authenticated)? What entity iBls doing the validation? How does it relate to the identity being validated? And why is it trusted? Can the validation mechanism, itself, be tricked?
  • How is an identity being determined to be a spammer or non-spammer? What entity is vouching for the quality of that identity and why is the vouching entity trusted?

(Watch more : An approach to present IT Risk as Business Risk )

Top parameters based on which the success of a project should be measured

  • Content based filtering
  • Body-based filtering
  • Origin-based filtering
  • Blocking

- By Murali Menon, Chief Security Officer, Atos India Pvt Ltd.

More:  Want to share your insights? Click here to write an article at CISO Platform

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)