 |
|
Corporate e-mail spam rules
Oracle Tips by Burleson Consulting |
All companies have a
responsibility to catch spam before it gets to their employees, yet managers
walk a tightrope between losing important messages (false positives for the spam
filter) and being inundated with offers enlarging your naughty bits. There
are many productivity benefits to corporate-wide spam filtering, where your do
the filtering once, instead of having your employees filter-out their spam
each day:
- Reduced network traffic
- Legal responsibility (i.e.
exposing employees to profanity)
- Reduced malicious
attachments (virus, spyware)
- Reduce employee time
manually filtering-out spam
Let's take a closer look at
corporate spam filtering rules and see how they are implemented to supplement
PC-side spam tools such as Norton.
Corporate Spam filtering rules
There are some generic email spam rules that will remove half of your spam
e-mails. These filters may include obvious spam characteristics:
- No executable attachments (.exe, etc.)
- No blank subject, to, or from lines
- No non-English characters (no Kanji, Cyrillic, etc)
- No non-matching FROM lines (the TO lines does not match the employee
name) This one has the false positive problem, as employees may create
"pet names" for certain co-workers (e.g. Pookie)
Of course, you may find other general spam filtering rules, but each needs to
be carefully tested to avoid false positives and the loss of important e-mail
correspondence. Next, lets examine corporate profanity and spam keyword
filtering.
Corporate profanity filtering
Just pushing-in a nasty word filter may not work. It may not be safe to eliminate all messages with profanity, especially if you
have senior management with salty language. Also, some of the profanity filters
can be too sensitive, where even a mildly profane word (e.g. asshat, pillock,
douchebag)
may cause false positives, losing important email correspondence (this is
especially true if you are unfortunate enough to have douchebags or asshats on
your staff).
When I tried the a fill corporate profanity filter, I lost important e-mails
from Sweetwater Inc. because the word sweeTWATer contains
the word TWAT inside it!
Be careful for false positive traps in global profanity filters!
Global Filtering SPAM Words
It's nice to have a global corporate e-mail filter for generic spam words,
but it's important to have a filter that allows you to remove and add words to
the global e-mail filter.
You also have to be careful about filtering-out spam words that may be used
in legitimate e-mail messages. For example, you may ban "Viaraga", but
later you may get Pfizer Corporation as a client, and you want to receive e-mail
about Viagara. The same is true if your have clients in the penis
enlargement industry.
Easy "this is spam" rule processing
A good corporate e-mail filtering tool should have the ability for individual
users to "mark" a message as spam, and then feed the spam into a rules database.
The rules processing engine would examine all of the spam message in the
database and derive a rule-set that focused-in in on the particular combinations
of keywords that positively identify the message as spam.
In sum, global corporate spam filters can be a huge challenge and you must be
especially careful not to set your spam filters too high, and risk loosing an
important e-mail from your clients.
