Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

Making Quarantines Even Smarter

Some advanced features can make your quarantine system even smarter, and therefore more useful. Two of these capabilities are whitelisting, and spam reporting.

Whitelisting is used in cases where a user can't risk having anything trapped from a particular site or sender. There's also blacklisting, of course, to effectively ensure that the user never receives any mail from particular senders, but that tends to be a rarely-used option when you've got a quarantine system to catch everything anyway.

Whitelists can be abused, of course, because they rely on the sender's E-mail address—or rather, the address the sender claims. Since a sender's address can easily be forged, he could claim to be anyone on your whitelist, and if he does so, his mail will bypass all of your filters. For this reason, it's not usually a good idea to just copy over someone's entire address book to their whitelist. Instead, have your users use the whitelist sparingly to handle the exceptions—the handful of senders (like the friend who enjoys sending dirty jokes) who have a habit of sending E-mail that gets misdiagnosed as spam.

Some quarantine systems add addresses to a whitelist automatically when the user rescues legitimate messages from that address out of the quarantine. Others will even look at the proportion of spam and ham the user has received from a given sender in the past, and reduce the message's score accordingly, if the sender has a good track record. That way, even if your co-worker sends you the occasional dirty joke it won't set off any alarms, as long as most of the mail he's sent you has been ham.

Far more useful, as far as the greater E-mail community is concerned, is the spam reporting feature appearing in a number of smarter quarantine systems. Remember those collaborative spam-reporting networks? You can become a part of them by running special clients on your mail server to submit your own spam findings. Without this kind of participation, collaborative networks would be useless, so if you use these tools you owe it to the community to give something back.

Fortunately, reporting spam is not as difficult as it may sound. Reporting to Vipul's Razor, the Distributed Checksum Clearinghouse, or Pyzor just involves setting up some scripts to automate the client's reporting process when your users confirm their quarantined spam. More advanced quarantine systems do this for you automatically.

There are other reporting options as well, such as SpamCop, which lets you manually file a spam report if your quarantine management software doesn't do this for you. The Federal Trade Commission also has an E-mail address (uce@ftc.gov) you can use to submit "unsolicited commercial E-mail" for their staff to analyze. If you choose any of these reporting routes, be sure to save the original spam with its headers intact, and forward it as an attachment, so that the evidence is not ruined in the process.

  • + Share This
  • 🔖 Save To Your Account