Have any of your teachers recently complained that they're not receiving enough e-mail? Probably not. According to some estimates, spam now accounts for at least 75 percent of all e-mail sent through Internet service providers, a number that's projected to grow exponentially in the next decade. Despite legislative efforts to impose harsher penalties on spammers, their ability to send e-mail from countries without spam laws or from individual computers they've hijacked makes spam an extremely difficult problem to contain.
For schools, spam is not only an annoyance and a time waster; it clogs district mail servers, consumes valuable network bandwidth, and can deliver and propagate a variety of malware programs that can wreak havoc on your system. A district strategy to "can the spam," therefore, must be multifaceted and address security vulnerabilities at different levels. This article will focus on server-level solutions that can filter spam from district e-mail accounts and prevent it from being viewed by users, or at the very least, strip e-mail of potentially damaging attachments. Additionally, I'll offer some suggestions for user education, a critical but often overlooked aspect of spam prevention.
Server-Based Approaches
A variety of applications can identify and block or sanitize e-mail messages at the server level before they reach user inboxes. In fact, many of the software solutions used to combat spam work hand in hand with or are integrated into antivirus programs because viruses, worms, and trojans are often used as tools to spread spam.
Districts that purchase an integrated antispam/antivirus package will enjoy the benefits of software compatibility and support. However, using only one vendor can leave districts open to server-level problems. The solution is to diversify the software used to filter e-mail and other inbound packets from the Internet. In addition to boosting security, this approach increases the likelihood that new threats will be identified and filtered. On the downside, using multiple virus/spam scanner software programs slows server performance. But generally, it's better to trade some server performance for a greater level of protection.
One of the most popular server-level antivirus scanning products is Sybari's Antigen. Antigen works with districts that use Microsoft Exchange Server, protecting users accessing mail through e-mail client software and Web mail interfaces. Working in concert with Antigen is Sybari's Advanced Spam Manager which scans all inbound and outbound messages for spam and inappropriate content. (For more commercial applications, see the "Toolbox".)
If your district runs Apache Web servers and wants to take advantage of open source applications, check out the SpamAssassin project. Open source solutions like SpamAssassin have an attractive price tag (they're free), but they do not provide the personalized, immediate phone and e-mail support that most commercial companies do. If district IT staff can keep open source solutions up to date and patched, however, they can save a tremendous amount of money and, more important, effectively curb spam. In fact, many IT professionals believe the protection provided by open source solutions is comparable to or better than that of commercial software products.
The Awareness Factor
One of the best practices when it comes to both spam and virus prevention among school district employees is devising methods to convince users (mainly teachers) that they will look dumb if they download and open unsafe files or e-mail attachments. No one wants to look stupid in front of his or her peers or to be the source of a virus that swept across the district's network and disabled teacher and student computers. By creating short informational videos, having teachers put on skits at faculty meetings, or just talking about security issues and recommended practices, school district administrators can greatly aid computer security efforts.
If you're looking for specific training materials, try the U. S. Computer Emergency Readiness Team's "Reducing Spam," which provides eight suggestions for users wanting to reduce the amount of spam they receive. They include:
- Don't give out your e-mail address arbitrarily
- Check privacy policies
- Be aware of options selected by default
- Use filters
- Don't follow links in spam messages
- Disable the automatic downloading of graphics in HTML mail
- Consider opening an additional e-mail account
- Don't spam other people
Although these steps may seem intuitive, some of these suggestions will strike many users as completely novel. Amid efforts to purchase high-tech antispam and antivirus server software solutions, district IT staff should not overlook Microsoft's Tenth Immutable Law of Security: technology is not a panacea. User decisions, both good and bad, can have the most significant impact on network security issues inside and outside the boundaries of the traditional school day.
Wesley A. Fryer is director of instructional support services at the College of Education at Texas Tech University.
Toolbox
The following applications provide antispam capabilities.
- Aladdin e-Safe
- ASSP
- Barracuda Spam Firewall
- Barrier1 Customized Security Solutions
- Computer Associates e-Trust Secure Content Manager
- Content Watch Email Protect
- F-Secure
- Kaspersky Anti-Spam Enterprise Edition
- Kerio MailServer
- Lightspeed Systems Total Traffic Control
- McAfee Spam Killers
- Nod32 for MS Exchange
- Norman Corporate Edition
- Panda GateDefender
- CanIt
- Sophos PureMessage for Windows/Exchange
- SpamAssassin
- Sybari Advanced Spam Manager; Antigen
- Symantec Hosted Mail Security
