SlideShare ist ein Scribd-Unternehmen logo

SpamTitan anti spam Essentials Guide

TitanHQ
TitanHQ

Working on your network or email security? Need some help getting started? This is a list of the essential things you need to do ( regardless of your email server or spam filter) to help reduce spam and related malware attacks on your network.

Technologie
1 von 14
Downloaden Sie, um offline zu lesen
SPAM FILTERING ESSENTIALS CHECKLIST STOP SPAM. SAVE TIME.
No matter which email server or spam filter you are using, the following should be helpful in reducing spam and related malware attacks on your network. 2 www.spamtitan.com info@spamtitan.com Use an RBL Set your server to require correct SMTP handshake protocols Use Recipient Verification (RV) to reject email to non-existent addresses Block dangerous attachment types Scan for viruses Make sure that any URLs in the email body are safe Use a regularly updated spam pattern library Use Bayesian filtering Set the appropriate spam score for your organisation Enable end user spam feedback Train your end users to prevent infections 1 2 3 4 5 6 7 8 9 10 11
Use an RBL 3  RBL Your first line of defence, whether or not you have a spam filter, is to use a Realtime Block List (RBL) provider to reject any email from known spam servers. This alone will reduce spam email by 70-90%, depending on your industry. This will reduce the load on your email server or spam filter, as well as your network, as the email is rejected before it is downloaded. This could save you significant bandwidth. We recommend using zen.spamhaus.org as it is the most up to date, with best spam blocking and lowest false positive rate. Setting up your email server or spam filter to use an RBL should only take you a few minutes. 70%-90% SPAM EMAILS www.spamtitan.com info@spamtitan.com
Set your server to require correct SMTP handshake protocols 4 Emails Is email using correct SMPT? Email accepted Email rejected Yes No If you make sure that only email using correct SMTP is accepted, you’ll block most spambots. Ensure that you require HELO (EHLO) with a Fully Qualified Domain Name and preferably a resolvable hostname too. As with using an RBL, this check is done prior to accepting the email, so it will reduce load on your spam filter, email server, and network. This will only take a few minutes to configure in your email server or spam filter. Note: Individual organisations may occasionally need to whitelist suppliers or customer with incorrectly configured email servers to allow their email to be accepted. This will work to significantly reduce spam for individual organisations, but may not be appropriate for IPS’s and MSP’s. www.spamtitan.com info@spamtitan.com
Use Recipient Verification (RV) to reject email to non-existent addresses 5 Spammers often send email to a range of possible email addresses such as admin@, info@, and may also use a dictionary of names to get email into individuals email inboxes. Reject email that is not addressed to genuine email addresses, by either uploading your valid email addresses as a .csv to your mail server or spam filter, or using Microsoft Active Directory integration if possible. Again, as with using an RBL and SMTP handshakes above, RV prevents the email being downloaded, saving you bandwidth, and reducing load on your email server and network. This may take a little longer to implement if you need to get your valid list of email addresses, convert them into CSV format, and upload them to your email server or spam filter, but it will be worth the effort due to the amount of spam it will block. Note that all 3 of these solutions complement each other, and can be implemented on most email servers, even without having a spam filter. If you are not using these, you are wasting your bandwidth, opening your network to unnecessary risk, and causing yourself a lot of wasted time and effort dealing with the effects of spam - such as the Cryptolocker virus for example. Make half an hour this week to implement these 3 and you will probably save yourself weeks of work over the next year. The rest of the steps here are only relevant if you have a spam filter (commercial or open source, on site or in the cloud). www.spamtitan.com info@spamtitan.com
Block dangerous attachment types 6 Block by MIME type Block by file extension   Very few organisations ever need to have .exe files delivered via email. Block them, and in the few cases where they are required, create an alternative method of delivery that ensures safety with the minimum of bureaucracy. Make sure that you are blocking by MIME type, not file extension, as very few spammers will use the actual exe file extension, but will disguise the payload file as a .pdf, image, spreadsheet or doc. www.spamtitan.com info@spamtitan.com
Scan for viruses 7 If you don’t have a spam filter, you need to have very good end point anti-virus protection in place. If you do have a spam filter, make sure you are using the anti- virus scanning, and that the AV engine and signatures are up to date. Most spam filters will allow you to automate and set the update frequency. My personal opinion is that if you have AV in your spam filter; use a different AV for endpoint protection, to get the benefit of redundancy. No matter how small the benefit of having different engines is, it still beats having all your eggs in one basket. You need to have endpoint AV, and the market for spam filters and AV endpoint is diverse and competitive enough that you will not be paying a premium to use 2 suppliers. Of course, YMMV, so please feel free to share your opinion in the comments! www.spamtitan.com info@spamtitan.com
Make sure that any urls in the email body are safe 8 Use URIBL and SURBL to check that urls in the body of the email are not known malware or phishing websites. www.spamtitan.com info@spamtitan.com
Use a regularly updated spam pattern library 9 Most spam engines will have this built in, and usually not configurable. This is where a significant amount of spam is captured, based on a large database of recent and historical spam, provided by the spam fighting community. Spam Assassin is an excellent resource for accurate, up to date spam signatures. SPAM www.spamtitan.com info@spamtitan.com
Use Bayesian filtering 10 Most spam engines use a Baeyes engine (Baeyes was a statistician, and his methods are widely used for classification - in this case: spam vs ham) which is trained to recognise spam. Incoming email is scored based on the spam pattern library, bad attachments, bad links, and end user feedback (the “Spam” or “Junk” button in the email client). The Bayes engine then learns to recognise new spam, and also to forget old spam patterns that might now block legitimate emails. www.spamtitan.com info@spamtitan.com
Set the appropriate spam score for your organization 11 Most spam filters will give an incoming email a score, based on the content and attachments. It is up to you, the systems administrator, to decide the right spam score threshold for your organisation. This is something that takes a little trial and error to get right, but usually only needs to be done during the first week or two after deployment. Your spam filter providers should give you a trial period to validate that you can get this right for your organisation, and help you configure their spam filter to get the optimum block rate and minimum false positive rate possible with their product. Make use of your free trial period to ensure your get this working - it will be your head that rolls if you go ahead with purchasing a license because of bells and whistles rather than actual spam blocking performance - that every member of your organisation will measure every time they open their email inbox. You have been warned! 1 2 3 4 5 6 7 8 9 10 + SAFE CAUTION RISK SPAN SCORE www.spamtitan.com info@spamtitan.com
Enable end user spam feedback 12 Provide a way for your end users to improve your Bayes engine, by manually tagging any spam that gets through your filter as “Spam” or “Junk”, and also for correcting false positives. www.spamtitan.com info@spamtitan.com
Train your end users to prevent infections 13 A good email usage policy, that teaches and warns of the risks and consequences of spam, malware, viruses and phishing, gives your end users the knowledge they need to help catch the remaining few scams that get through. This alone could save your organisation from financial ruin - it is so important I almost made it #1 on the list, particularly because so many sys admins give this little attention. There is a lot of negative sentiment about “users” and how the sysadmin’s job is to protect them from themselves. Instead of giving up on them as a lost cause, equip them with the armour and ammunition they need to join you in protecting their data. Use the big bad Crytolocker virus as a scare tactic if needs be - but make sure that everyone knows the potential risks in clicking a link in an email, and to be suspicious of any email from the bank (or any other organisation critical to your business) asking for details they should already have (like usernames, passwords, account numbers, social security numbers, etc.). If you provide the tools and they are not used, you at least have a leg to stand on when the crud hits the fan. “I told you so” is not much use once the business is bankrupt, but at least your career will not end with the company if you did everything you could reasonably be expected to do to protect the network and prevent intruders entry. www.spamtitan.com info@spamtitan.com
Good luck in your continued fight to end cybercrime! 14 Interested in learning more Get our free guide on how to Prevent IP blacklisting. Download now Sign up for free trial at http://www.spamtitan.com SpamTitan, delivering powerful antispam protection to your business. www.spamtitan.com info@spamtitan.com

Empfohlen

TitanHQ WebTitan Web Filtering Presentation at Wifi Now London 2016 - DNS Fil...
TitanHQ WebTitan Web Filtering Presentation at Wifi Now London 2016 - DNS Fil...TitanHQ WebTitan Web Filtering Presentation at Wifi Now London 2016 - DNS Fil...
TitanHQ WebTitan Web Filtering Presentation at Wifi Now London 2016 - DNS Fil...Dryden Geary
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 

Empfohlen

TitanHQ WebTitan Web Filtering Presentation at Wifi Now London 2016 - DNS Fil...
TitanHQ WebTitan Web Filtering Presentation at Wifi Now London 2016 - DNS Fil...TitanHQ WebTitan Web Filtering Presentation at Wifi Now London 2016 - DNS Fil...
TitanHQ WebTitan Web Filtering Presentation at Wifi Now London 2016 - DNS Fil...Dryden Geary
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 

Weitere ähnliche Inhalte

Kürzlich hochgeladen

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Kürzlich hochgeladen (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Empfohlen

Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software
 

Empfohlen (20)

Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 

SpamTitan anti spam Essentials Guide

  • 2. No matter which email server or spam filter you are using, the following should be helpful in reducing spam and related malware attacks on your network. 2 www.spamtitan.com info@spamtitan.com Use an RBL Set your server to require correct SMTP handshake protocols Use Recipient Verification (RV) to reject email to non-existent addresses Block dangerous attachment types Scan for viruses Make sure that any URLs in the email body are safe Use a regularly updated spam pattern library Use Bayesian filtering Set the appropriate spam score for your organisation Enable end user spam feedback Train your end users to prevent infections 1 2 3 4 5 6 7 8 9 10 11
  • 3. Use an RBL 3  RBL Your first line of defence, whether or not you have a spam filter, is to use a Realtime Block List (RBL) provider to reject any email from known spam servers. This alone will reduce spam email by 70-90%, depending on your industry. This will reduce the load on your email server or spam filter, as well as your network, as the email is rejected before it is downloaded. This could save you significant bandwidth. We recommend using zen.spamhaus.org as it is the most up to date, with best spam blocking and lowest false positive rate. Setting up your email server or spam filter to use an RBL should only take you a few minutes. 70%-90% SPAM EMAILS www.spamtitan.com info@spamtitan.com
  • 4. Set your server to require correct SMTP handshake protocols 4 Emails Is email using correct SMPT? Email accepted Email rejected Yes No If you make sure that only email using correct SMTP is accepted, you’ll block most spambots. Ensure that you require HELO (EHLO) with a Fully Qualified Domain Name and preferably a resolvable hostname too. As with using an RBL, this check is done prior to accepting the email, so it will reduce load on your spam filter, email server, and network. This will only take a few minutes to configure in your email server or spam filter. Note: Individual organisations may occasionally need to whitelist suppliers or customer with incorrectly configured email servers to allow their email to be accepted. This will work to significantly reduce spam for individual organisations, but may not be appropriate for IPS’s and MSP’s. www.spamtitan.com info@spamtitan.com
  • 5. Use Recipient Verification (RV) to reject email to non-existent addresses 5 Spammers often send email to a range of possible email addresses such as admin@, info@, and may also use a dictionary of names to get email into individuals email inboxes. Reject email that is not addressed to genuine email addresses, by either uploading your valid email addresses as a .csv to your mail server or spam filter, or using Microsoft Active Directory integration if possible. Again, as with using an RBL and SMTP handshakes above, RV prevents the email being downloaded, saving you bandwidth, and reducing load on your email server and network. This may take a little longer to implement if you need to get your valid list of email addresses, convert them into CSV format, and upload them to your email server or spam filter, but it will be worth the effort due to the amount of spam it will block. Note that all 3 of these solutions complement each other, and can be implemented on most email servers, even without having a spam filter. If you are not using these, you are wasting your bandwidth, opening your network to unnecessary risk, and causing yourself a lot of wasted time and effort dealing with the effects of spam - such as the Cryptolocker virus for example. Make half an hour this week to implement these 3 and you will probably save yourself weeks of work over the next year. The rest of the steps here are only relevant if you have a spam filter (commercial or open source, on site or in the cloud). www.spamtitan.com info@spamtitan.com
  • 6. Block dangerous attachment types 6 Block by MIME type Block by file extension   Very few organisations ever need to have .exe files delivered via email. Block them, and in the few cases where they are required, create an alternative method of delivery that ensures safety with the minimum of bureaucracy. Make sure that you are blocking by MIME type, not file extension, as very few spammers will use the actual exe file extension, but will disguise the payload file as a .pdf, image, spreadsheet or doc. www.spamtitan.com info@spamtitan.com
  • 7. Scan for viruses 7 If you don’t have a spam filter, you need to have very good end point anti-virus protection in place. If you do have a spam filter, make sure you are using the anti- virus scanning, and that the AV engine and signatures are up to date. Most spam filters will allow you to automate and set the update frequency. My personal opinion is that if you have AV in your spam filter; use a different AV for endpoint protection, to get the benefit of redundancy. No matter how small the benefit of having different engines is, it still beats having all your eggs in one basket. You need to have endpoint AV, and the market for spam filters and AV endpoint is diverse and competitive enough that you will not be paying a premium to use 2 suppliers. Of course, YMMV, so please feel free to share your opinion in the comments! www.spamtitan.com info@spamtitan.com
  • 8. Make sure that any urls in the email body are safe 8 Use URIBL and SURBL to check that urls in the body of the email are not known malware or phishing websites. www.spamtitan.com info@spamtitan.com
  • 9. Use a regularly updated spam pattern library 9 Most spam engines will have this built in, and usually not configurable. This is where a significant amount of spam is captured, based on a large database of recent and historical spam, provided by the spam fighting community. Spam Assassin is an excellent resource for accurate, up to date spam signatures. SPAM www.spamtitan.com info@spamtitan.com
  • 10. Use Bayesian filtering 10 Most spam engines use a Baeyes engine (Baeyes was a statistician, and his methods are widely used for classification - in this case: spam vs ham) which is trained to recognise spam. Incoming email is scored based on the spam pattern library, bad attachments, bad links, and end user feedback (the “Spam” or “Junk” button in the email client). The Bayes engine then learns to recognise new spam, and also to forget old spam patterns that might now block legitimate emails. www.spamtitan.com info@spamtitan.com
  • 11. Set the appropriate spam score for your organization 11 Most spam filters will give an incoming email a score, based on the content and attachments. It is up to you, the systems administrator, to decide the right spam score threshold for your organisation. This is something that takes a little trial and error to get right, but usually only needs to be done during the first week or two after deployment. Your spam filter providers should give you a trial period to validate that you can get this right for your organisation, and help you configure their spam filter to get the optimum block rate and minimum false positive rate possible with their product. Make use of your free trial period to ensure your get this working - it will be your head that rolls if you go ahead with purchasing a license because of bells and whistles rather than actual spam blocking performance - that every member of your organisation will measure every time they open their email inbox. You have been warned! 1 2 3 4 5 6 7 8 9 10 + SAFE CAUTION RISK SPAN SCORE www.spamtitan.com info@spamtitan.com
  • 12. Enable end user spam feedback 12 Provide a way for your end users to improve your Bayes engine, by manually tagging any spam that gets through your filter as “Spam” or “Junk”, and also for correcting false positives. www.spamtitan.com info@spamtitan.com
  • 13. Train your end users to prevent infections 13 A good email usage policy, that teaches and warns of the risks and consequences of spam, malware, viruses and phishing, gives your end users the knowledge they need to help catch the remaining few scams that get through. This alone could save your organisation from financial ruin - it is so important I almost made it #1 on the list, particularly because so many sys admins give this little attention. There is a lot of negative sentiment about “users” and how the sysadmin’s job is to protect them from themselves. Instead of giving up on them as a lost cause, equip them with the armour and ammunition they need to join you in protecting their data. Use the big bad Crytolocker virus as a scare tactic if needs be - but make sure that everyone knows the potential risks in clicking a link in an email, and to be suspicious of any email from the bank (or any other organisation critical to your business) asking for details they should already have (like usernames, passwords, account numbers, social security numbers, etc.). If you provide the tools and they are not used, you at least have a leg to stand on when the crud hits the fan. “I told you so” is not much use once the business is bankrupt, but at least your career will not end with the company if you did everything you could reasonably be expected to do to protect the network and prevent intruders entry. www.spamtitan.com info@spamtitan.com
  • 14. Good luck in your continued fight to end cybercrime! 14 Interested in learning more Get our free guide on how to Prevent IP blacklisting. Download now Sign up for free trial at http://www.spamtitan.com SpamTitan, delivering powerful antispam protection to your business. www.spamtitan.com info@spamtitan.com