Deborah
Deborah Galea is co-founder and COO of Red Earth Software based in Silicon Valley, California. Deborah is a contributor to most of Red Earth Software’s white papers, articles and blog posts. After completing her Masters degree in European Studies (with a major in Communications) at the University of Amsterdam in 1994, Deborah completed a traineeship at the European Commission. She decided to follow her public relations passion and went on to hold PR & communications positions at the Sdu Informatie Bank (Dutch state publishers) and Hill and Knowlton (pr agency). After successfully running a UK software distributorship for five years, where she was responsible for PR, marketing and daily operations, Deborah decided to co-found Red Earth Software in 2001 and apply herself to creating useful ‘down to earth’ software that solves real business problems. View Deborah’s Linked in profile at: http://www.linkedin.com/pub/4/890/394.
Posts by Deborah
ORDB offline
Jan 15th
In case you have not yet heard; the open relay database ”ordb.org” is now officially offline. For five and a half years the ORDB volunteers maintained a comprehensive list of known open relays. ORDB.org posted the following notice on their website that is now no longer:
“It”s been a case of a long goodbye as very little work has gone into maintaining ORDB for a while. Our volunteer staff has been pre-occupied with other aspects of their lives. In addition, the general consensus within the team is that open relay RBLs are no longer the most effective way of preventing spam from entering your network as spammers have changed tactics in recent years, as have the anti-spam community.”
Whether you used their list or not, it is always sad to say goodbye to a good spam fighting effort.
If you were using ORDB.org to check for spam, it is highly advisable to disable the list in your spam filtering software.
5 tips to comply with new ediscovery rules
Dec 11th
The new electronic discovery rules are good news for prepared companies. If your company can demonstrate that you have taken reasonable care in creating guidelines as to what information needs to be retained and what should be purged, this will help in a court order since you can prove that your organization has taken electronic record retention seriously and that there are no ‘irregular’ deletions of specific documents or emails.
Follow these 5 tips to show that your organization has taken reasonable care:
1. Develop a records retention policy. Much like an email policy, company management will need to get involved in deciding about which documents need to be retained and when they should be purged.
2. Provide staff training to explain to users why the retention policy is needed and how it should be put into practice. Include retention policy guidelines in your employment handbook.
3. Identify and classify the electronic records that you currently have on your systems. Determine whether these are accessible or inaccessible, and whether some of these records should be deleted. Keep this database up to date.
4. Create an action plan that will be followed if your company faces a court order, in order to immediately inform your employees not to delete certain documents.
5. Keep evidence of the above activities so that you can demonstrate to the court that you showed good faith.
The new e-discovery rules – what they mean for your company
Nov 30th
On December 1 the new electronic discovery rules take effect in Federal court. The new rules now obligate companies to address e-discovery issues within 30 days after a lawsuit is filed. Under the old rules, companies could just wait for a discovery request, which could take up to a year after the initial filing of the lawsuit. The new rules mean that all companies, large and small, must pull their socks up and get serious about managing their electronic records.
The good news is that under the new rules, the court must now recognize that a company is not able to retain all records and will not be sanctioned if a document is deleted in good faith: “Absent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system.” This means that if you are not able to produce a particular document but can prove that you have implemented a retention system and that this document was deleted in good faith, you will probably not be sanctioned for this.
Further good news is that if a company can prove that producing certain electronic records would cause undue burden and costs, the court may decide that the documents will not need to be submitted: ‘A party need not provide discovery of electronically stored information from sources that the party identifies as not reasonably accessible because of undue burden and cost’. Beware though, that the court may still decide that the documents must be produced if the requesting party shows good cause.
All in all, the changes are an incentive for companies to think about how they manage their electronic records and to put a formal retention program in place. Check back in a few days for several tips on how your company can show good faith to a federal court.
Do people still fall for spam?
Oct 28th
Unfortunately yes, they still do. According to a study conducted by the University of Oxford and Purdue University, the latest lucrative spam practices are stock spamming. You know those messages that warn you that company Xyz is hot right now and will make you a fortune? It turns out that spammers buy up stock before they send out the messages, then whilst people fall for the scam and buy the stock the spammers sell theirs at a profit. It sounds so simple (not to mention highly illegal) and yet people are falling for it. According to the survey, on days that no spam messages about the company stock were circulating, there was a 6% chance of this stock being traded. On days when spam messages were sent out urging people to buy the stock, the chance of the stocks being traded rose as high as 81%. The study also calculated the percentage that investors are losing. On average, investors who fall for the scam are losing 5.25% in the two day period following the stock touting. However for the top 20% of stock scams, investors lose as much as 8% value. . Unfortunately people are still falling for spam, and as long as they do, spam will keep on coming.
Spamhaus litigation: Will spammers get a second wind?
Oct 15th
‘No doubt you have already heard about the court case against Spamhaus by emarketing firm e360Insight. Regardless of the merits of e360′s claims, shutting down Spamhaus cannot be a good idea. Spamhaus currently has 650 million users (including many corporate users) and blocks 50 billion spam messages per day. The majority of these messages are illegal, containing offensive content or propagating scams and phishes. Spamhaus is currently deemed to be one of the most effective and accurate black lists currently available, with a near to 0% false positive rate. If Spamhaus were to be shut down, not only will this cause spam to leak through spam filters, but it could also mean that spammers will get a second wind. Knowing that Spamhaus is no longer blocking their messages, spammers could start firing off spam with increased urgency, in the hope that their messages might now reach a greater audience. I just hope that Spamhaus and e360 are able to sort out their differences, since the community at large only stands to lose if Spamhaus is shut down.
Here is a quick sum up of the Spamhaus litigation events:
June 21: e360Insight, a marketing firm based in Wheeling, IL, files suit against Spamhaus (a UK based organization run by volunteers) for erroneously listing e360 on its Register of Known Spam Operations, the ROKSO list. The plaintiff argues that they only send emails to recipients who have subscribed to their lists and have ‘opted-in’. Also, the plaintiff states that according to the Spamhaus website, to be listed on the ROKSO list a spammer should be terminated by at least 3 ISPs for Acceptable Usage Policy violations. e360Insight claims that they have not been blocked by even one ISP. Spamhaus at first defended the action but then withdrew its answer and has taken no further action to challenge Plaintiff’s allegations. Spamhaus claims that according to U.K. laws e360Insight are sending unsolicited emails and will therefore continue to include them on the ROKSO list. Spamhaus also states that a US court has no jurisdiction over an organization based in the UK.
September 13: Since Spamhaus failed to respond, the Court enters a default judgment against Spamhaus in the amount of $11.7 million.
October 5: e360 submits an order to suspend www.spamhaus.org since Spamhaus failed to comply with the court’s previous order. If signed, the order will call for ICANN and/or Tucows (Spamhaus’ Registrar) to take the Spamhaus website down.
October 9: ICANN makes a statement warning that they do not have the ability nor the authorization to suspend www.spamhaus.org.
Top 10 spam characteristics (#1-5)
Oct 2nd
‘In a bid to stop spam, Red Earth Software has compiled a list of the most commonly found characteristics in current spam mails. Last week we saw the top spam characteristics in position #10 to #6. Today we are counting down to the #1 spam characteristic, the characteristic that Red Earth Software has found to be the most common in today’s spam messages.
#5. From: and Reply To: address are different: This is a common feature of spam mails, but it is also very common with newsletters. The importance of this characteristic should be minimized since it is also found in legitimate emails.
#4. Message body contains remote image: In order to avoid spam messages from being blocked by word filters, spammers include an image in their message that cannot be filtered for words. In addition, upon opening the email message the image is downloaded from the spammer’s website. Since each message contains a unique ID, the spammer will know exactly which recipient has viewed the mail. This indicates which email addresses are ‘live’ and can be sent even more spam.
#3. Message contains only HTML body: HTML messages usually include a plain text version of the email so that recipients with email clients that cannot read HTML can still view the message in plain text. However, many spammers tend to send HTML messages without this plain text body part. This is done to save on size and to force recipients to read the HTML version which automatically opens an image and connects to a web site when the message is opened. Newsletters also tend to send messages without a plain text body part, so it is important to use a white list of allowed newsletters so as not to catch any false positives.
#2. Message contains many or only tags: Some spammers try to circumvent content filters by placing lots of HTML comment tags within the email body text. In this way, content filters will not recognize the spam words since they are separated by comment tags. The recipient however, will not see the comment tags since these are not displayed when viewing the message in HTML. Therefore it is important to use an email filter that can filter emails by removing HTML tags first.
#1. Recipient’s email address is not in the To: or Cc: fields: Red Earth Software found this to be the most commonly found characteristic in current spam messages. The reason for this is that the recipient’s email address is hidden in the Bcc: field or X-receiver field, along with a substantial number of other email addresses. Spammers do this in order to conceal the fact that the mail was sent to a large number of recipients, and presumably so as not to publish their email list. Some persons might add recipients to the Bcc: field for sending out ‘legitimate’ mailings, but these will tend to be of a more personal nature (which you might wish to block anyway) since most professional companies do not use this method for sending newsletters or mailings. Note however that if you do block emails without a local recipient in the To: or Cc: field, you will be blocking all bcc: messages.
Bottom line: Many spam filters check for the existence of these characteristics (and more) and use these to determine whether the message should be identified as spam. Some characteristics are strong indicators that a message is spam, others really cannot be taken into account at all since they can also exist in legitimate emails. A system checking for spam characteristics can be very effective, but must make use of a sophisticated scoring system in able to flag spam correctly, applying a different weight for each characteristic.
The top 10 spam characteristics (#6-10)
Sep 27th
‘Even though some spam messages are hard to distinguish from legitimate emails, most spam mails include ‘tell-tale’ signs that can be used to filter them out. In the next few days I will be discussing the Red Earth Software list of current top 10 spam characteristics and how they can be used to detect spam. Remember that these spam characteristics must not be used in isolation, since some characteristics can also be present in legitimate mails. Therefore it is important to use a weighting system that provides an individual score for each spam characteristic. If a message includes several spam characteristics and reaches a ‘spam threshold’, the email can safely be considered as spam.
I have numbered each spam characteristic according to the frequency in which it is found in today’s spam mails, where #1 is the spam characteristic that Red Earth Software found to be most common. Today I am posting #10 through #6. Keep a look out for the top 5 coming soon in this blog.
#10. Illegal HTML exists: Some spam messages include a code for identification in the text of the message. The text is entered outside the HTML tags so as to hide the code from the recipient. There is no legitimate reason to add text outside HTML tags, so the mere presence of illegal HTML can be treated as suspicious.
#9. Message body contains small font size: In order to circumvent Bayesian filters and filters that block messages with only images, spammers enter ‘normal’ text at the bottom of the message in order to appear legitimate. Some spammers include this text in small font size.
#8. Message subject contains email address or recipient name: Either the complete email address or part of the email address (the part before the domain) is added to the subject in order to personalize the message and trick the recipient into thinking that it is a legitimate message. For legitimate mails there is no reason to enter the recipient’s email address in the subject, so the presence of this is a pretty sure sign of spam.
#7. Message body is base64 encoded: Spammers use base64 to encode the message headers and body so that spam filters are not able to read the content and perform any filtering. Most email clients will decode the message so that the message can still be read by the recipient.
#6. Sender address contains number or character sequence: Spammers use automated programs to register thousands of email addresses. Since they are generated in bulk, they often include number or character sequences such as FRfJIrqOpV@hotmail.com or bob36189624@gmail.com. At first spammers used number sequences but when most spam filters started to block these types of addresses they changed to using character sequences which are harder to detect.
10 points to include in your email policy
Aug 20th
Email policies are important since they spell out what the company considers as appropriate email usage and more importantly, what is considered as inappropriate usage. You can either create a separate email usage policy or you can include an email policy section in your Employee handbook. In both cases it is a good idea to ask the employees to sign the policy, indicating that they have read and understood the document.
What kind of subjects should you cover in your email policy? Here is a list of then points to include:
#1 Email risks: The policy should list email risks to make users aware of the potential harmful effects of their actions. Advise users that sending an email is like sending a postcard: if you don”t want it posted on a bulletin board, then don”t send it.
#2 Best practices: This should include email etiquette and writing rules in order to uphold the good reputation of the company and to deliver quality customer service. For instance, include 5 etiquette rules: 1. Use proper grammar and punctuation, 2. Enable spell checking, 3. Read the email before you send it. 4. Include a signature conform company format, 5. Do not write emails in capitals. Also include instructions on compressing attachments to save bandwidth.
#3 Personal usage: The policy should state whether personal emails are accepted and if so, to what extent. You can for instance set limits on the times of day that personal emails can be sent (only during breaks), or you could require personal emails to be saved in a separate folder. In addition, state that employees are prohibited from sending or receiving certain email attachments, such as exe, mp3 or vbs files. You could also include a maximum file size for attachments sent via email.
#4 Wastage of resources: Warn users that they are making use of the company’s email system and that they should not engage in non-business activities that unnecessarily tie up network traffic. The policy must also cover the use of newsletters & newsgroups. For instance you can state that employees may only subscribe to a newsletter or newsgroup if this directly relates to their job.
#5 Prohibited content: The policy should expressly state that the email system is not to be used for the creation or distribution of any offensive, or disruptive messages, including messages containing offensive comments about race, gender, age, sexual orientation, pornography, religious or political beliefs, national origin or disability. State that employees who receive any emails with this content should report the matter to their supervisor immediately. Moreover, employees should not use email to discuss competitors, potential acquisitions or mergers or to give their opinion about another firm. Unlawful messages, such as copyright infringing emails should also be prohibited.
#6 Document retention policy: Include information on whether or not email will be archived and for how long. If your organization is required to archive email messages, state that all emails will be archived and include the number of years that the records will be kept. If you are not required to archive your emails, notify your users about whether they can or should delete emails after a number of months or years.
#7 Treatment of confidential data: Include rules and guidelines on how employees should deal with your company’s confidential information and trade secrets. They should also be aware that they should not forward any confidential messages or attachments from other companies without permission. Make employees encrypt any confidential information that is sent via email and change passwords regularly.
#8 Email disclaimer: If you are adding a disclaimer to employees” emails, you should inform them of this and state the disclaimer text that is added.
#9 Email monitoring: If you are going to monitor your employees” emails, you must state this in your email policy. Warn that employees should have no expectation of privacy in anything they create, store, send or receive on the company’s computer system and that the company may, but is not obliged to monitor messages without prior notice. If you do not mention that the company is not obliged to monitor messages, an employee could potentially sue the company for failing to block a particular message.
#10 Measures & violation reporting: Warn that if an employee is found to be in breach of the email policy rules, this could result in disciplinary action, up to and including termination. If an employee witnesses email policy abuse they are required to report the incident immediately. Include contact details of who to contact if a violation of the policy rules is detected. This could be a supervisor but it might also be a good idea to appoint a specific contact person to report email policy breaches to.