Despite their limitations, organizations still need to run gateway-based email filtering software; otherwise, the flood of spam would truly swamp their users. Gateway-based filters include a quarantine option, which can reduce both the distraction caused by spam and the chances that a genuine email is lost. Users should be trained to mark unwanted email as spam instead of just deleting it. This will allow their mail client to treat similar emails as spam in the future. For smaller organizations, one option is to forward all emails to corresponding Gmail accounts to take advantage of the Gmail filters.
Sadly, the killer app for beating spam has yet to be invented. Although antispam vendors are usually quick to adopt new approaches for fighting spam, lately they have tended to be variations on familiar themes. Spam is going to be with us in the future, so one of the best ways to tackle it is for every organization to ensure their computers have not been compromised to send more spam. A Microsoft report last year put the U.S. as the biggest host of zombie or compromised computers in the world, and some are enterprise endpoints.
Many organizations fall short in preventing spam or unauthorized content from leaving their own network, and the fines and consequences for data breaches can be worse than the unwanted email. This is an area that shouldn't be overlooked in the battle to control spam.
About the author: Michael Cobb, CISSP-ISSAP, CLAS is a renowned security author with more than 15 years of experience in the IT industry. He is the founder and managing director of Cobweb Applications, a consultancy that provides data security services delivering ISO 27001 solutions. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Cobb serves as SearchSecurity.com's contributing expert for application and platform security topics, and has been a featured guest instructor for several of SearchSecurity.com's Security School lessons.