How To Avoid Scammers, Scammer And The Rest Of The Bad E-Guys

Before anything else, you need to know who the bad guys are and how to keep them the hell out.

By: John Fried

The first e-mail message was sent sometime in the early 1970s by Ray Tomlinson, an English computer engineer working for the Defense Department's Advanced Research Projects Agency. Nobody remembers what it said: possibly "testing" or "QWERTY." Tomlinson wasn't thinking about history; he was just trying to create a quick, informal way for a closed universe of research scientists to communicate with one another.

Ease of use was the point, not security. Defense scientists 30 years ago, after all, did not have to worry about armies of malicious nerds with laptops and cable modems. The openness of e-mail, though, the thing that makes it so revolutionary, is also what makes it so vulnerable to viruses, worms, ID theft, denial-of-service attacks, and a host of other threats.

Scammers are constantly cooking up new ways to use your e-mail system against you. Phishing attacks, for instance. Your employees or customers get an official-looking e-mail saying there is a problem with, say, their credit card account. Would they please click on the link below, then type in their account or Social Security number? MessageLabs, a security firm that tracks phishing attacks, says the number of phishing e-mails grew to 4.5 million in November 2004 from 337,050 that January.

Then there's spam. The Radicati Group estimates that 45% of all e-mail is spam; other experts think it may be as much as 80%. According to Ferris Research, an e-mail and communications consulting firm, the worldwide cost in lost productivity and resources devoted to fighting spam will be $50 billion in 2005, more than a third of that coming from U.S. companies. It's not all bad news, though. Anti-spam laws have started to show some teeth. In April, Jeremy Jaynes, who was reportedly sending out 10 million junk e-mails a day, was convicted of felony charges in Virginia and sentenced to nine years in prison. Couldn't have happened to a nicer guy.

As you may have noticed, though, spam, viruses, and the rest haven't gone away. You still have to protect yourself. Which defense is best for you is a function of how big your business is and how much control you want over your security. Many fixes can help not only with keeping your system safe but also with archiving messages and making sure your system complies with your policies and the law. One solution may not be enough. "You cannot expect to buy a single layer of security protection and sleep at night," says Sara Radicati, of the Radicati Group. Your choices fall into three main categories.

Managed Services

Letting somebody else do it is an attractive option if you have a modest (or nonexistent) IT staff. The tradeoff is loss of control: You're trusting an outsider with a key part of your business.

Managed providers offer a range of security services that include spam filtering, virus protection, encryption, mail monitoring for compliance with regulations or company policy, and even archiving. Fees are typically per user, per month or year, and the price generally drops the more licenses you buy. Most vendors offer 30-day free trials.

Postini's Perimeter Manager Small Business Edition (starts at $25 per user per year) includes protection from spam, phishing, and viruses. It also provides defense against directory harvest attacks, in which cyber miscreants try to get your employees' e-mail addresses by bombarding your server with messages sent to every possible [email protected], [email protected], etc.--and seeing which ones bounce back. Perimeter Manager handles only inbound e-mail, however. If you need to keep tabs on internal or outbound mail, too, you can upgrade to Postini's enterprise edition (starts at $33 per user).