Blocking Image Spam Mail using GFI Mail Security/Essential
We have been receiving a high number of image spam mails for the last few months. Evenhough the problem is currently manageable, we would like to find the most effective and efficient way to manage this issue, once and forever.... I hope.
Any assistance is highly appreciated.
Any assistance is highly appreciated.
I use AVG Internet Security, and I find that it blocks 98% of my image based SPAM. You can check out their products at:
http://www.grisoft.com
They have server solutions as well as desktop. Can you tell us what type of mail server you are using? If it's a 3rd party mail via you ISP, you might check to see if they have an anti-SPAM feature that can be enabled. If you are using Exchange, AVG has a product, McAfee has anti-spam in their suite (I believe... jump in Si), Norton has an enterprise SPAM product. You might also look at http://antispam.msexchange.org/software/Anti_Spam/ for the suggestions from msexchange.org on anti-spam products. If you are using Unix or Linux, you might look at http://spamassassin.apache.org/.
Best Wishes,
Jeffery Smith
http://www.grisoft.com
They have server solutions as well as desktop. Can you tell us what type of mail server you are using? If it's a 3rd party mail via you ISP, you might check to see if they have an anti-SPAM feature that can be enabled. If you are using Exchange, AVG has a product, McAfee has anti-spam in their suite (I believe... jump in Si), Norton has an enterprise SPAM product. You might also look at http://antispam.msexchange.org/software/Anti_Spam/ for the suggestions from msexchange.org on anti-spam products. If you are using Unix or Linux, you might look at http://spamassassin.apache.org/.
Best Wishes,
Jeffery Smith
Hi Jeffery,
Yes, McAfee does have a superb product, both it's Spamkiller for Exchange and it's Secure Content Management appliances (SCM Gateway range).
I didn't mention an alternative product as the title says the using the GFI product......I've currently got a demo version on one of my virtual servers and the easiest way i found to block some test spam is to
Quote
can you not block emails containing .gif and .jpeg attachments and request that if users need to send or receive these types of file then they zip them ?
End Quote
The above should be part of a general computer Use & security policy and is good practice anyway....i.e. don't open attachments if you don't know the recipient.
Cheers
Si
Yes, McAfee does have a superb product, both it's Spamkiller for Exchange and it's Secure Content Management appliances (SCM Gateway range).
I didn't mention an alternative product as the title says the using the GFI product......I've currently got a demo version on one of my virtual servers and the easiest way i found to block some test spam is to
Quote
can you not block emails containing .gif and .jpeg attachments and request that if users need to send or receive these types of file then they zip them ?
End Quote
The above should be part of a general computer Use & security policy and is good practice anyway....i.e. don't open attachments if you don't know the recipient.
Cheers
Si
Sorry, I wasn't familiar with GFI Mail Security/Essential. I just looked it up, and now I know answers to my question:
- Exchange Server
As Si pointed out, you can block GIFs and JPEGs, but then any HTML mail with embedded attachments will be stripped. If this is acceptable in your organization, then it is probably the best method. I know that in most organization that I've worked at in the past, this was not acceptable. The executive director wants the pictures of his/her grandchild, his/her HTTP mail from business or non-business sources. At one organization I worked at, we implemented a points based system using SPAM**(*'s for the number of points - upto 25). Then we gave the users rules that they could implement that allowed them to adjust at what level SPAM got blocked and what was done with that SPAM. Some users opted to get everything, some opted to have marginal SPAM sent to a SPAM folder, and some opted to delete anything marked as SPAM. It was a fairly complex implementation, but the users got to determine what was the best for them... that is one thing that a lot of IT professionals and security professions forget. We work for clients. Our job is to provide solutions to their needs, not dictate our idea of what is right and wrong. Some threats have to be dealt with such as attached executables. The average user might inadvertantly afflict the entire network, but stripping all pictures and picture attachments is a bit excessive in my opinion. Why not implement a paper and pencil only communication rule? (Sorry to go off in a tangent... I just had to get that off of my chest.)
Can't you submit SPAM mail that is getting through the filter to makers of GFI Mail Security/Essential and request they update their detection engine to mark these emails? If GFI is a points based SPAM engine, mark any email with an embedded picture as SPAM level. This way, you have the mail being SPAMMED instead of being stripped. Legitimate email will get through and depending on your rules, will hopefully be put in a SPAM folder where the user can determine if it is a legitimate email or junk. They can update their white lists to allow through mail they may want.
Best Wishes,
Jeffery Smith
- Exchange Server
As Si pointed out, you can block GIFs and JPEGs, but then any HTML mail with embedded attachments will be stripped. If this is acceptable in your organization, then it is probably the best method. I know that in most organization that I've worked at in the past, this was not acceptable. The executive director wants the pictures of his/her grandchild, his/her HTTP mail from business or non-business sources. At one organization I worked at, we implemented a points based system using SPAM**(*'s for the number of points - upto 25). Then we gave the users rules that they could implement that allowed them to adjust at what level SPAM got blocked and what was done with that SPAM. Some users opted to get everything, some opted to have marginal SPAM sent to a SPAM folder, and some opted to delete anything marked as SPAM. It was a fairly complex implementation, but the users got to determine what was the best for them... that is one thing that a lot of IT professionals and security professions forget. We work for clients. Our job is to provide solutions to their needs, not dictate our idea of what is right and wrong. Some threats have to be dealt with such as attached executables. The average user might inadvertantly afflict the entire network, but stripping all pictures and picture attachments is a bit excessive in my opinion. Why not implement a paper and pencil only communication rule? (Sorry to go off in a tangent... I just had to get that off of my chest.)
Can't you submit SPAM mail that is getting through the filter to makers of GFI Mail Security/Essential and request they update their detection engine to mark these emails? If GFI is a points based SPAM engine, mark any email with an embedded picture as SPAM level. This way, you have the mail being SPAMMED instead of being stripped. Legitimate email will get through and depending on your rules, will hopefully be put in a SPAM folder where the user can determine if it is a legitimate email or junk. They can update their white lists to allow through mail they may want.
Best Wishes,
Jeffery Smith
ASKER
Thanks Si & Jeffrey.
We are currently using Exchange 2000, Advanced 2000 Server, GFI Mail Essential (Ver 12), GFI Mail Security (10) and AVG-Server (7.1).
For clarification, we have no problems dealing with attachment related spam mail, eg. emails which have attachments. The problem arises when an image is "paste" into the email, hence, making it "undetectable".
We are currently using Exchange 2000, Advanced 2000 Server, GFI Mail Essential (Ver 12), GFI Mail Security (10) and AVG-Server (7.1).
For clarification, we have no problems dealing with attachment related spam mail, eg. emails which have attachments. The problem arises when an image is "paste" into the email, hence, making it "undetectable".
What happens to your suspected SPAM currently? Does it get dropped to a folder or is it deleted/dropped? If you use the SPAM folder option, then marking any mail with an imbedded graphic as SPAM (I'm assuming that GFI can do this) would do the trick. White lists would allow real mail to get through while dropping junk to the SPAM folder. I'm still curious if you can submit the SPAM messages to the makers of GFI and ask to have the filter updated. These are not undetectable as I've said, my AVG Internet Security pulls about 20 of these out of my mailbox a day. You could look at updating your AVG 7.1 Server to AVG 7.5 Internet security, but that would be expensive.
Best Wishes,
Jeffery Smith
Best Wishes,
Jeffery Smith
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
can you not block emails containing .gif and .jpeg attachments and request that if users need to send or receive these types of file then they zip them ?
Thanks
Si