Have you ever been on the receiving end of a recorded call that starts off “Your car’s warranty is about to expire….” The first time I got one of those calls it scared the daylights out of me. I had thoughts of my transmission dropping out while driving my kids around. My kids aren’t mechanics and neither am I so we’d be in quite the pickle. The calls keep coming to your phones, home and mobile. How annoying is that? All I could think was that these guys are spamming me through my phone.
Well, there’s good news. Next Tuesday the feds will make it illegal for telemarketers to use robocalls. “American consumers have made it crystal clear that few things annoy them more than the billions of commercial telemarketing robocalls they receive every year,” FTC Chairman Jon Leibowitz said in a news release. You got that right! Just like spam we don’t have the time or patience to deal with this junk. The feds also enacted CAN-SPAM a few years back to deal with spam messages. It’s estimated that close to 90% of all email traffic is junk mail. Hopefully, the robocalls perpetrators won’t decide to move their operations offshore and use crazy call-routing schemes to keep the pressure up to persuade consumers they need new car warranties.
After next Tuesday I can rest a little easier. I won’t have to screen my calls as diligently as before. I only wish this law had included the annoying political phone calls that come around each election cycle. Oh well, no law is perfect but it’s a start.
As we approach the end of summer, Mailprotector Security Center reports that spam rates remain high. During the last four weeks, the spam rate for all email traffic flowing through the Mailprotector security system reached one of the highest levels at 96.1%. The report also notes that the preferred method of attack from spammers is the Dictionary Harvest Attack – DHA.
Also known as a “Directory Harvest Attack”, the DHA is becoming a much more frequent occurrence. The most important commodity for a spammer is a valid email address. As users become more cautious about the disclosure of their email address, valid addresses are becoming harder to come by.
In a typical DHA the spammer will use a “dictionary” of hundreds of thousands of common names and name combinations to continually query a non-secure email server. The spammer will not attempt to send a message, but simply ask the receiving server if it will accept a message for the particular address. The spammer then waits to see if an error message is returned. If one is not, then the spammer now has a valid email address that can be used and sold to other spammers.
As part of our exchange spam filtering service, Mailprotector provides comprehensive security from DHA and other SMTP-based server attacks. Head over to http://www.mailprotector.net to learn more about this and other services that Mailprotector offers.
by Bruce LaFlam on July 30, 2009
At Mailprotector, we have seen the technically savvy spammer community become more sophisticated and operate in ways that require swift response. With the ability to respond quickly to threats, it makes sense that cloud based or hosted spam filtering companies are growing at at rate faster than the other potential email security solutions: software and appliance.
At the Black Hat Vegas security conference this week, Cisco chief security officer, Patrick Peterson, confirms what we see on a daily basis – spammers are fast.
“Cybercriminals hunt prey with a velocity that’s impossible for legitimate businesses to match”
With hosted email security, businesses can be sure that there is a team of security professionals monitoring and adjusting to threats 24/7.
Byron Acohido in a USA Today story shares more from the Black Hat Security Conference. You can read his story here.
by Bruce LaFlam on July 24, 2009
In recent months, our company which provides a spam filter and hosted exchange service has been investing resources into social media. With marketing dollars (and time) in limited quantities these days, it’s important to ask “is social media here to stay and will there be a return?” In a story posted on USAToday.com, Forrester Research shares some insight into the future of social media. Read the entire article here.
The money that businesses spend on social media now is growing faster than any other form of online marketing. Some 25% of small businesses surveyed by Ad-ology Research said they would spend more on social networking in 2009, beating the numbers who’ll spend more on e-mail, blogging or company websites. Forrester Research projects the $455 million that companies spent on social networking in 2008 will balloon to more than $3.1 billion by 2014, a growth rate more than three times what it forecasts for e-mail marketing.
USA Today
So, marketing decision makers should be comfortable knowing that social media will be growing strong for years to come.
by Jeremy Nigh on July 23, 2009
According to a mid-year report from TRACElabs, spam is at it’s highest level ever. Previously the highest level recorded was in July of 2008, so this trend suggests that spammers really kick things into high gear during the summer months, and they don’t care one bit about the actions being taken against them.
“The clear message spammers are giving us is that they are unimpeded by the efforts of law enforcement and the security community,” says TRACElabs senior researcher Phil Hay.
With the recent FTC crackdown on Mocolo and 3FN the volume of spam did slow considerably. However, these latest reports show that spammers have hunkered down and brazenly developed better and more resilient systems for keeping themselves in business. According to Hay, “The crime groups running the Waledac, Rustock, Pushdo and Grum spamming botnets continue to be very strong.”
The report also shows that:
- More than 30% of all spam last week came from Asian countries after Vietnam overtook traditional spam powerhouses China, Turkey and Russia for the first time ever.
- Brazil continues to dominate with over 15% of all spam, followed by the USA with 10%.
- Just three specific institutions were the focus of 99.5% of all phishing activity last week: eBay, Bank of America and Comerica.
So despite the fact that organizations are investing more time, money, and resources into the spam problem, the spammers continue to relentlessly pound the unprotected email user with wave after wave of unsolicited messages. These high numbers serve as a reminder that the spam epidemic is not going to disolve anytime soon, so this blogger recommends that you find a good email security service and ride out the storm in comfort.
- Just three specific institutions were the focus of 99.5% of all phishing activity last week: eBay, Bank of America and Comerica.
by Jeremy Nigh on July 22, 2009
Does spam actually return any profit to companies that hire spammers to push their product? Believe it or not it does. Why? Because a decent percentage of individuals actually click spam messages in their inbox.
Recently the MAAWG (Messaging Anti-Abuse Working Group) asked North Americans if they had ever responded to a message they believed to be spam (note: we’re assuming their respondents did not have an email security solution in place). Out of the 800 people surveyed 12% confessed to doing so because they were actually interested in what the spam had to offer. “Big red button pressers” represented 6% of the total respondents, saying that they have clicked on spam “just to see what would happen”, while another 13% said they “unknowingly” clicked spam.
That’s a 31% click-through rate! With such a high rate of success, I think it’s safe to say that spam is going to stick around for a while.
by Tim Sullivan on July 17, 2009
As mentioned in a previous post, the recent story concerning Governor Mark Sanford’s extra-marital affair highlights the need for effective email security. So, what is the key to effective email security?
The answer is layering. It has become an industry best practice to have a layered security approach when it comes to email. Typically, layers of security begin with a cloud based service (like Mailprotector) followed by an appliance (both protecting the email server).
There are other keys to layering, however, including encryption and email best practices. Recently we talked with Ira Victor of the Data Security Podcast about these issues. have a listen »
by Bruce LaFlam on July 10, 2009
In an article posted this week at Infoworld.com, Peter Bruzzese shares a 10 point checklist for selecting an email security solution. Also in the article, our CEO David Setzer gives some insights on email security best practices. You can read the entire article here.
Peter’s 10 email security requirements:
- Lowest total cost of ownership, upfront capital investment, ongoing administration, and user training
- Access to experienced live customer support to quickly address issues
- Preservation of network and server bandwidth
- Processing of security threats inside or outside the corporate perimeter
- Fastest time to value delivery — can it be deployed and working quickly?
- Reduced risk — ensuring your choice does not introduce a single point of failure within the organization
- Interoperability with network systems and software
- Multiple layers of protection against spam, malware, phishing, viruses, vulnerabilities, and other attacks
- Simple operation and management to reduce IT burden and allow focus on more strategic IT initiatives
- Very little or no user training requirements
Peter writes articles and posts them on his Infoworld Blog that benefit IT directors and decision makers. You can find his Blog here.
by Bruce LaFlam on July 8, 2009
Yesterday, Microsoft announced a serious security flaw with PCs using Windows XP or Windows 2003 related to its internet explorer browser. The most likely initial attack will come in the form of email spam that will try to trick users into clicking a link which will then send them to corrupted web pages.
Our Mailprotector Security Center reports that spam levels for the month of June reached 92% for all email traffic. The Microsoft security announcement confirms what we have seen on a daily basis – users need to be protected by a robust spam filter that can adjust to the changing threat environment. The best place for this level of robustness is the SaaS email security model. In discussing SaaS spam filters with Searchmidmarketsecurity.com, Forrester Analyst Jonathan Penn states:
“Really a no-brainer to go into direction of service providers,” said Forrester’s Penn. “There’s really no good reason these days for a smaller organization that doesn’t have that kind of expertise in-house already, that kind of staffing, that kind of competency dedicated to email management to go with a product.”
Given the fact that Mailprotector is a SaaS email security company, we agree with the notion that SMBs should take advantage of the expertise associated with a hosted security provider. We also suggest that everyone use good old common sense judgment when clicking any link in an email, and make sure your web browser is up to date. If history is any indicator this won’t be the last security flaw found in a Microsoft product, but an ounce of prevention is worth a pound of cure, so be sure you’re protected beforehand.
Ok, this one is a little off the email security topic but I think it’s a fundamental marketing question worth exploring.
I walked in my bank the other day (I like the smaller local banks because I like knowing who’s messing with my money) and they have this big display for Coke on the main table in the lobby. As I walk up to the teller window and start chatting I see that they are offering a free 2 liter of Coke with any new account. So, after my obligatory joke about what happened to the free toasters I had to ask if they really thought offering a $.99 two liter of Coke was going to make one iota of difference in anyone’s decision making process about whether to open an account or not. Needless to say, most in this branch agreed that it made a nice looking display but a pretty ineffective marketing tool.
I left the bank and passed the experience off as one of those little amusements of life. Until yesterday, that is, when I open a local business paper and see another bank who has designed and paid for an entire ad around the enticement of a free box of cookies for opening a new account. This made me start to doubt my own logic now. Are there really people out there saying to themselves “Hmmm, can’t decide which bank to use. Do I want the cookies or the Coke?”
From the very first day of Mailprotector’s launch I made sure that we offered a fully functional 30 day demo without any credit card numbers or other upfront obligations. I always felt like the best way for our customers to know if Mailprotector would work for them is to actually use it. Especially for something as critical as a spam filtering service. I never really thought of it as a marketing gimmick or freebie. Maybe banks should do the same. Let us try their online banking for a while. Let us see if their tellers really are that friendly and their hours convenient.
Please tell me there’s a difference between the cookies and our demo. If not, we may just switch out the demo with a box of doughnuts…
