Non-profits send out newsletter blasts, post their email addresses on the website, and of course the out-of-office responder. There is also the sweet, good-natured staff person (which is nearly everyone since it’s a non-profit) who will click away at everything. All this combined with the attitude to ignore something until it is too late results in an organization inundated with spam. This is what I have concluded is the main problem with the Exchange server. Over the last three days I’ve marveled at the speeds at which folders open (1.5 minutes) and how quickly our branch office staff get their POP3 emails (6 hours). Today the BadMail folder h ad over 3600 items four hours after I purged it. I was wondering where the T1′s bandwidth was going.
I feel there are three possible solutions:
1: Network/Desktop software. This is usually the cheapest solution and works adequately but requires regular tweaking. A product like IHateSpam (link) allows each user to do some custom tweaking using a Blacklist, Whitelist, and Quarantine folders. This is nice but, as I discovered at my last job, users tire quick and stop doing it. Additionally, a software-based spam filter only makes the server work harder to filter spam while it is getting hit with all of it. All the while bandwidth continues to get used up.
2: Appliance. Stick an anti-spam network appliance between the Internet connection and your network and you could have a great solution. The server is no longer being hit by thousands of junk emails nor working to filter. Out-of-office responses don’t confirm to spammers that the email address exists since it never gets to the mailbox. However, this won’t work if the purchase is in response to overwhelming spam because even with the appliance, bandwidth will continue to be hogged by junk mail.
3: Spam hosting. Mail is filtered through an outside filter, sending only clean, relevant, kind-to-bandwidth emails. This seems to be the costlier of my three options but unfortunately this may be my only solution since the spam problem has become impossible. I haven’t even begun to do research enough to know which services are worth the money.
Ideally I would think that an appliance should be put in place at the creation of a new domain, before the first shred of spam arrives. Sure, eventually spam will eat up your bandwidth and a spam hosting solution will probably be necessary, but this will occur nowhere near as quickly as when nothing is done to combat spam from the very beginning. Look, you don’t install a firewall after you’ve been hacked, so why do we wait for spam to arrive first when we know it multiplies quickly. Additionally the appliance will save the organization money in the long run since reliance on spam hosting will be postponed for a good while longer. Do it!