In spite of legislation and the first conviction of a spammer under that law, it appears spammers will keep spamming as long as there's money to be made.

According to Symantec's September Internet Security Threat Report, one of the most comprehensive analyses of trends in cyber security activity, spam made up more than 60% of all e-mail traffic during the first half of 2004. And Jupiter Research estimates that the average consumer will get 2,000 spam hits a day in 2005, up from 40 in 1999.

Spam is no longer simply a time-consuming irritant. Today's spam is blended with malicious threats such as viruses, worms, spyware, and phishing scams. Now accidentally clicking on a spam message can open a Pandora's box of trouble, from activating a Trojan horse to turning your PC into a spam-sending machine.

For business, the economic impact of spam and spyware is all too clear. Not only do these threats impact productivity, network bandwidth, hardware resource, and support, they introduce serious legal liability issues and undermine hard-earned corporate brands and reputations.

In the face of such a threat, what's a concerned business to do? Problems such as spam and spyware threaten to undermine the integrity of its information. While corporate information has to remain secure and reliable, it must also remain available. And because spam and spyware use the same vehicle - the Internet - as legitimate business-critical communications, the challenge is to ensure that necessary information exchange continues while unwanted activity is halted.

Keeping spam, spyware, and other threats out of the workplace requires a powerful combination of information security technologies, including anti-spam, anti-virus, firewalls, and policy management.

Today's Spam Attacks
Spammers now use a number of tactics to evade detection by anti-spam solutions with only limited filtering abilities. As a result, the most effective anti-spam solutions use a variety of filtering techniques to stop complex spam attacks in real-time - without compromising accuracy. Essential filtering technologies in an anti-spam solution include:

• Reputation Filtering: Reputation filtering vets the quality or reputation of the sending source or mail server of a message. This kind of filtering can identify Internet protocol addresses of suspect servers or the open proxies spammers use as well as servers that don't send spam.
• URL Filters: URL filters, in turn, identify spam URLs in messages and remove characters that conceal a Web site address in a message. This kind of filtering is effective against disguised URLs, extreme randomization, and short messages.
• Heuristics Capabilities: Heuristic capabilities are characterized by programs that are self-learning. In other words, they get better with experience. Heuristics offer a effective defense against new spam by analyzing the header, body, and envelope information of incoming messages looking for distinct spam characteristics such as excessive exclamation marks or capital letters. While poor heuristics do little more than create an administrative burden by producing countless false positives, the best heuristics can result in near-perfect accuracy.
• Signature Technology: Signature technology also plays an important role in filtering out spam. The most advanced signature technology actually strips random HTML from spam and counteracts the variations that spammers often insert, which can be a potent answer to today's highly randomized, HTML-based spam attacks. Similar signature technology is also used to identify embedded images, executables, zip files, and other message attachments through which spammers entice recipients.
• Foreign Language Identification: Foreign language identification is another essential spam filtering technique that can identify the 10%-20% of global spam not sent in English.

Anti-virus technology works to identify viruses, worms, and spyware, which are often distributed through spam. When updated regularly and configured appropriately, anti-virus solutions can automatically delete or clean malicious messages, including mass-mailing worms that can result in hundreds of spam messages.

Firewalls that are configured to allow only authorized outbound traffic can also reduce the threat of spyware and malicious code that attempts to phone home over the Internet without the user's knowledge or permission or tries to launch fraudulent applications. Firewall rules can be created to block access to known spyware sources.

Corporate information security policies can be updated to ensure that file-sharing and other software is correctly implemented and that appropriate usage policies are in place and are followed. Many of the best Internet firewalls and advanced anti-virus applications are circumvented by careless or uninformed employees who haven't been trained to recognize and respond to Internet threats. In developing and disseminating a solid up-to-date information security policy, employees are educated and reminded of their role in fighting invading threats. A number of policy management tools are available to streamline this ongoing process, making it easier and less time-consuming to achieve and demonstrate company-wide compliance.

Information security technologies provide a sophisticated and effectual deterrent of information security attacks that threaten to undermine the integrity of business-critical information. By using the most innovative and powerful anti-spam filtering techniques together with anti-virus, firewalls, and other security technologies, organizations can protect the security and availability of their business information while new generations of Internet threats emerge.