IBM AH0QXML User Guide - Page 27

Managing the ongoing anti-spam campaign, Determine how much time to allocate

Get IBM AH0QXML - Lotus Domino Messaging PDF manuals and user guides View all IBM AH0QXML manuals
Add to My Manuals
Save this manual to your list of manuals

Page 27 highlights

2.2.5 Managing the ongoing anti-spam campaign Due to the nature of spam, there is no single configuration setting or secret notes.ini variable to toggle to have all spam delivery rejected. This is due to the constant change in the spam content, addresses, and the spammers themselves. The most effective way to keep your anti-spam configuration relevant is to monitor your results periodically and revise your configuration based on new information. Determine how much time to allocate Based on how much of a priority spam prevention is in your organization, and how much of a problem it is to users, you can decide how much time to assign to your anti-spam efforts. If blocking spam is your top priority (this usually results from upper management receiving some particularly offensive spam) then you should plan to put aside some time daily or weekly to review how effective your configuration is. You may want to start out by monitoring your new configuration daily and tweaking the configuration based on the results. After a few days of this you can move to a weekly analysis. After several smooth weeks you might consider moving to a biweekly schedule. There are some tasks that you should perform infrequently to avoid impacting users. These tasks include surveys, user-based rule changes, and e-mail policy reviews. How to analyze the effectiveness of your configuration The daily or weekly tasks should include the following: Review the mail log and see how many rejections you are getting. (You can use log analysis to filter for "rejected.") As these numbers increase your configuration is becoming more effective. Also scan these rejections for potential false positives. Scan the mail logs and look for mail with known "spam-like qualities" getting through. Things to look for include messages being sent to a large number of users, subjects such as "make money fast", and known spam sender addresses. You may identify addresses or messages that your rules have missed. Talk with users that are known to receive large amounts of spam, or analyze the logs to see whether spam intended for them is being rejected. After reviewing your server rule hits, identify rules that are not being triggered and consider revising them. For those rules that are being triggered, look for ways to make them more effective and scan for false positives. Chapter 2. Preventing unwanted e-mail and spam 15

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
Chapter 2. Preventing unwanted e-mail and spam
15
2.2.5
Managing the ongoing anti-spam campaign
Due to the nature of spam, there is no single configuration setting or secret
notes.ini variable to toggle to have all spam delivery rejected. This is due to the
constant change in the spam content, addresses, and the spammers
themselves. The most effective way to keep your anti-spam configuration
relevant is to monitor your results periodically and revise your configuration
based on new information.
Determine how much time to allocate
Based on how much of a priority spam prevention is in your organization, and
how much of a problem it is to users, you can decide how much time to assign to
your anti-spam efforts.
If blocking spam is your top priority (this usually results from upper management
receiving some particularly offensive spam) then you should plan to put aside
some time daily or weekly to review how effective your configuration is. You may
want to start out by monitoring your new configuration daily and tweaking the
configuration based on the results. After a few days of this you can move to a
weekly analysis. After several smooth weeks you might consider moving to a
biweekly schedule. There are some tasks that you should perform infrequently to
avoid impacting users. These tasks include surveys, user-based rule changes,
and e-mail policy reviews.
How to analyze the effectiveness of your configuration
The daily or weekly tasks should include the following:
±
Review the mail log and see how many rejections you are getting. (You can
use log analysis to filter for
rejected.
) As these numbers increase your
configuration is becoming more effective. Also scan these rejections for
potential false positives.
±
Scan the mail logs and look for mail with known
spam-like qualities
getting
through. Things to look for include messages being sent to a large number of
users, subjects such as
make money fast
, and known spam sender
addresses. You may identify addresses or messages that your rules have
missed.
±
Talk with users that are known to receive large amounts of spam, or analyze
the logs to see whether spam intended for them is being rejected.
±
After reviewing your server rule hits, identify rules that are not being triggered
and consider revising them. For those rules that are being triggered, look for
ways to make them more effective and scan for false positives.