Introduction

3 Introduction

Spam initially started out being an inconvenience due to volumes of unsolicited Email; indeed spam was often referred to as ‘u-mail’ – unsolicited Email. However, spam has moved-on from simply being unwanted Email often attempting to promote ‘medicines’ of dubious virtue, to becoming a means by which organised crime look to steal private information, compromise user’s machines to be used for a range of further nefarious purposes and ultimately steal money via some form of fraud.

Spam is now often referred to by a number of terms including ‘phishing’, ‘spear phishing’ and ‘pharming’ among others, depending upon the nature and intent of the message. All of these types of message though are fraudulent Email…typically sent quoting the name of a well-known and respected organisation with the intent of fooling the recipient into taking some form of action that will compromise personal information and enable some form of fraud to be committed.

This paper looks to provide some solid real-world advice on actual controls an organisation can implement to combat the spam onslaught and regain control of its domain and brand. If you lose control of your domain, the damage is far more than customers receiving nuisance messages claiming to be from you. Ultimately the spam will result in your domain being untrusted by customers and Email will cease to be an effective means of communication for your organisation. Remember, simply sending mail is of no value if it is not received, read and acted upon.

The intent behind the controls proposed in this paper is to prevent this occurring and so enable the efficiencies and convenience of Email to both customer and the organisation to be realised, e.g. reduce the compromising of customer information, reduce fraud, repair brand reputation and to take control of Email as an effective customer communication channel.

Continue reading ‘Practical Technical Controls’ »