Last week, I wrote about three SMTP authentication solutions that might help curb junk email and the influx of viruses, worms, and Trojan horses. Sender Policy Framework (SPF) is already rolled out to more than 7500 networks; the other two solutions, DomainKeys and Caller ID for E-Mail, are still in the design and testing phases. However, it's possible that later this year, DomainKeys and Caller ID will become available to the public, so you might soon be able to begin implementing and testing them on your own networks.
For the next 2 weeks, we're conducting a poll that asks which of the three solutions your company might implement. Please take a moment to respond to the poll, which you'll find on our Security Web page. http://www.winnetmag.com/windowssecurity
In the meantime, a couple other options can help you eliminate junk mail and prevent malicious software (malware) from entering your network. One technique that many people use is disposable email addresses--in other words, using a free email address when you sign up for newsgroups and mailing lists and changing the address when it begins to receive a lot of unwanted email.
Spammers harvest email addresses from Web sites, newsgroups, and mailing lists, so if your email address is posted in any of those formats or forums, it's likely to begin receiving junk mail. For example, you might think your participation in a private, members-only mailing list wouldn't lead to the exposure and misuse of your email address. But if someone archives that mailing list to a Web site (which is the case with numerous security-related mailing lists), eventually spammers will harvest the email addresses for their own use.
Managing disposable email addresses might seem tedious at first. You must delete the old address, create a new one, and change your email address for any forum memberships, but those steps take only a few minutes and are probably far less time-consuming than filtering junk mail over long periods of time.
Another technique some of you can use is called selective mail download. Email clients such as Eudora and Pegasus have such a feature; Microsoft Outlook and Mozilla don't (at least they didn't the last time I checked). Selective mail download is when a mail client downloads a list of the headers of all the messages waiting for the user on the mail server. The displayed list typically includes the To, From, Subject, Date, and Size parameters of each waiting message. The user can then choose which messages to download and which messages to delete. The user can also view a message's complete SMTP header as written by the mail servers.
The selective mail download technique doesn't prevent you from having to work with junk mail, but it does let you filter out countless viruses, worms, Trojan horses, and junk messages before they make it to your email client. It also lightens the load on desktop antivirus and spam-filtering solutions.
Check whether your email client software supports a selective mail download feature. If your client does, consider using the feature; if not, consider asking your email software vendor to add it.
Microsoft Security Strategies
Network security is at the forefront of everyone's minds. Microsoft has teamed with Avanade and Network Associates to bring you a full day of training to better help you secure your organization and keep it secure. The event is scheduled for April 8 in Phoenix.
If you haven't visited our Event Central Web site recently, check it out. You'll find information about this event and many others. Event Central provides a comprehensive listing of trade shows, conferences, and Web seminars targeted to the IT user.