Unintentional Spam Attacks

Despite all the precautions I've been taking to keep spam out of my email Inbox, I was singularly unsuccessful last weekend. One of my work email accounts, which is usually pretty quiet over the weekend, contained well over 100 messages on Monday morning, and more than two-thirds of these messages were clearly spam. What had happened? Had the spammers invented new tricks to get past the antispam tools and email software rules I had in place? Were these messages harbingers of a new wave of spamming tricks destined to bring Internet email to its knees?

Nothing quite so sinister: I was being drowned in a flood of informational messages from email security tools. The attack, though unintentional, was coming from within an enterprise that I occasionally work for.

Because multiple versions of the virus W32.Mimail are inundating the Internet, this company's internal IT department configured its antivirus firewall to catch infected messages. (I won't comment on the 30 or so infected messages that came through to me before the protection was put in place; good thing my own prophylactic measures are designed for just such an event.) The problem is that this process is designed to deal with only the occasional infected email message and is configured to alert the intended recipient of every infected message it catches. As a result, I received an alert message for every one of the infected email messages (more than 200 at last count) that were directed to the email address at my account.

Even that wouldn't have been too bad if the messages didn't all display the same useless information in the subject line, requiring me to scan each message down to the last line to determine whether the email was from a real sender whom I needed to contact about the infected message. Viruses that attach themselves to files are still floating around, and I receive a lot of spreadsheet and text documents in the course of my work. If someone's machine harbors a virus and is sending out infected Microsoft Word documents, I need to let the sender know. I can't simply ignore alert messages in my Inbox.

The messages in question were actually worse than typical spam because I had to read each one and therefore couldn't simply perform a bulk delete. I find it amazing that this particular antivirus software can identify viruses but can't be configured to recognize that viruses spoof the sender's email address and therefore no reason exists to send an alert to email recipients. If 3500 users are on a company's internal email infrastructure, antivirus software becomes a miniature Denial of Service (DoS) attack, cluttering knowledge workers' Inboxes with messages that require the users' attention but that shouldn't have been sent in the first place. If every user on this particular company's network received 10 percent of the infected messages I was sent, more than 70,000 extraneous email messages were generated across the network.

I'm not implying that in this case the cure was worse than the disease: Letting viruses loose within a network would have far greater consequences. But I think this situation highlights something that happens a lot in the IT world: A good idea is implemented but not thought through completely (i.e., blocking an infected message and sending a notification to the sender puts the onus on the sender to resend a clean message). Alerting recipients, particularly when we know that many viruses spoof sender addresses, can come back and bite you where you least expect it.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.