Virginia county fries spam with heuristic software
- By Trudy Walsh
- Jul 23, 2003
Arlington County, Va., officials didn't think they had much of a spam problem, or at least nothing out of the ordinary.
Sure, they got their share of e-mail from members of a distinguished but exiled Nigerian family. They saw plenty of messages offering low-cost ink-jet printer supplies and painless ways to consolidate credit card debt. But nobody was walking the halls complaining about spam, said David Jordan, the county's chief information security officer.
Last November, Jordan and his team decided it was time to assess the spam situation. They set up a tutorial about spam on the county's intranet instructing 3,500 employees to forward bothersome messages to [email protected]
. An audio file of the Monty Python song, 'Lovely spam, wonderful spam!' greeted visitors to the site.
Hundreds of spam e-mail messages began pouring in from employees. The office used the e-mail to create a blacklist of 4,000 keywords for the county's Novell GroupWise
It turned out that the county did have a significant spam problem: about 5,000 messages a day, Jordan said. But because the spam was spread out among 3,500 employees, it hadn't been too noticeable.
The county installed Symantec AntiVirus for SMTP Gateways 3.1 from Symantec Corp. of Cupertino, Calif., between the county's firewall and e-mail server. Written in C++, AntiVirus for Simple Mail Transfer Protocol software runs under Microsoft Windows and Sun Solaris.Meat of the problem
It uses heuristic detection to stop viruses, worms and spam, said Chris Miller, a Symantec product manager. That means learning to judge the probability of bad versus good messages, or as Miller said, 'spam or ham.'
An organization can't solve its spam problem with an algorithm or engine, Miller said.
'You can only keep it under control,' he said. People are looking at fighting spam more as 'e-mail hygiene. The threats are blending. Spam now is used as a delivery mechanism for Trojan horses, malicious code and viruses.'
The combination of the Symantec software and the keyword filter is catching 130,000 to 140,000 spam messages each month'around one-quarter of the e-mail traffic. 'That's a lot of spam for the second-smallest county in the United States,' Jordan said.
He has another weapon in his arsenal against spammers. In April, Virginia Gov. Mark R. Warner signed a bill that makes it a felony to send high-volume unsolicited bulk e-mail. Jordan now notifies spammers of the state's antispam legislation and the possibility of a seven-year prison sentence.
The Internet is an important part of how people communicate now, and 'we want to filter out all these negative aspects,' he said. 'We don't want people to stop using it.'
County employees are pleased, he added. 'We get letters of appreciation from employees who say, 'Oh, I'm so glad I'm not getting that junk anymore.' '
Trudy Walsh is a senior writer for GCN.