SPAM Defences – The Four Layer Defence Model

Nigel’s back soon – so my last blog here for a while will be on what I call the four layer defence model to spam.

The four layer defence model involves using:-

1.A web-mail address

2.An external mail checking agency

3.A spam filter on the message server

4.A spam filter on the messaging client

Using a web-mail address

This is essential for all those free offers that you’re interested in and if any of you sign up to slightly risqué sites then this is also a good email address to give out. Use this email address for anyone you would like to communicate with but don’t yet know or trust fully. It may be that you have several of these free web mail addresses.

For example a yahoo mail address for free offers. A hotmail mail address for new people you meet and so on. When you have built up a level of trust over time you can then give the senders your corporate or in-house email address.

Using an external agency

An external agency will pre-filter the majority of spam for you. An example of an external agency would be someone like MessageLabs who boast a 95% spam capture rate with 1/250000 false positives. This in turn will cause less of a strain on your own spam defences which would also have less to learn during the training period if you are using a Bayesian filter.

Using a Spam Filter on your Message Servers

If you also which to host your own email, you cannot just rely on the external agency to filter out all spam. So a spam filter on your message servers is a must and combined with the systems used by the external agency is likely to eliminate practically all spam.

Client Side Spam Defences

Most modern email clients such as outlook actually come with built in filters for junk mail – so why not use them. In addition the users can also use the white list and black list facilities. In other words your users can set their clients up to only accept email from specific people – all the others they will have given their web-mail address to.

This of course can be a pain in terms of inputting all the valid email addresses and on client-side processing as all incoming email will have to be compared against the list but at least you will have eliminated all spam.

Will this be totally effective – well it can be – even when a trusted person inadvertently gives out your email address as the client side is now configured to only accept email from specific people.