Category: Virtual IT Director

The Black Art of SPAM Prevention

Most organisations today categorise email as mission-critical to their business, and so the ability to reliably send and receive emails receives a lot of attention from us. However, as we are all aware, the amount of junk mail – ‘SPAM’ – received is a continuing annoyance.

A quick check of our servers shows that over the past three months, a massive 53% (of nearly 1/2 million emails) of all emails received were suspect. Now obviously it would be great if we could simply block such messages, but detection of SPAM is more a black art than a defined science, and so SPAM filters must be continually adjusted and refined to ensure all real/valid emails get through (zero false-positives) while all SPAM is blocked. We could simply turn off SPAM filters, but generally this would result in 50% extra emails reaching each users’ inbox – a situation no user wants to contemplate.

Breakdown of the 53% Suspect Emails

Breaking down the above 53% shows that:

2% of all emails contain malware – Viruses, Trojans etc – we definitely do not want these passed through.
31% of all emails are from known spammers – we want these blocked automatically, but as some users want to see some of these, we need to provide a mechanism whereby they can be retrieved.
20% of all emails are where we have to be somewhat creative and apply our black-art talents to separating the wheat from the chaff, and it’s this 20% that seems to cause the most questions and mis-deliveries.

How to determine the validity of incoming email?

So what ‘black arts’ do we employ to determine the validity of this 20% (90,000) of messages? Essentially, each and every message is tested and given a Spam Confidence Level (SCL) score, and when it gets above a defined level, it is tagged as SPAM. Virtually all anti-SPAM solutions – whether in-house, or in-cloud, software-based or appliance-based – employ some or more of the following checks:

Reputation of Sender:
1. Is the sending server on a blacklist? This occurs when a recipient reports receiving SPAM from a server, and is placed on one or more of the 100+ blacklisting organisations.
2. Is the sending server properly set up with a fixed address – determined by whether it has a Reverse-DNS (RDNS) entry. (Spammers will use arbitrary/impermanent servers).
3. Does the sending organisation designate approved sending servers – via the Sender Policy Framework (SPF) stipulated in DNS
Message Content:
1. Does the message subject or content contain known SPAM-like words – such as ‘Drugs’, ‘Viagra’ and so on.
2. Does the message contain multiple languages, such as combined English & Chinese?
Message Distribution:
1. How many recipients is the message sent to? More than a handful generally means the message is more likely to be Unsolicited Commercial Email (UCE).
User Overrides:
1. Has a given user either black-listed or white-listed a particular address?
2. has a given user chosen to be more or less aggressive in their application of the above checks?

How to ensure that emails we send get read?

I trust from the above readers can get an idea of the issues we face in categorizing SPAM for delivery, and I trust that readers will also see that it’s very much an imperfect ‘guesstimation’ at best, and there is little as recipients we can do to more accurately qualify messages. But what should we do to ensure that messages we send get the highest possible chance to be delivered?

We MUST have adequate malware protection for inbound emails, and ideally also scan outbound emails for malware to ensure we do not compromise our message recipients.
We must properly designate and authenticate our outbound servers – via RDNS, SPF – and ensure all mails from our domain are sent only from these servers. This may not be just your corporate email server: – we must also check any other servers that send emails on behalf of our domain: -for example if our website sends emails, then it must also be properly designated and authenticated.
We must regularly check that our sending servers have not been blacklisted.
If we regularly need to send messages to more than a handful of recipients, we should consider using a third-party service rather than send such ‘mail-blasts’ through our own servers – which reduces the likelihood of getting our servers blacklisted.
If we send Unsolicited Commercial Email (UCE) as a Singapore organisation, we must ensure the subject line contains <ADV> and we must provide (and act on) an unscubscribe link – to ensure we comply with legislation, or otherwise face the risk of legal action against us.

If you would like to discuss this issue and what it means for your business, please get in touch. Since inception in 1996, PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.

Servicing businesses from 10 to up to 200 employees, our clients range from local SMEs through to regional offices of larger MNCs, and include airlines.

At PASR Technologies, we solve your IT problems before you even realize you have one!

The Qualities Of A Trusted Advisor

There is a lot of talk in consulting circles about the need for IT services providers to move beyond being excellent technicians and become trusted advisors.

So what does this mean in practise?

Business owners of companies with under 200 staff do not have access/budget to have an IT Director. However, by employing the services of a virtual IT director who acts as a Trusted Advisor the business owner can receive timely and appropriate advice for their business situation.

In this context, the virtual IT director will meet formally with the business owner on a regular basis to discuss strategy concerning technology platform and direction. The major benefit of this is that the business owner thus does not need to be IT-literate to make informed decisions about how to use IT to the best advantage in the business.

The alternative – and usual route for so many business owners – is to rely on one-off consultants and vendors who have the obvious agenda of wanting to push and sell their own products/services.

So what’s special about a Trusted Advisor?

Jason Haddock in his excellent blog “What does it mean to be a trusted advisor?” makes the excellent point that what lies at the heart of building a trusted relationship is TRUST!

In Mick Cope’s book, “The Seven C’s of Consulting” he outlines a great acronym for trust:

Truthful
Responsive
Uniform
Safe
Technically Competent

According to a recent survey: first and foremost they are great communicators – “they communicate the invisible well”. They must also display superior creativity in “listening to client issues and creating a solution strategy that clearly shows how it solves the problem quickly and thoroughly”.

Another key quality is the ability to seize the initiative, Trusted Advisors “take ownership of the client more, whereas average performers take ownership of the problem”.

Putting the client first is another key attribute: “always seeking ways to provide a greater value to the customer.”

What Separates Trusted Advisors from Everybody Else?

Jim Alexander is founder of Alexander Consulting and he has conducted research with 80 senior executives to provide some direction in learning how trusted advisors act differently from others holding the same job description. Figure 1 below shows the seven most important categories of responses from 80 executives regarding the key behavioral differences between these trusted advisors and everybody else.

What Does a Trusted Advisor Look Like?

As Jim Alexander says, the term “trusted advisor” is such a catchy phrase, but how do you really know one when you see one? He suggests that you can recognize trusted advisors by these

characteristics:

Clients ask for them by name
They are sought out for advice that goes beyond their described expertise.
They maintain relationships that aren’t just technical.
They have such strong personal brands that outsiders seek them out for speaking engagements, writing articles, or special projects.

Read the full report: What Trusted Advisors Do That Others Don’t

How Can PASR Help You As A Business Owner?

Peter Rigbye is the Managing Director of PASR and acts as a Virtual IT Director for many of PASR’s clients. Peter says:

“With 38 years in the IT industry, from supply, to service management, to service consumption, and with the prior 14 years in a banking environment, I am well aware of the issues that businesses face in operating, securing and protecting their IT assets. Specifically:

I diagnose your root causes rather than just fixing the problems as reported!

I specialise in solving IT issues for SME business owners… once and for all!”

If you would like to discuss this, PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.

Servicing businesses from 10 to up to 200 employees, our clients range from local SMEs through to regional offices of larger MNCs, and include airlines.

At PASR Technologies, we solve your IT problems before you even realize you have one!

The 8 Big Recurring IT Issues For SMEs

As a SME business specialist we have been providing outsourced IT support services to SMEs and growing businesses in APAC since 1996.

Over this time we regularly come across the same, repeated concerns facing SME management. Regardless of business sector, the same challenges continue to crop up.

Here, in priority order, is my list of the 8 biggest issues together with the impacts on the SME management.

How many of the following do you grapple with?

Continue reading The 8 Big Recurring IT Issues For SMEs

The title