IT for Charities & NFPs

In our role helping charities and NFPs to grow and manage their IT solutions, we are often asked to supply and install an “in-house” mail server.

Most organisations start off with their mail being hosted by an Internet Service Provider (ISP) such as Demon, Yahoo or AOL, but as they grow, they often wish to host their own mail server in order to give them more features and greater control and flexibility.

When we are asked to help, one of the things we stress to them is the need for some form of anti-spam protection to work alongside their new server. This sometimes comes as a bit of a surprise – the organisation may not have been particularly bothered with spam up to this point – and we have to explain why it is necessary. In part one of our entries on this topic, we cover some of the key reasons for this confusion.

We haven’t had a big problem with spam up to now

When using ISP hosted mail your ISP normally does a lot of work behind the scenes to ensure the integrity of your inbox. This may include:

• - Cross checking email destined for your inbox against a blacklist (a database of spam-offending domain names or IP addresses)
• - Checking incoming mail is being sent from a valid domain
• - Checking any attachments for dangerous content (for example certain file extensions or filenames known to be potentially dangerous)
• - Scanning for viruses

You may not be aware any of this ‘cleansing’ is happening but when you switch to an in-house mail server, mail will come directly to you rather than via your ISP, so this “invisible cleaning” service that has been protecting you up to now (even if you didn’t know it) will no longer be there.

We never publicise our email addresses so how will anyone know what they are to send spam to them?

Firstly, since email is such a common method of communication, not publicising email addresses really isn’t an option for most charities and NFPs these days.

Although it is fair to say the posting of your email address on various websites can make you more susceptible to spam, keeping a low profile will not necessarily ensure immunity. Spammers can be relentless in their pursuit – and have a veritable arsenal of tools to automate their work and make their lives easier.

Once you have your own domain name, details of the domain are available all over the internet to anyone who knows where to look – and will be obvious from your website address (www. mycharityname.org). Most organizations have some form of standard convention for allocating email names – and the spammers know all the common names and possible variations!

A common ploy is to send emails to numerous target addresses with slight variations of names – for example johnsmith@example.com, john.smith@ mycharityname.org or john_smith@ mycharityname.org. By sending to all possible variations, a spam address gatherer can easily find out which email addresses are likely to be real and “live” by the inclusion of seemingly innocuous coding in the spam message (a link to an online image for example) that sends them an alert when opened. Even if all users are scrupulous in never opening a message from unknown senders (often difficult in itself, since you can’t afford to ignore the emails of potential new donors or recipients), phishing can make an email message appear as if it was sent from a trusted known source, enticing the recipient to open the email and thereby notifying the spammer of a real live address.

OK – spam is annoying, but anti-spam solutions cost money – can’t we live with it?

Most e-mail spam began life as a relatively benign, but annoying, method of email advertising. Nowadays, much spam email contains malware – malicious programs and coding designed to destroy or compromise the security of your computers. Spam has taken on a more sinister and destructive guise.

Phishing can make an email message appear as if it was sent from a trusted known source, luring unwary recipients to potentially give up sensitive information.

Also, you can’t assume you will only receive a few spam emails a day. News of your email addresses will move out through the “spammer” community incredibly quickly and the spam will start to arrive the moment they receive your email addresses. Current statistics indicate that 90-99% of all email these days is spam. So even if your organisation only receives one of two “real” emails a day, these statistics indicate that without any spam protection, you are going to have to look through up to 99 messages of spam to find each real message. Quite apart from having to put up with the rather dubious content in the spam messages, do your people really have time to do this – and the focus not to miss the “real” messages amongst all that spam?

Basically, if you are going to run your own mail server, you are going to need some form of anti-spam solution to, at minimum, save your inboxes being overrun with junk mail. More seriously, your anti-spam can help save you network from the influx of potentially damaging malware by scanning and selectively delivering only safe items.

So now how do you choose what kind of anti spam solution will be best for your needs and budget? We will cover this in next week’s blog – but if you can’t wait that long just contact us (details on the About Us page) and we will be more than happy to discuss the options available with you.