Choosing an Anti-Spam Solution March 10, 2008
Posted by charitysolutions in charities, charity computers, charity IT, General, Uncategorized.add a comment
In our last post we highlighted the need for an anti-spam solution for those organisations hosting their own mail server. In this post, we look at some of the options available, and some of the key things you need to take into account when choosing one for your orgainisation.
Anti-spam solutions can basically be broken down into two types – hosted and in-house.
Hosted solution
A hosted solution routes your mail to your chosen service provider who scans then delivers it your own mail server. Those wishing to contact you will do so via your usual email address and you continue to send email as normal. The only difference is that your anti-spam service will automatically check and process your email so that all you should receive is clean mail, free of spam and viruses. This will considerably cut down on the amount of mail that your mail server has to receive – and with up to 98% of all current emails being reported to be spam, that can make a considerable dent on the bandwidth you will need from your ISP.
Because a hosted solution provider is monitoring so many emails, it is best placed to see new spam trends developing and so is generally quickest to put new measures into place as new waves of spam arrive. It will also scan mail through multiple anti-virus solutions, from various vendors, so you can normally expect better protection.
Of course the best bit is you don’t have to worry about managing the spam yourself (also taking away the worry of added costs) – the anti-spam provider will assume these responsibilities on your behalf and, since you will normally be paying monthly or yearly for their services, it is in their best interest to make sure they do the job well!
In-House Solutions
An in-house solution is one that is installed at your own offices that you administer yourself (or get someone to do for you). The solution could be software-based (either one piece of central software that scans all emails – normally before they get to your mail server, or software that is installed on each person’s individual PC) or it can be a complete hardware “box” (containing its own software) that you plug into your network.
As in-house solutions require administering, you will need to take into account that managing the spam yourself will take time and may result in additional costs. Also, in-house systems must wait for updates to be released from the system’s manufacturer and so could be slower to be updated with the latest protection. Then there is human error, which means that there is the possibility that available updates and patches can go uninstalled.
But on the plus side, if you don’t need a complicated “bells and whistles” anti-spam solution, you may well be able to get an in-house solution cheaper than a hosted one. And, in time, you will have a much better idea of the type and level of spam that is coming into your organisation – and how to deal with it.
Do you need it to be customisable?
Depending on your specific needs, the level of customisation offered may be an important factor when choosing a solution. Some solutions (both hosted and in-house) are more customisable than others. For example, if your organisation’s area of working means that you receive legitimate messages containing on ‘spam-popular’ words (concerned with debt reduction or pharmaceutical names for example), you might ideally want to look for a solution that gives the ability to let emails containing words in those specific areas through rather than immediately label them as spam.
There are also solutions that allow more flexibility at user level – so that the spam protection for some email addresses can be set to be more or less sensitive than others. So it is wise to think whether your organizations areas of work or working methods mean that your requirements are not best covered by a “one size fits all” solution.
Whatever type of solution you choose, you do need to be aware that no anti-spam solution, whether hosted or in-house, will be 100% accurate. From time to time it is possible that a genuine email will be classified as spam, or that spam will sneak past the filter, so you will still need to check your quarantined spam area regularly – and if the solution you choose includes a simple way of doing this, it will make your life easier.
So, to summarise:
-
- Think about the emails your organisation receives and decide what level of customisation (if any) you are going to need from your anti-spam solution.
-
- Consider how much time and expertise you have within your organisation to administer an anti-spam solution.
-
- Work out the volume of email you receive and the proportion of the current total that is spam. If your ISP currently handles your mail, remember to factor in the additional bandwidth that will be taken up with spam when your ISP’s anti-spam protection is no longer in place – and any costs involved with that extra bandwidth. (Does your ISP charge you more if you go over a monthly limit?)
In the end, as with most things (particularly in IT!) it will probably come down to balancing the features you want or need with the budget and time you have at your disposal. But hopefully the information here will help you to make a more informed choice. And if you are still confused, leave a comment or contact us (details on the About Us page) and we will do our best to help.
Your First Mail Server – Where Did All That Spam Come From? March 3, 2008
Posted by charitysolutions in charities, charity computers, charity IT, General.add a comment
In our role helping charities and NFPs to grow and manage their IT solutions, we are often asked to supply and install an “in-house” mail server.
Most organisations start off with their mail being hosted by an Internet Service Provider (ISP) such as Demon, Yahoo or AOL, but as they grow, they often wish to host their own mail server in order to give them more features and greater control and flexibility.
When we are asked to help, one of the things we stress to them is the need for some form of anti-spam protection to work alongside their new server. This sometimes comes as a bit of a surprise – the organisation may not have been particularly bothered with spam up to this point – and we have to explain why it is necessary. In part one of our entries on this topic, we cover some of the key reasons for this confusion.
We haven’t had a big problem with spam up to now
When using ISP hosted mail your ISP normally does a lot of work behind the scenes to ensure the integrity of your inbox. This may include:
- - Cross checking email destined for your inbox against a blacklist (a database of spam-offending domain names or IP addresses)
- - Checking incoming mail is being sent from a valid domain
- - Checking any attachments for dangerous content (for example certain file extensions or filenames known to be potentially dangerous)
- - Scanning for viruses
You may not be aware any of this ‘cleansing’ is happening but when you switch to an in-house mail server, mail will come directly to you rather than via your ISP, so this “invisible cleaning” service that has been protecting you up to now (even if you didn’t know it) will no longer be there.
We never publicise our email addresses so how will anyone know what they are to send spam to them?
Firstly, since email is such a common method of communication, not publicising email addresses really isn’t an option for most charities and NFPs these days.
Although it is fair to say the posting of your email address on various websites can make you more susceptible to spam, keeping a low profile will not necessarily ensure immunity. Spammers can be relentless in their pursuit – and have a veritable arsenal of tools to automate their work and make their lives easier.
Once you have your own domain name, details of the domain are available all over the internet to anyone who knows where to look – and will be obvious from your website address (www. mycharityname.org). Most organizations have some form of standard convention for allocating email names – and the spammers know all the common names and possible variations!
A common ploy is to send emails to numerous target addresses with slight variations of names – for example johnsmith@example.com, john.smith@ mycharityname.org or john_smith@ mycharityname.org. By sending to all possible variations, a spam address gatherer can easily find out which email addresses are likely to be real and “live” by the inclusion of seemingly innocuous coding in the spam message (a link to an online image for example) that sends them an alert when opened. Even if all users are scrupulous in never opening a message from unknown senders (often difficult in itself, since you can’t afford to ignore the emails of potential new donors or recipients), phishing can make an email message appear as if it was sent from a trusted known source, enticing the recipient to open the email and thereby notifying the spammer of a real live address.
OK – spam is annoying, but anti-spam solutions cost money – can’t we live with it?
Most e-mail spam began life as a relatively benign, but annoying, method of email advertising. Nowadays, much spam email contains malware – malicious programs and coding designed to destroy or compromise the security of your computers. Spam has taken on a more sinister and destructive guise.
Phishing can make an email message appear as if it was sent from a trusted known source, luring unwary recipients to potentially give up sensitive information.
Also, you can’t assume you will only receive a few spam emails a day. News of your email addresses will move out through the “spammer” community incredibly quickly and the spam will start to arrive the moment they receive your email addresses. Current statistics indicate that 90-99% of all email these days is spam. So even if your organisation only receives one of two “real” emails a day, these statistics indicate that without any spam protection, you are going to have to look through up to 99 messages of spam to find each real message. Quite apart from having to put up with the rather dubious content in the spam messages, do your people really have time to do this – and the focus not to miss the “real” messages amongst all that spam?
Basically, if you are going to run your own mail server, you are going to need some form of anti-spam solution to, at minimum, save your inboxes being overrun with junk mail. More seriously, your anti-spam can help save you network from the influx of potentially damaging malware by scanning and selectively delivering only safe items.
So now how do you choose what kind of anti spam solution will be best for your needs and budget? We will cover this in next week’s blog – but if you can’t wait that long just contact us (details on the About Us page) and we will be more than happy to discuss the options available with you.
Choosing Your Charity Database – Selecting the Best Provider February 18, 2008
Posted by charitysolutions in charities, charity computers, charity database, charity IT, databases, Uncategorized.add a comment
Lets assume the ‘must have’ list of your priorities on what features you need (covered in our previous blog entries) has been reviewed and now agreed with all your colleagues. Now you are ready to buy a database for your charity or NFP.
It’s now time to find out exactly what the database providers are offering, and how well their products meet your needs and budget.
When choosing your database provider, here are some things to consider.
If any database provider blinds you with science and offers what they see as great must-have features, please “stick to your guns”. Compare your list of requirements against what the provider can offer, and don’t be persuaded away from your ideal specification. This way you will not end up paying for features that you will not use.
Ask to speak to some of their customers and find out what actual users think of the software and long-term support provided. But remember that the provider will probably only give you names of customers that will give a favourable report – so use your own discretion here!
Get a database provider to give you a demonstration of the software. A word of warning – find out how big a database the demonstration is based on, and the specification of the computer it is run on. If you have a larger number of records and will be running your database on a less powerful computer, your experience of the speed and power of the database might not be so impressive!
Do your research and it will pay dividends…. Search on-line forums. Network at charity events. By talking to similar organsiations you will be able to learn from their experiences and see what worked for them. And remember, word of mouth recommendations are worth their weight in gold.
Choosing your database provider is an important decision. Mistakes can be costly and time consuming. Some providers will be totally upfront about all features, and some won’t, but it is up to you to find out the true facts and to evaluate them against the specific needs of your organisation. Make sure you are confident that your final choice is the right one.
Post us a comment - we would appreciate your views and welcome any questions.
Choosing Your Charity Database – What Features Do You Need? February 11, 2008
Posted by charitysolutions in charities, charity computers, charity database, charity IT, databases, Uncategorized.add a comment
Choosing a new database can be confusing – particularly if you are not an IT or database expert. You need to be confident that you can balance the needs of your organisation with the right database features and costs.
But having to look at and compare different software can be a mind-numbing experience and also very time consuming if you are not sure what to look for.
Here’s a simple route map to help you navigate through this IT minefield. Start with a big list of all the features you think you and your colleagues might need, want or like on your database system for example:
-
Do you need to record fund raising results? If so, in what kind of detail?
-
Does it need to integrate with other programs (e.g. Word or Excel)?
-
Does it need to include Gift Aid processing?
-
Do you need a full audit trail for all donations and transactions?
It may sound obvious, but you will need to carefully consider who will be using the system.
Do you have a small set of full time people who will be using the system all the time and so will become familiar with a complex system? Or will you be staffed by volunteers who will only use it one day a week in which case a simple intuitive system that is easy to use will be an essential requirement to add to your list.
A good help file and good documentation could also be a big help, but realistically will your users really look at them?
So now you have your list, you will need to review and “grade” how important each feature really is to your organization. Sort them into:
-
- Must have features.
-
- Should have features.
-
- Nice to have but not essential.
Review your list with your colleagues and gauge whether your views match theirs. For instance a Finance Manager might feel Gift Aid processing is the most important thing, but a Fund Raising Manager might want more extensive features on campaign management.
A word of caution… It’s easy to be impressed with super features that, in reality, won’t really be of much use for your specific needs. So be honest with your own evaluation!
Then when you and your colleagues are all agreed, it’s time to go out and look at what the database providers can offer. We will talk about this next time.
Hope this post has been useful. Please continue sending us your comments and questions and we will try and include them in future posts. Just post a comment below or send an email to sales@charitysolutions.co.uk.
