Earlier in Security Levity, I argued that you should block outbound spam, because otherwise your legitimate email may go unread. Here's another reason why you should control outbound spam. As I'll explain in this post, it isn't only a question of preventing spam or protecting your email reputation -- outbound spam can be a sign of far more damaging problems...
A good outbound spam filter can also detect where the spam sending attempts are coming from; it allows you to fix them. The main spam sources within your network will be compromised email accounts and malware-infected PCs. Let's quickly review these two sources and then talk about why outbound spam is like the canary in the coalmine.
As I described before, spammers can steal existing accounts by tricking end-users into providing their email usernames and passwords. Also, PCs infected with malware often send spam as part of a botnet. This can happen even if you have malware protection on your PCs, thanks to certain "ingenious" users.
If a PC is under the control of a malicious 3rd party, you may have other problems such as...
- theft of intellectual property,
- theft of customer records,
- fraudulent use of corporate online banking,
- and even employee blackmail.
Once you have malware on a PC, the data on it is no longer private and it's no longer "your" machine. It's often able to authenticate and act as if it were a trusted user.
Is that a frightening prospect? It should be.
That's why it's important to immediately trace compromised PCs and get them off the network to clean them. This is isn't just about spam: the spam is a symptom of a more serious problem.
And what about compromised email accounts? Some or all of these problems exist here too. Firstly, some of your private data will be stored in email. And second, email is often used as a password recovery mechanism, so it's a way for bad actors to get into your other systems.
How good is your outbound spam protection?
I want to make this an interactive place: where I can answer questions and cover topics that you suggest. Feel free to add comments and ask Amir!