Just got some nice digital ink on SanDiego.com.
Social Media Tips For Business Owners And Entrepreneurs (http://tinyurl.com/nhbwb8)
“Seek to understand before asking to be understood,” Golan said. “This is not going to be an overnight thing.”
I just had the following article published by Computer Technology Review:
Social Networking Lessons Can Catalyze E-mail
(http://tinyurl.com/computer-tech-review-20090512)
The popularity of social networking sites over the past decade has stemmed from the connectivity these sites afford users and the ability to coalesce around the commonality of a hobby, profession or past experience. However, their pervasive appeal in part can be attributed to the inherent security these sites offer (in the form of identity confirmation) that other mediums of communication don’t. Facebook, the originator, intervenes at the onset of every relationship to ask users to agree to communicate through its “friend request.” Without an agreement, the relationship doesn’t evolve and access is denied. The identity confirmation principle is critical because it affords users the means to control relationships, information and access.
Facebook owes its existence to e-mail, its electronic predecessor. Unlike today’s social networking sites, e-mail evolved when electronic connectivity was in its infancy and potential future ramifications were unknown. Without an understanding of what the future would hold (including potential for misuse), the early e-mail forefathers didn’t necessarily have a need to consider e-mail security within the initial model — a painful absence felt by any everyday user today. Add to this equation the fact that e-mail is now so ubiquitous and entrenched in today’s lifestyles that everyday functions grind to a halt in its absence, and it is clear that it’s time for e-mail to evolve to the level of its social networking counterparts.
E-Threats Worsen and Exact a Higher Price
A recent Google study estimates that 94 percent of all e-mail is spam. But worse than the annoyance of receiving one (or more) of the billions of spam messages sent daily, these e-mails include malicious components such as “worms,” “Trojans,” “bots” and other Internet “crimeware” and “scareware”. As new and innovative threats emerge, it’s clear that spammers are using increasingly advanced “business” models with the dual purpose of increasing their effectiveness and providing the needed subterfuge.
Today’s threats are also more resistant to conventional filtering efforts. One such hazard is location-based spam. As part of the social engineering threat vector, these threats yield greater success because they don’t originate through a readily-impactable ISP and are tag-resistant because of their benign language and content (the McColo crackdown, as large as it was, will soon seem amateur in comparison).
Location-based spam is tailored to the recipient’s geographic location — data that can be easily discovered from the IP addresses used by inbound e-mail servers. This enables spammers to use classic affinity fraud techniques and develop personally-relevant attacks. Fraudsters send targeted e-mails, with geographically-germane information, which elicits the desired higher click rate and transports recipients to fraudulent websites. There, spammers can put into play a variety of techniques, from infecting visitor’s computers via e-cards, to prompting the viewing of a virus-containing video of a purported local disaster and other ploys to exploit the unsuspecting. The ultimate objective is to collect personal information for later attacks and/or identity fraud. This more personalized spamming (or “spear phishing”) is relatively resistant to status quo filter methodologies because it contains pertinent information, is sent in small batches through “botnet” channels, and seems highly authentic.
On-Line Identity Confirmation Changes the Game
How then can IT administrators and end-users protect themselves from an antagonistic on-line environment? Identity confirmation, the central tenet of social networking, is the missing link in today’s hostile e-mail environment and the means by which to re-establish e-mail as a trusted communications tool.
The world has changed since the birth of e-mail and it’s no longer reasonable for end users to be electronically open to the universe: identity confirmation is necessary. In reality, social networking’s friend request has nothing to do with friends—it is an invitation to access, an opening of the security screen. Networking sites are so attuned to “access is key,” that they offer adaptable levels of entree, from varying access to the Wall, to the tweaking of privacy settings.
E-mail security solutions that leverage identity confirmation (using a method similar to the friend request of the social networking site) to secure the end-user’s inbox are able to provide organizations with more advanced levels of protection. As opposed to filter-based solutions that focus on scanning content, these solutions focus on the validity of contacts themselves to determine the legitimacy of an e-mail message.
The typical filter-based solution is only able to guess (be it an educated one or not) as to whether an e-mail message is spam or not. In addition, even if a message does not meet the traditional definition of “spam,” it isn’t necessarily a message the recipient would like to receive. Differentiating between wanted and unwanted messages is a task that filter-based solutions are unable to accomplish, but one that solutions focusing on the relationship between sender and recipient can. Ultimately, solutions that focus on the sender of a message allow users to create their own network of trusted contacts – once and for all putting the e-mail user in control of their inbox as opposed to the solution protecting it.
The Solution
Sendio’s E-mail Security Platform (ESP) is one example of a solution that focuses on the relationship between sender and recipient, as opposed to the content of a message to secure an organization’s e-mail infrastructure and restore trust in e-mail communications. Similar to the friend request utilized by popular social networking sites, the ESP utilizes a technology called Sender Address Verification (SAV), in conjunction with a number of other security technologies, to confirm senders as trusted e-mail sources and automatically build each e-mail user’s trusted network of contacts.
According to Gilbert Mendoza, IT Security Administrator at Pechanga Resort & Casino, California’s largest casino, based in Temecula, Pechanga implemented Sendio’s solution to address the huge amount of time his users were spending sorting through spam and looking for false positives. The “opt-in” component of the solution was the most compelling for Mendoza: “Sendio’s ESP works because it uses the right approach for attacking the problem of spam –Sender Address Verification (SAV) to prevent spam and the loss of ‘good’ e-mails that previously wound up in limbo.”
By believing that people, not filters, should choose who they interact with, Sendio guarantees delivery of all clean messages and protection from e-mail borne attacks. In today’s on-line risk environment, filter-based e-mail security solutions are no longer able to effectively address the threats e-mail servers and inboxes faces. Taking a lesson from its social networking counterpart, it is time for the e-mail paradigm to shift and adopt the security measures needed to catalyze e-mail to become the trusted tool users need.
I originally posted the following at CIO.com (http://tiny.cc/Pvz1g)
Last week McAfee, in conjunction with ICF International, published The Carbon Footprint of E-mail Spam Report, a report that details the “carbon footprint” of sending, receiving, and viewing spam. A novel new concept – the environmental impact of spam?
One of the most significant findings of the report was that nearly 80% of the energy consumed by spam comes “from end-users deleting spam and searching for legitimate e-mail (false positives).” The act of sending a spam message, consumes less than 1% of the GHG emissions associated with any given spam message – and the real “damage” so to speak is done once the spam message hits a user’s inbox (27% of GHG emissions are a result of false positives and 52% of emissions are a result of viewing spam).
I have to beg the question here, if the “damage” being caused is more or less in our hands (i.e. once the spam message reaches our inbox), is there such a thing as a “green” anti-spam solution we can implement to address the problem? Logic would say yes – anti-spam solutions that are able to eliminate false positives, and minimize the amount of spam end-users receive and view, are by course of reason and logic “green” solutions.
Here, lets explore the three criteria organizations can use to determine how “green” their anti-spam solution is: number of false-positives, spam messages viewed, and methodology used to stop spam.
False Positives
Twenty-seven percent of GHG emissions resulting from a typical spam message are the result of false positives. Anti-spam solutions that may block a high percentage of spam (98 or even 99%), but result in a high number of false positives, are usually more trouble than they are worth. While your end-users may not have spam in their inbox, the time spent searching for legitimate messages in a junk folder is costly in terms of lost productivity and environmental impact.
False positives are typically a problem that is inherently associated with filter-based anti-spam solutions – solutions that are built to avoid false-positives, and don’t rely on a “spam-filter” to scan the content of a message are more effective in addressing this “environmental” concern and time eater.
Spam Viewed
A staggering fifty-two percent of GHG emissions resulting from any given spam message are a result of viewing that piece of spam. This piece of criteria couldn’t be any simpler: the higher the spam stop-rate (i.e. 95, 96, 97 %) of your solution, the more environmental friendly it is. If your solution doesn’t allow spam messages to reach end-user’s inboxes, then your users aren’t spending time viewing or deleting these messages, and ultimately the GHG emissions associated with any one of these messages is eliminated.
Or, even better, select a solution that won’t allow spam through, period. Here, I’m sure to hear a resounding… “easier said than done!” However this point comes back to the methodology behind your solution and how it addresses the problem of spam.
Let’s discuss…
Solution Methodology
Sixteen percent of GHG emissions associated with a spam message can be traced back to the spam filter that worked to stop that spam message. Needless to say, without any anti-spam filter in place, emissions would increase dramatically in other areas (such as spam viewing), and any solution is better than none. However, some are better than others, and today organizations have a plethora of choices when it comes to selecting an anti-spam solution – and no longer need to rely on filter-based solutions to solve their spam problem.
Increasingly, organizations are moving away from “filter-based” solutions, to solutions that focus on the trustworthiness of the sender, not the content of the message. Although spam filters have gotten “better,” they still create an arms race – spammers are continually looking for new and innovative techniques to break or circumvent the filters and filtering companies are continually creating updates to combat these new attacks. This ping pong effect results in more spam, more management, and a problem that isn’t solved.
Sendio (for the enterprise), Earthlink, Spam Arrest, and Boxbe (for individuals) are all companies that have rolled out solutions that adopt an “Opt-in Model” to stop spam. Similar to many popular social networking sites, (such as Facebook and LinkedIn) these solutions utilize something similar to the “friend request,” allowing users to build their own network of trusted contacts instead of relying on a filter to determine what is and isn’t spam. By adopting an approach that puts users in control, organizations can truly address their spam problem – and totally eliminate false positives as well as spam viewed. To eliminate the time and carbon emissions associated with these two components eliminates nearly 80% of the carbon emissions associated with spam!
Ultimately, how environmentally friendly your anti-spam solution is, is directly correlated to how effective that solution is – and implementing anti-spam solutions that are highly effective, will be both good for business and for the environment.
Follow me on twitter: http://twitter.com/sendio & http://twitter.com/talgolan