Friday, November 16, 2007

Spam I am

Please read this post by John Halamka about fighting spam in the hospital. Here's a tidbit to get you to read more:

At BIDMC, we receive an average of 886,674 emails every day from the internet. We deliver 57,103 of these, meaning that 829,751 of these are spam.


Anonymous said...

For Spam I am, you get a gold star.

I have learned not to use the V word when I write to my GYN. I don't like to use patient site for e-mails for a few reasons so I e-mail from my own address. V word e-mails don't get through from there.

Rob said...

The current email model is trust-based. It assumed that the good scientists and academics who would be using it when it was invented wouldn't be trying to phish a credit card number.

This is what happens when engineers develop something in a dark room away from reality. Alas.

Fraudsters need anonymity, and that's email's soft underbelly. You don't have to prove who you are to send an email, and you can, in fact, say you're anyone.

Maybe some day there will be a certified kind of email. But not today. Not yet. Arg.

Anonymous said...

That was an interesting post indeed.

Since John doesn't allow anonymous comments, I'll mention here that spam is a huge, professionally run business whose computational infrastructure is largely infected home and business PCs. Viruses and malicious code on websites infect computers as they are used for legitmate purposes, and then the infected computers are used as a group (called a botnet) for a number of illicit activities, most prominently the sending of spam email. So in addition to filtering technologies, large organizations can help reduce spam in the long term by teaching their employees to practice good computer hygiene -- don't open attachments you don't expect (even from people you know). When you can (which is most of the time), use a web browser that is not Internet Explorer (since most of the browser-based exploits currently target explorer) -- Firefox is a good free choice. It's not enough just to restrict your browsing to "reputable" sites since many many household-name type websites have hosted malicious code that infected browsers via ads they serve. (basically advertising companies serve ads embedded on web pages, and by the time you get five or six contracts deep in who is providing the ads, you can end up with ads that come with a malicious payload). Turning off scripting (java, javascript) by default and turning them on only when you need them also helps (not to mention that seeing that one webpage you are viewing has a list of 18 different websites that want to run scripts in your browser is quite an eye-opening experience).

Antivirus products are important and helpful, but even the most prominent ones are estimated to miss more than half of currently available malicious software. So antivirus software alone is not sufficient (just like the fact that antibiotics are available is no substitute for washing your hands frequently).

The bottom line is, the compromised computers of your customers and employees at home, and computers at your educational institution partners and business partners are all part of the network that generates and distributes spam email.

Finally, man, you guys are lucky -- my 16 FTE university Internet research group gets more than 18,000 spam emails a day, which I would guess is significantly higher than what y'all are getting (we'd equal your 886,000 if we had 800 employees, and I'd guess you have many more than that!)

Anonymous said...

Thanks very much, anon.