Home PageJTM Services - Hosting, Design, Maintenance, Email Services...JTM Website Design - Hosting, Unique Designs, Maintenance...JTM Hosting - UNIX, IIS...JTM Web Tools - Sites to know about - & Toys - To enhance your site...JTM FAQsAbout UsClient Referral ProgramVisit Jake - The "Boss"Contact Us - Address, phone, email...

March 2005

Hello Everyone,

It's March, and almost Spring. We are all looking forward to an end to the cold weather.

We have received several warnings over the past 2 months from US-CERT Technical Cyber Security Alert about current and future email attacks. We would like to go over some items to inform our clients what these alerts and warnings mean.

1. First, you should always be running current anti-virus software on your computers. This is a MUST. While we check every email against at least two anti-virus systems there are other ways for you to get a virus.
2. To protect your network, you should be running either a network firewall or personal firewalls on your computers. This has become more of a need as attackers can hack your computers without sending email. Email is only part of the problem. ZoneAlarm is a Free personal firewall you could use if you need one. Windows XP, with all current updates installed provides a personal firewall, but you must set it up.
3. At least once a month, do a Windows Update. This will make sure that the latest security upgrades are installed on your computer for safety. This is the only way you will be up-to-date on the latest fixes from Microsoft. If you are running another OS, make sure you keep up-to-date with it also through whatever mechanism is provided.
4. You should check your computers periodically for Ad Ware. Ad Ware are programs hackers and advertisers put on your machine without your knowledge. These programs can be used by the intruder to send out spam emails, open back doors to your machine for future attacks and attack other computers on the Internet from your machine. 2 FREE Ad-Ware removal tools you can use are Spybot - Search and Destroy and Ad-aware.
5. The new SPF records are not doing much to help the Spam situation. According to our logs, only about 2% of spam's were actually stopped through the SPF system.
6. The Spammer's have come up with some new schemes. This is why we implemented SMTP AUTH on our anti-spam servers. This is an attempt to stop a very nasty scheme that allows spammers to use ISP email systems to send their junk. SMTP AUTH stops this particular hack and provides much better security for your email account.
7. Cert, as well as many others in the industry, are predicting email outages and email server overloads for the next several months due to the increase in Spam activity. We are currently receiving 97.4% of all email traffic as Spam.

While this is an insane amount of junk traffic, and causes problems for us as well as clients, we are being as pro-active as possible to these threats, and will strive to provide reliable email services to our clients. We are stopping over 500,000 spam's every week, but we know alot still get through. In talking with other ISPs, we are not alone in this. Everyone I talked to said that spam was their number on issue, and an issue that no one has found a 100% solution too.
8. As these new Spamming techniques hit the Internet, our old defenses against spam such as Spam Assassin, white and black lists and Bayesian filters are not doing a good job of stopping all the spam. The only mechanism we have found to truly deal with the spam problem is with challenge-response. (Ed. Note - Zaep was previously offered by JTM. March 2007 the mail server was changed.)
9. The extra load all of this spam is placing on our servers is large, and at times during the day, the email servers may respond slowly. If you receive an error when checking your email or sending an email, please just try it again in a minute or so. The slow downs never last more than several seconds. We have already thrown more CPU and memory at the processes, but every once in a while, the maximum load can be reached.
10. Backup - with all of these possible attacks to your systems, you need to have a bullet proof backup strategy. If you do not trust your current backup procedures, check out http://www.Autobak.com. This is an online, fully automated backup system that stores your valuable information on our AutoBak servers at our network operations center in an encrypted state for security. Your information is available to your 24/7 in the event of a crashed machine or lost documents.
11. Here is something to think about. According to studies, a brand new computer with Windows XP placed on a broadband Internet connection with no protection will be attacked and compromised within 5 minutes.

The above recommendations are not to scare anyone, just common sense steps you need to take to make sure you are safe on the 'Net in today's world.

Have a Great Spring!

Copyright © 1995-2008. JTM MultiMedia, Inc. All Rights Reserved.