Let us look at the specific problems that are there with email (viruses, spam, worms and newsletter distribution), and then address each of them.
Viruses
To tackle viruses needs a multi-pronged approach. Anti-virus software is needed on the server, so that virus-infected emails do not get through to the mailbox. In case one is using a Windows desktop, it may also be necessary to have protection on the desktop. The use of email clients other than Microsofts Outlook can help in reducing the rapid propagation in case a computer gets infected (though it will not necessarily stop the computer from getting infected).
I have a radical solution: use a Linux window and client to check mail. Viruses focus specifically on vulnerabilities on the Microsoft platform, and most viruses seep in via email. While users need to be educated not to click on attachments, one mistake by one user is good enough to infect many. So, in oragnisations which have standardised on Windows desktops, the solution can be to run a Linux server separately for mail, and provide user access to the email client via an application like vnc (virtual network computer). This way, the entire email application runs on the server and in a Linux environment.
In my company, we use a combination of server-side anti-virus software with Linux thin clients (and Evolution for mail). Even when Linux-based viruses do come up, we can take solace in the fact that the open-source community will come up with solutions very quickly and the damage would be limited to a users home directory, thanks to the stringent permissions-based access on Linux.
Spam
For spam, the first solution is to use server-side anti-spam software. We use SpamAssassin internally. It marks all suspect mails with the word Spam in the Subject field, making it easy to use filters to move them to a separate folder, which can be checked occasionally for false positives. Users can also move unidentified spam software to a special folder, which helps the software to learn. This will be good enough for most users.
The second solution is to create filters to ensure that mail which does not have the users email ID in the To: or CC: field is automatically moved to a separate folder. One can of course make this rule less stringent for example, all email sent with the company domain should also be retained. Setting up filters is easy. Ideally, filters should be set up on the server, so they are independent of the mail client used.
In addition, users need to take precautions like not putting their email address on websites, and not replying to spam (which validates their email ID). Email addresses are precious and should be treated with great care. Over time, I think white lists are likely to become more common. Again, for most people, this will be more than good enough there will be a slight inconvenience when initiating a new conversation, but the time saved otherwise will more than make-up for the additional email that will need to be sent to validate the first email.
Tomorrow: My Solution Ideas (continued)
TECH TALK The Death and Rebirth of Email+T
