August 12, 2003

TODAY'S HEADLINES -

** Avoid the spammer label
** Tech Quiz
** Initiate a continous ping
** Thin clients can aid in HIPAA compliance
** Antispam services: Analyze their focus, expertise, and breadth of view
** MSBlast worm to launch Microsoft attack
----------------------------------------------------

Avoid the spammer label
by Tim Landgrave

There's only one thing worse than being put through an audit by the Internal Revenue Service—trying to get your company's e-mail server removed from the AOL blacklist. In its zealousness to protect its users from spam, AOL has implemented a set of rules that block e-mail servers that it perceives to be sending a large number of unsolicited letters to its subscribers. Other services (MSN, Yahoo, and many larger ISPs) have similar policies, but getting on the AOL blacklist is easier and getting off is considerably harder. I'll look at some of the difficulties encountered by companies using e-mail as a marketing tool and how you can help your organization build an effective marketing system.

Accidental spamming
It's not that difficult for your employees to get your company's e-mail servers labeled as spam servers. One of my clients found out the hard way. An enterprising young administrative assistant in one of the company's product groups decided that it would be a good idea to send out a newsletter to a large number of customers. Without consulting his IS organization, he collected the e-mail addresses of several hundred of the company’s customers and put together a series of e-mail messages in which he included this large list of e-mail addresses in the BCC address line of the e-mail.

After he began sending out the e-mails, he noticed that e-mail addresses were bouncing because they were nondeliverable. These were easy to deal with—he just removed them from his list. Then he noticed that all of his e-mail to AOL.com began bouncing. About this time, other users in the organization began noticing that all of their mail to customers with AOL accounts was also being rejected by AOL servers.

When the IS team looked into the AOL account problem, they discovered that AOL had put their e-mail servers on the internal blacklist. Any e-mail sent from their e-mail server was automatically being blocked because it was assumed to be spam. It took 60 days and several phone calls for the client to convince AOL that this was the work of a rogue employee and not an organizational policy to spam its customers. Once removed from the list, the company went on a mission to implement policies and systems that would allow for legitimate e-mail use but keep it from being blacklisted from other e-mail systems.

What constitutes spam?
From an ISP's perspective, spam can take many forms. Although most ISPs don't publish their rules for blacklisting servers (to stay ahead of the professional spammers), it's generally understood that two things can get you in trouble quickly. The first is having more than about 10 e-mail addresses to the same domain on the BCC line. It's common courtesy not to include a person's e-mail address on the TO or CC line of an e-mail message unless all of the people listed have a reason to know each other's e-mail address. The recipient of an e-mail message can easily retrieve other people’s e-mail addresses and save them from either of these address lines. But putting all of the e-mail addresses on the BCC line may also get you in trouble with the spam detection engines of large ISPs.

You can also be labeled as a spammer by sending out a large number of e-mail messages to the same domain in a very short period of time. At first glance, this seems difficult for an individual to do. But technology allows creative individuals to simulate large, simultaneous mailings. Microsoft Outlook allows you to schedule an e-mail to go out at a specific date or time. If you create a large number of individual messages and set the same date and time for the messages to be sent, a receiving e-mail server may conclude that this blast of e-mail is coming from a spammer. If you're developing internal systems that automate the e-mail marketing process, you also have to be aware of the ramifications of sending out a large number of e-mail messages in a short period of time.

Using e-mail as a marketing tool
It's much more important to consider your customers' opinion of your use of e-mail than whether your ISP considers it spam. Make sure everyone in your organization understands that bulk electronic mailings have to follow two key rules. First, you should not send e-mail to any company or individual with whom you don't have a prior business relationship. In fact, to protect yourself, you should consider having your customers opt-in to a mailing list from your Web site or through a standard postal mailer before sending them any e-mail. Second, any e-mail that you send in bulk should have instructions (typically a Web link) for removal from the bulk mail list.

E-mail can be a highly profitable tool with which you can both provide customer service and sell additional products to your existing customer base. Provide bulk electronic mailing services for your employees before they take it on themselves to create their own. By providing an internal service (or contracting for an external one) that provides these services, you can send marketing e-mail to your customers without risking the loss of legitimate e-mail services for other employees.

Tech Quiz
---------------------------------------------------------------

How long does a password need to be before it becomes uncrackable?

Answer: No password is uncrackable. With enough time and resources all passwords can be cracked.

Tech Tip
---------------------------------------------------------------

Initiate a continuous Ping operation
Windows XP's Ping command-line utility helps verify IP connectivity to another computer or device on a TCP/IP network. When you issue the Ping command, it attempts to connect to the target device four times, and then it terminates.

In many troubleshooting situations, pinging the target device four times isn't enough. You may find yourself issuing the Ping command multiple times, which is time-consuming and frustrating.

However, the Ping command provides you with a parameter that configures the command to continuously ping the target device until you manually terminate the operation:

Ping -t xxx.xxx.xxx.xxx

In this command, xxx.xxx.xxx.xxx is the IP address of the target device.

To temporarily interrupt a continuous Ping operation and display the statistics, press [Ctrl][Break]. To completely terminate a Ping operation, press [Ctrl]C.

OTHER TECH INDUSTRY NEWS
----------------------------------------------------------------

Thin clients can aid in HIPAA compliance
Compliance with the Health Insurance Portability and Accountability Act (HIPAA) is becoming a major headache for corporations involved in the medical field. HIPAA regulations demand that patient data be kept secure and up to date. One way companies are making it easier to comply with HIPAA regulations is by deploying thin clients instead of traditional PCs.

Antispam services: Analyze their focus, expertise, and breadth of view
Spam fighting can seem impossible. It's difficult to tell, by looking at a single message, whether it is legitimate. As Gartner points out, services that deal with millions of messages daily have the breadth of view to see what's going on.

MSBlast worm to launch Microsoft attack
Security experts have discovered that the MSBlast worm, which exploits the most widespread Windows flaw ever documented, also contains a time bomb designed to launch a denial of service assault on Microsoft itself. On Aug. 16, the worm is programmed to attack Microsoft's Windows Update, the Web site where Windows users can download security patches and software updates.

---------------------------------------------------

To access previous newsletters, go to http://www.veemost.com/newsletter.htm

---------------------------------------------------

WHEN YOUR NETWORK IS TOAST, CALL VEEMOST

We have risen to the task many times. We can help you get your network back to normal. Save yourself some time, we are just a phone call away.

Call VeeMost at 330-928-1100 or 1-877-VeeMost