Tips for SME on Handling Spam Emails
SMEs can implement a variety of methods to reduce the amount of incoming spam, such as protecting company email addresses, using filtering software and adopting well-defined security measures for employee workstations and email servers.
Establish and enforce clear information security policies, and educate staff not to respond to spam emails. By responding to spam emails, employees are actually confirming their company email address as a valid address to spammers.
Restrict the use of office email addresses for personal messages or participation in newsgroup or chat rooms by employees.
Use a web-based contact form on the company website. Ensure that site visitors use the form to contact the company, instead of via a company email address that may be vulnerable to spam harvesting.
If you need to publish a business email address on your site, consider writing it in a way that makes harvesting by spammers more difficult. For example, write the email address as "info[at]xyz.com.hk" instead of "email@example.com", and consider adding a statement stating that the company does not wish to receive unsolicited emails, such as "No spam, please".
Use anti-malware software and solutions to filter spam emails and malware-infected emails.
Install email filter software at the server level if your company has its own email server. Filtering software can screen incoming messages before they are delivered to staff.
If your company uses a web-based email service from an ISP, they may provide you with a number anti-spam settings. To reduce the risk of mistakenly blocking non-spam messages, also consider adding a holding folder to the filtering system, so that messages can be reviewed before deletion.
Adopt good security measures such as server hardening to protect your email server and web server from being hacked and used by third parties to send spam emails.