Anti-Spam

No-one likes receiving spam and other unwanted electronic messages. They clutter our mailboxes, consume server processing, storage, network bandwidth, and require time to review, recognize, and delete. All of this costs money

What We Have Done

In response to this problem we have already implemented several significant improvements. All incoming email from the Internet currently is handled by the Exchange Server 2010 built-in junk-mail and anti-spam systems. You can adjust your settings using the built in junk-mail tools to designate specific types of messages as spam. They will be automatically routed into your Junk Mailbox for review as needed.

Earlier this year we have implemented several significant changes to counter the growing spam problem.

First, we have retired the legacy f.last@mybctllc.com domain and email addresses that are carry-overs from a hosting provider we have not used for over four years. Most of the messages still coming to these old addresses are spam, and our legitimate corresponents have had over four years to update their address books for our current addresses. Messages sent to the old addressse will become undeliverable.

Second, we have droped the use of the alternate f.last@bct-llc.com email alias since this compromises user login identities to intruders. The default email policy has always been the first.last@bct-llc.com format, but to smooth the transition from our legacy system, we supported the older address format as an alternate. This ended in January. Users who have a requirement to retain the legacy format will be given a new login account, to ensure that it is different from their email address.

What You Can Do

The most important thing you can do is to protect your email address. If spammers don't have your address, they can't put you on their distribution lists. There is a very active market in mailing lists. Addresses are bundled by the thousands, sold, and redistributed among email mass-marketers, spammers, and criminal elements. This many of these operate on the global Internet, there is generally no-one who can curtail these activities once they have your email address. The Government and the Internet Service Providers are powerless against this plague.

The most effective protection is prevention. You can help in these specific ways.

1. Never post your company email address on public websites, blogs, social networks, mailing lists. Spammers are constantly mining the Internet to harvest email addresses.
2. Never reply or attempt to unsubscribe to spam. This only serves to confirm that your address is live, making it more valuable to spammers who can charge a premium for it once it has been "verified".
3. Never sign up for distribution lists with your company address. Use a third-part account for these purposes, or request us to set up a temporary alias.
4. Never provide your company address to vendors. Their terms of service generally allow them to sell their customer lists to email mass marketers. Use a third-part account.
5. Never use your company address with third party Internet services such as Evite or file-sharing services. Our corporate servers provide all of these capabilities without the need of a third party. Theses "free" services actually make money by harvesting information about their users and marketing this information to email mass marketers. They are only offering their services as a way to collect email accounts and user data to resell. Nothing is free.
6. Never install software on your company workstation. This is a violation of company policy and undermines the security and integrity of our networked infrastructure. Many free products such as FireFox web brower include embedded spyware and adware.
7. Never share your screen with third-part vendors. This is a violation of company policy and undermines the security and integrity of our networked infrastructure. All screen-sharing services function by installing trojan software into your company profile that starts-up automatically and opens a back-door through our corporate firewalls to allow your system to be viewed and manipulated by untrusted outsiders.
8. Use only your company address for company business, never your personal accounts. Mixing business and personal communications exposes our company email addressses to exploitation by your personal mail providers, whose usage policies permit them to harvest and market your information to their advertisers.

Third Party Filtering - Connecting to Other Mail Accounts

Storing customer and company information on public internet servers violates both Government and company policies.

While, several Internet mail service providers such as Comcast or Gmail provide anti-spam capabilities, none of these webmail applications offers the full experience provided by Microsoft's Outlook Web App, and there is no reason to use them. Most of these use public shared Internet resources that lack the security and privacy provided by BCT systems. Additionally connecting these systems mixes business and personal information, exposing our information systems to exploitation.

Slaving your BCT account to external providers is a serious violation of BCT information security policy since it involves compromising your user account and Active Directory credentials to an untrusted third party and storing customer and company information on public Internet servers that are not accredited for this information.

Keep in mind that your Active Directory account is your single sign on for access to all BCT services including private web sites, protected file services, your electronic timesheet, and other systems requiring confidentiality, integrity, and authentication. It is your responsibility to protect your user credentials. If you choose to violate this responsibility, you expose highly sensitive customer and company information to exploitation by competitors and foreign Governments.

Remember, all of the home mail service providers are routinely compromised and cannot be trusted to protect BCT information and services.