• Overwhelming message volume. Spam drains employee productivity as workers waste time reading, deleting or even responding to spam e-mails. Additionally, the sexually explicit nature of many spam messages poses potential liability for organisations.
   
• Phishing. Phishing is a specific type of spam message that solicits personal information from the recipient, such as social security, credit card and bank account numbers.
   
• Spoofing. Spoofing is a deceptive form of spam that hides the domain of the spammer or the spam's origination point. Spammers often hijack the domains of well-known businesses or government entities to enhance the validity to their commercial message or scam. An example of spoofing is an e-mail that appears to come from a known e-mail address that requests a credit card number to confirm the order of goods.

So what can businesses do to help cut down on spam?

Implementing these basic policies and strategies can help cut down on spam:
 

• Get a spam-filter. Your Internet Service Provider (ISP) may offer a spam filtering service and some email clients such as Outlook 2003 include built-in spam filtering.   If not, you may wish to buy filtering software - AVG Internet Security includes a Spam Filter.  There is a wide choice of anti-spam software that offer a free trial period.  Remember that one size does not fit all and obviously the best product for a desktop user or small business would not be appropriate or adequate for meeting the needs of a large enterprise.  While spam filtering software can be useful for helping to identify spam email, it will not successfully block all spam email. For this reason, do not assume that all email delivered to your inbox when using spam filtering software is legitimate, even if it appears to have originated from sources you know and trust.
   
• Establish written guidelines for how corporate e-mail addresses and Web browser are to be used by employees.
   
• Educate users to never respond to an e-mail when the sender is unknown, even to remove themselves from a mailing list.
   

• Be careful about disclosing your e-mail address. Follow these tips whenever you can:
  Set up an e-mail address dedicated solely to Web transactions.
  Only share your primary e-mail address with people you know. Avoid listing your e-mail address in large Internet directories. 

  Don't even post it on your own Web site.
  Disguise (or "munge") your e-mail address. Use a munged address whenever you post it to a newsgroup, chat room, or bulletin board. For example, you could give your e-mail address as "s0me0ne@example.c0m" using "0" (zero) instead of "o." A person can interpret your address, but the automated programs that spammers use cannot. Another example is me@(nospam)isp.com.au where you advise users that they need to delete the (nospam) element of the address.

  Watch out for checked boxes. When you buy things online, companies sometimes add a checkbox (pre-checked!) to indicate that it's fine to sell or give your e-mail address to responsible parties. Click the check box to clear it.
   

• Encode corporate e-mail addresses posted on company Web sites in Javascript or HTML to hinder a spider’s ability to recognize them. (The e-mail address looks normal and acts normal [to Web site visitors], but from the back end you just see code.)
   
• Even if you’re using anti-spam software, urge users to report spam that sneaks through to a corporate e-mail address for further analysis.
   
• Decide how much control your company wants over e-mail that’s been deemed spam, and whether end users or the network administrator should manage it.
   
• Educate your end users to identify and report any spam that does get through, and alert them to e-mail fraud. One clue to detect spam is if the sender’s e-mail address differs from the company’s name in the message.
   
• Limit Web surfing on company PCs; an easy way for spammers to find live e-mail addresses is by lifting them from sites where visitors have input their address.
   
• Adjust your Internet Explorer security settings to help prevent unwanted intrusions when you go on the Web. See Working With Internet Explorer 6 Security Settings for detailed directions.
   
• Review the privacy policies of Web sites. When you sign up for Web-based services such as online banking, shopping, or newsletters, review the privacy policy closely before you reveal your e-mail address. If a Web site does not have a privacy statement posted, be cautious and consider contacting the site owners before sharing sensitive information.
   
• Don’t open emails that appear to be from a dubious source. It is not wise to open any email message that appears to be from a dubious source. However, if you have already opened the message, don’t click on any links, including the unsubscribe facility – often spammers just include fake unsubscribe facilities in order to confirm that your email address is a real address. If you click ‘unsubscribe’, you may open yourself to a deluge of spam, both from that spammer and from others to whom they sell your email address. Note that for legitimate commercial electronic messages (those that have been sent with your consent), the unsubscribe facility must work, and it should be safe to use the facility.
   
• Securely configure email clients to turn off the “Preview pane” and to show and block potentially harmful attachments.  In the past, some email clients have exhibited vulnerabilities which allow malicious code to execute automatically as they are “previewed”. Additionally, HTML email may download and execute harmful mobile code such as Java.
   
• Don't reply to e-mail asking for personal information. Most legitimate companies will not ask for personal information via e-mail. If a company you trust (e.g., your credit card company) writes to ask for personal information, call—do not write—and report it. Be sure to use a number you found yourself, either through the yellow pages, a bank statement, a bill, or other source. (Don't use a phone number provided on the e-mail.) If it's a legitimate request, the phone operator should be able to help you.
   
• Watch out for spoofed mail. "Spoofing" refers to duplicating a legitimate e-mail, such as a company's newsletter. These spoofed mails may be used to trick you into downloading a virus or sending personal information, such as a credit card number. When in doubt, contact the company you think sent the e-mail.
   
• Don't buy anything from a spam mail. Some spammers make their living on people's purchases of their offerings. So resist the temptation to buy their products if you don't want to take the chance of getting on more junk e-mail address lists.
   
• Be careful when downloading Adware, Freeware and Shareware. The process of downloading such software often requires you to provide your email address which may be used to send you advertisements, viruses, more spam or even download secret files into your computer which can compromise your PC's security.
   
• Never, ever contribute to a charity from spam mail. Unfortunately, some spammers prey on your good will. If you receive an appeal from a charity, treat it as spam. If it is a charity you would like to support, call them and find out how you can make a contribution. Never send your information via e-mail, however.
   
• Never respond to popups by clicking on links.
   
• Think twice before opening attachments, even if you know the sender. If you cannot confirm with the sender that a message is valid and that an attachment is safe, delete the message immediately, and run up-to-date antivirus software to check your computer for viruses.
   
• Don't forward chain e-mail messages. Chain mails may be hoaxes, or even a virus delivery system. Plus you lose control over who sees your e-mail address. Additionally, there are reports that spammers use chain letters to gather e-mail addresses. To check on the legitimacy of a chain letter or potential hoax, go to Hoaxbusters.
   
• Configure instant messaging software to allow only those on your contacts list to send you messages.  Equally as important as blocking unwanted emails is blocking unwanted instant messages. Some malicious code uses instant messaging software such as MSN Messenger, AOL Instant Messenger, Yahoo Messenger or ICQ to spread.