Fighting Spam
March 6, 2010Spam is unsolicited email. It can range from a supplier’s newsletter to pornographic images to offers of products or services. On the face of it, this does not constitute a major problem as the user can “just delete it”.
Many pundits predict that spam will die out from “natural causes” – if people do not respond to spam, the senders will not bother. However, evidence from web monitoring companies indicates that spammers are getting between 4 and 8 percent “click through”. That is, if a spammer invests about $150 to spam 1 million people, they can expect between 40,000 and 80,000 people to visit their website as a result. Based on these figures, it is unlikely that the menace of spam is likely to decrease in the near future.
The impact of this spam is felt all over the organization:
Users. Nobody looks forward to opening their email in the morning, but knowing that half of the contents will be inappropriate, offensive or uninteresting makes the task even less enjoyable! There is concern that companies may be opening themselves to legal action by their employees for not protecting them from the more offensive material and for not taking action to reduce their stress levels that dealing with spam raise.
IT is estimated that a company without spam fighting mechanisms will spend $31 per user this year on server resources to handle spam rising to $167 per user by 2007 compared with $16 per user with those proactively fighting spam. This does not include the knock on effect of congested network bandwidth as spam is transported around the corporate network
Whole company. The biggest impact on the company is wasted time which in corporate terms is reduced user productivity. Figures vary, but estimates are somewhere in the region of 15 minutes per person per day is lost through dealing with spam. In a company with 2000 employees that is 62 man days per day.
Detecting Spam
The case for dealing with spam is compelling. However, unlike email, the offerings are less mature. They are also less mainstream and more costly, so more difficult to justify to an unconvinced management. Furthermore due to the progressive and insidious nature of spam, it is not perceived as the direct threat that viruses represent.
Detecting and stopping spam is a subjective process. The solutions available use one or more of the following approaches:
Reverse lookup. This simply means that the application finds out where the email has originated from and compares the origin to a list of known domains that send spam. If it matches, the email can be classified as spam. This process is fallible as spammers will change the sending domains regularly and some domains can be incorrectly identified.
Content scanning. By viewing the content of the email, it is possible to deduce whether the email contains spam or not. This process is subjective and care needs to be taken to avoid “false positives”. For example, if your business is distributing medical supplies, you may not want to alert on the word “Viagra” even though much spam is to do with selling Viagra. Similarly, a financial services firm would not want to alert on “credit”.
In practice, known suspect words are given a value and if the total “value” exceeds a threshold, the email is classed as spam. This allows for tuning to individual company requirements.
Other characteristics. Spam often has other characteristics that allow it to be identified such as a long or unintelligible return address or one that has been blind copied to 3000 people. When spam has been identified, it is either quarantined (not delivered to the recipient) or delivered to the recipient with a modified subject line (e.g. beginning “Possible spam?”). If quarantined, some process will need to be implemented for checking that “false positives” have not been incurred with an option for the user to retrieve their “lost” email. In practice, user concerns will diminish over time as the anti-spam implementation becomes accepted.
Types of Solution
As with virus protection the choices are about having a specialist provide the service for you, or doing the function in-house. The in-house option involves buying equipment and software then having the IT department invests valuable time to learn a new application and develop a new range of processes to deal with monitoring, management and false positives.
Buying in a service can be done in two ways; subscribing to a large, shared service or having a specialist build a solution to your requirements. Each has its benefits, although the perceived cost advantage of the larger shared service can be offset by the lower costs of a smaller specialist provider. Having your own solution, albeit run by a specialist, has a number of other benefits such as enhanced customization to your business and a more personal service.
Added Benefits
By implementing an anti-spam solution, a company is putting in place a mechanism that can scan the content of all inbound and outbound emails. This can be used for other purposes within a company:
Legal issues. The recent Hutton Enquiry has seen significant email evidence produced, much to the embarrassment of the authors. Whilst not all of these emails could have been prevented by content checking, user awareness around this issue coupled with a company focus will ensure that employees think carefully about what they say in an email.
Monitoring employee email. Whilst this is currently a contentious issue, the ability to censor and monitor outbound email allows an organization to protect itself against possible employee misconduct.
Preventing personal use of email. It is estimated that users spend about 12 minutes per day sending personal email. Recent anecdotal studies suggest that the figure is much higher, but based on 12 minutes lost per day; a company employing 2,000 staff is losing 50 man days per day through private email use. This can be prevented through selective filtering of outbound email combined with user education.
Health and safety issues. European directives are mandating that employers pay ever closer attention to the needs of their employees. There have been a number of recent incidents of bullying and intimidation by email that may have been identified through the use of content checking.
Summary
Spam is an insidious menace to corporate email systems. It consumes server resources, clogs up networks and wastes users’ valuable time. All of these effects cost the company money.
Implementing an anti-spam solution offers cost savings and potentially compliance with future legal requirements. The solution need not be implemented or supported by an internal IT department. As this is a perimeter defense, it could easily be hosted or managed by a specialist off-site.
Some organizations are now offering combined anti-spam, anti-virus and content filtering services in one package.