Inbox defence

By 2005, 60 billion unwanted emails will travel the world each day. It’s time to shift your anti-spam strategy into high gear

By Yvan Marston

There’s something very wrong about receiving unsolicited bulk email with “Spam Remedy” in the subject line. It’s like having two men come into your office, topple a loaded bookshelf and mutter an insincere “oops” before delving into your need for protection. And it brings to light the essential problem with spam: a legitimate business tool is being held to ransom.

“Spam is no longer just a nuisance,” explains Jack Sebbag, Canadian general manager and vice-president of Network Associates. “Dealing with it is one of the top priorities for CIOs around the world.” Network Associates is best known for its McAffee anti-virus software. The company estimates that 50% of all email communication traveling bandwidth worldwide is unwanted, unneeded and often unsavoury.

Market research firm Gartner Inc. expects things to get even less savoury by the middle of next year as it estimates 60% of all email traffic will be spam, according to a report released in late September. And if the trend continues, in two years 60 billion unwanted emails will travel the world each day.

Hard and soft costs

Never mind the fraud aspect of most spam, unsolicited commercial emailing constitutes theft. Spam affects network performance and requires that companies spend money upgrading their servers, which are often overworked at the task of processing spam, explains Sebbag.

There are also soft costs, he says, adding that the time it takes an employee to delete spam, and in some cases — heaven forbid — actually read or click on spam, is calculated in terms of lost productivity. One figure from MessageLabs, a managed email services provider, estimates that spam costs UK businesses the equivalent of $1,000 per employee per year in wasted time.

“There’s a tipping point,” says Neil Schwartzman, chair of the Coalition Against Unsolicited Commercial Email, Canada. “For some it’ll be 50% spam and for others it’ll be 90. But at some point I think businesses will just stop using email. The danger here is that we may very well lose a business medium.”

Fighting spam becomes all the more difficult when you learn that, despite all the ludicrous subject lines and empty promises, it works. For instance, the scam that asks for your bank account so that large sums of money can be transferred to it from Nigeria is expected to gross $2.6 billion this year, making this spam the country’s second largest industry (if, indeed, that’s where it comes from).

Reclaiming your company’s valuable technology resources will best benefit from a two-pronged approach. The first involves education and prevention and the second involves implementing a spam filter solution.

Practice safer surfing

“Learning how to conduct yourself on the Internet will go a long way to reducing your spam load,” says Darryl Lowe, manager of client services for Quartet, a Toronto-based IT management firm. Spammers are constantly on the lookout for email addresses, so the first thing Lowe suggests is taking all unnecessary contact information off your company Web site.

If you’re downloading software and an email address is required to complete the matter, try entering something false like, goaway@nospam.com. If the transaction requires a valid email contact, perhaps to send you an invoice or software instructions, use what Lowe refers to as a “throw-away” address.

“Most home Internet providers offer a user as many as five email addresses,” says Lowe. “Set up a second one that’s a throw away and use that one for on-line transacting and that’s where you’ll see most of your spam.”

Security solution

The creation of anti-spam legislation in approximately 34 U.S. states and in a few other countries represents a good start, but unless every country agrees to prosecute spammers, having partial legal coverage worldwide is ineffective because spam can be sent from anywhere.

“Besides that,” says Greg Jensen of Computer Associates, “most spam isn’t coming from law abiding businesses anyway. These are businesses not concerned with the morality of doing this.” As product manager for the company’s eTrust line of security software products, Jensen says IT budgets are starting to make room for anti-spam strategies, which essentially means buying and implementing a spam filter.

There are a few different places a company can filter spam, Jensen explains. You can sort it out at the Internet Service Provider (ISP) level, where you pay them to filter out the spam before it gets to your desktops. You can have your IT staff filter it at the company gateway, or tackle it in the exchange box or note server. And finally, you can run an application on each desktop, so that the individual PCs are filtering the spam. (Many mail programs have rule sets, which, when properly applied, can serve to significantly reduce your desktop’s spam jam.)

Jensen is a proponent of high level filtering, using the ISP and the company gateway as barriers, a strategy that takes the load off the company’s internal systems and allows a more detailed and universal application of the solution.

Contentious content

Infinitely more complex than an anti-virus program, anti-spam filtering is relatively new and as such, most filters incorporate a number of different technologies. Realtime black lists (RBLs) are the main technology employed by filters to check sender information against a list of known spammer aliases.

Many solutions add to this engines that will perform statistical analysis to calculate the probability that a message is spam based on its content. The email is given a score for the inclusion of blacklisted words such as “Viagra” before the filter decides to block it. The trouble with filters is the number of false positives, instances where legitimate email is mistaken for spam.

For some users, missing an important email is far worse than receiving 25 pornographic messages. Reducing the false positive rate is the real challenge anti-spam filters face. Some products include a quarantine feature that allows you to periodically view the messages the filter isn’t certain are indeed spam.

Not without their shortcomings, spam filters are in effect the most immediate and necessary solution to the plague that has befallen this business tool. Legislation isn’t likely to change anything over the short term, and at the speed it’s advancing, the short term is all the spam problem knows.

As the storm gathers on the virtual horizon, one thing is certain: businesses have to investigate spam protection and strategically manage it.

Yvan Marston is a Toronto-based freelance writer.

Top five spam management tips:

1. Reduce the number of email addresses on your Web site.
2. Maintain a separate address for online transactions.
3. Introduce anti-spam filtering to your organization.
4. Fine-tune the filtering system to suit your office environment.
5. Remain vigilant in updating these systems on a regular basis.

Top