Stomping Out Spam: The Spam Series, Part 1: Page 2
No Suprise Here -- Economics behind Proliferation of Spam
How do spammers get most of their e-mail addresses? Methods range from junk mail and targeted e-mail lists to e-mail extractors, MX server extractors, and viruses, spyware, and other malicious code, points out Ron Franczyk, president of anti-spam vendor The Giant Company.
"Junk and targeted e-mail lists have been with us for almost as long as the Internet. Practically anyone can buy a list of more than 11 million e-mail addresses, for as little as $100," according to Franczyk.
A variation on this general theme, known as the opt-in list, stems from partnerships between spammers and legitimate Web sites. The legit sites ask visitors to check off "Don't send me" boxes. "At some point you forget to check off one of these boxes, and your name lands on an opt-in list," says Franczyk.
The economics of spam benefit the spammer. In contrast, on the enterprise side, the costs of spam can be tough to quantify. During one recent Webcast, though, about 20 percent of participants listed systems resources consumption as a top spam concern, compared to 46 percent for loss of productivity and 22 percent for "upset and unhappy users."
Moreover, some companies are starting to worry over the prospect of "hostile workplace" lawsuits stemming from spam. Lots of spam messages are solicitations for resized "body parts," for example.
Organizations also run the risk of buying or implementing more systems resources than would otherwise be necessary, just to accommodate spam, Nelson suggested during a Webcast sponsored by vendor ActiveState.
Spamware Deployment in Droves
These and other reasons are driving administrators to deploy anti-spam products in droves. In a study by Osterman Research, respondents ranked spam as a more severe problem than employees sending and receiving inappropriate content; viruses, worms, and Trojan horses; large attachments sent through e-mail; employees sending confidential data; users complaining about mailbox quotas; personal use of e-mail; and denial-of-service attacks
Some 54 percent of Osterman's subjects said their organizations have already implemented an anti-spam capability.
Ultimately, however, technology won't be enough to fend off spam, according to Nelson. Legislation and end user education are also needed. "One part of the curriculum [should be], 'Don't purchase from spammers,'" Nelson cautions. In fact, users shouldn't even respond to spam, he advises.
Moreover, if users want to post messages to Internet newsgroups or put their own names on the Web, they should never use their corporate e-mail addresses.
Meanwhile, although national legislation is still some time away, some states have already passed anti-spam laws. In California, for instance, it's now possible to sue spammers at the rate of $55 per message. In reality, though, the costs of litigation will probably be prohibitive, Nelson maintains.
Happily, however, anti-spam administrators can expect to find little user resistance when it comes to spam control. Recent surveys show that users are willing to embrace both technology and legislation to combat spam. In a study of office workers by Public Opinion Strategies, 56 percent said that their companies already use some form of technology for spam control. These employees also reported a lot less spam than others. A full 68 percent favored combining "technology with legislation."