Download our in-depth report: The Ultimate Guide to IT Security Vendors
What's the big deal about spam? If you're asking that question, and you're not referring to the revered Hormel SPAM. meat product, which my family takes along with great ceremony on our summer camping trips, then you probably have not gotten any junk e-mail lately. However, if you're in IT, then you know about spam and you know you've got problems.
I recently talked to a friend of mine, Jim Akin, who manages IT services for Cubic, a defense and transportation systems company. Each time I had seen him over the previous two weeks, he would be muttering about spam, a little like Monty Python's Vikings. So I thought I knew what his answer would be when I asked him which IT problem he would most like to resolve. Sure enough, it was spam.
"About 60 percent of our incoming e-mail is spam," said Akin. "If my staff doesn't block it, not only do our users have to sort and toss that e-mail, but if they don't, my IT staff has to back it up. If we don't get rid of the spam, for every 3 gigabytes of e-mail backup we complete, we waste 2 gigabytes on spam."
Not everyone in Akin's organization gets spam. He tells me it's the people who need to complete transactions on public Web sites, as well as those who innocently click on the "delete me from this list" button at the bottom of spam, unwittingly confirming their e-mail address as valid and guaranteeing themselves more spam than they can possibly imagine.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
And it's not just the volume of spam that rolls in or the time and money spent administering and storing it. "Some spam is terrible stuff," Akin said. I can confirm this. While researching this article, I searched on Google for "spam filters." Sure enough, as I clicked down through the list of hits, lurking among the legitimate entries from such spam-fighting vendors as Ciphertrust, Tumbleweed, Postini, Network Associates' McAfee division, Symantec, Brightmail, and Nemx were disguised links to pornography sites that displayed on my screen when I clicked on them.
If a company like Cubic takes steps against spam and establishes anti-spam policies, they will not be open to sexual harassment lawsuits because of pornographic spam. Without these measures, however, they could be vulnerable.
So what can Akin and other IT managers like him do? Akin described the solution he's been seeking as well as the three steps he has taken in search of that solution. "I'm looking for the solution that filters the most spam while blocking the least legitimate e-mail. I also want a solution that requires the least amount of time from my IT staff, but gives us the flexibility to let requesting users design their own specific filters."
Akin fist tried a rules-based filter. With a file of rules for sorting e-mail, a filter of this type requires constant upkeep, but works well. The filter file lets you block e-mail by address, domain, or rule. For example, if you want to block mail that offers credit cards, your rule can look for the phrase "free, no obligation." For pornography, it's obvious that your rule looks for specific single words. The upkeep is generated when the spammers get smarter. For example, Akin had a rule that looked for "Viagra" in the subject line, but spammers now send mail with "Viagra" spelled "Vi*gra" or some similar variation.
For his second test, Akin ran an in-house heuristic filter from Postini, Inc. The filter blocked a tremendous amount of spam but was administratively hard to handle. This filter worked by assigning a number factor to different subfilters aptly named "Bulk email," "Get Rich Quick," "Naughty," and "Racially Insensitive." You could make the blocking more stringent by moving the number factor upward. The problem with this test for Akin was the high number of false positives. False positives can be rather difficult to fish out of the system -- if you even know that you have them.
Akin's third try, a hosted service from Postini, is running now. The filter is the same, but the administration is very easy. Each user has a personalized Web site where he or she can check what has been blocked. If the user wants to, he or she can unblock e-mail. Another good feature is the month-to-month contract, which gives Akin flexibility in the ever-changing spam world.
Fighting spam costs Akin about "$0.85 per user per month." But fighting spam saves Akin an untallied amount in storage resources, personnel time, and legal fees. Even without a dollar figure for the savings, that's easy math to do.
"Right now, the industry doesn't have the tools to stop spam completely," Akin said. "Spammers are too wily and crafty, and sending spam is too lucrative for them to stop. But eventually we'll get ahead of them." I think Akin has made big strides. Lately, I've even heard him mention once or twice IT challenges other than spam.