According to the pundits, we are a 50/50 nation, evenly split on most
political and cultural issues. But there is one topic where there is
nearly unanimous agreement — Everyone hates spam.
Unsolicited bulk email saps employee productivity, wastes network
resources, drives up Internet costs, and clutters the network with
viruses, worms and Trojans.
”We were getting tons and tons of mail that users didn’t want,” says
Rod Baker, MIS Director for Reebok. Ltd. in Canton, Mass. ”Some users
were getting 300 to 400 pieces of spam per day.”
While the email server could handle the extra load, he says the volume of
messages required the company to purchase additional storage. Spam ate up
user time reviewing and deleting the unwanted messages. And the IT staff
time would have to help users — either getting rid of malware or
restoring legitimate messges that were accidentally delted.
All this occurred despite the fact that Reebok had filtering software in
place.
”Our filtering software was a resource hog, required a lot of time to
manage it, and was only blocking 30 percent of the spam on its best
days,” Baker adds. ”We were looking at having to hire an additional
person to handle the workload.”
To cut its personnel and storage needs, Reebok switched to using an
outside email processing service — FrontBridge Technologies, Inc. of
Marina del Rey, Calif. The change eliminated 90 percent to 95 percent of
spam and reduced IT’s spam-related administration time to 15 minutes a
month spent running a report for the CIO.
An Array of Armaments
Reebok may have given spam the boot, but spam control is no shoe in.
As a result, companies are harnessing a variety of technologies to tackle
spam. Most find it takes a multi-faceted approach, though not everyone
has gone so far as the sneaker giant in outsourcing the handling of spam.
But anyone who has been involved in the fray realizes something. There is
a war going on between bulk emailers and IT departments. It follows many
of the same rules as conventional warfare, though no one is expected to
follow the Geneva Convention if they got their hands on a spammer.
To begin with, the goal is containment rather than total elimination.
Dropping a nuclear bomb would kill all the enemy combatants in an area,
but it would kill all the civilians, as well. Instead, you have to select
weapons and tactics which kill most of the enemy, without excessive
collateral damage. The ”collateral damage” in using anti-spam tools too
aggressively consists of blocking legitimate emails along with the junk.
Instead, you need to adjust the threshold to achieve a balance between a
tolerable level of unwanted email, and an acceptable level of ”false
positives” — valid messages incorrectly identified as spam.
”The way organizations deal with this depends on their culture and
philosophy,” says Ant Allan, a U.K.-based analyst for the Stamford,
Conn. consulting firm Gartner, Inc. ”Some organizations would rather get
a large residue of spam coming through than block legitimate messages.”
The second lesson is that the battle is constantly evolving.
As Prussian general Helmuth von Moltke stated, ”No plan of operation
extends with any certainty beyond the first contact with the main hostile
force.” Instead, it requires continuous intelligence on what the enemy
is doing next, and then devising new ways to block it. In fighting spam,
this means using an array of technologies, not a single one, and
constantly updating them to counter the latest threats.
The exact techniques vary from one product to another, and each gives
different weights to particular methods. Some of the more common ones
include:
from which email is allowed (whitelist) or blocked (blacklist). The
company or individual users can create their own lists, or they can use
ones from the vendor or an outside source. Several organizations
including SPAMHAUS (www.spamhaus.org) and SPEWS (www.spews.org) maintain
freely available blacklists which are regularly updated by their members.
and a batch of known good email. Incoming mail is then compared to the
characteristics of these two groups and the software assigns a
probability that the email is spam. The analysis is continually updated
as users identify new mail as good or bad. Bayesian analysis is one of
the more commonly used varieties of heuristic analysis.
around this by altering spellings, so an updated technique called Complex
Dictionary Checking looks for variations such as V!oxx or M$Utgage.
If other email comes in with an identical signature, it is blocked.
(Spammers get around this by adding random words to email, thereby
changing the signature.)
coming from a single address and flags it for the administrator’s
attention.
”If you have a solution based on a single way of identifying spam, what
do you do when the spammers figure out how to get around it?” asks
Allan. ”The best solutions have a spectrum of techniques to give you the
best all around performance.”
Guarding the Infrastructure
Companies looking to reduce their unwanted email load have several
options. They can select an outsourcer, as Reebok did, or they can stay
in-house using either software or an appliance. Most products do an
adequate job of filtering. The difference comes in the management
features.
”The spam filtering itself is becoming a commodity,” says Allan. ”It
is not just the effectiveness, but the enterprise-class features which
matter when working with large populations, such as ease in setting up
custom rules for different groups of users.”
Cable and broadband provider Cox Communications, Inc. took the appliance
route for its 40,000 employees at 60 locations.
Everything comes in to servers at the company’s Atlanta headquarters,
passes to hub servers and then out to mailbox servers for end-user
access. A year ago, Cox installed six CipherTrust, Inc. IronMail
appliances to block spam at the gateway before it hits the Exchange
servers.
Senior messaging manager Franklin Warlick says the appliances themselves
only took about half an hour to set up, and he spent another day tweaking
the settings. The real work came in setting up whitelists.
”We started out doing the whitelist too aggressively,” he explains.
”Then we found that one person’s newsletter is another person’s spam.”
That process took about a month. In the first few weeks there were also
some false positives, but that has been corrected and he hasn’t heard of
any for months. With the appliances in place, although the level of spam
has skyrocketed, it is not swamping users’ mailboxes.
”A year ago, we were getting eight to nine million messages a month. Now
we are getting over 40 and blocking about 38 million of those as spam or
viruses,” says Warlick. ”If we were handling that volume anywhere other
than at the edge, we would have had to grow our Exchange infrastructure
and staff to four times what it was a year ago.”