IT Challenge: Spam

Junk e-mail is becoming a big problem, as spammers clog inboxes with dubious offerings from weight-loss remedies to cheap Viagra. For institutions, the challenge is filtering out the fluff without

March 3, 2004

7 Min Read
Network Computing logo

Junk e-mail is becoming a big problem, as spammers clog inboxes with dubious offerings from weight-loss remedies to cheap Viagra. For institutions, the challenge is filtering out the fluff without deleting important correspondence.

Jeff Griffin hates spam. "Spam doesn't discriminate. It's a problem across every e-mail account," says the director of information technology at the Audax Group, a private equity firm with offices in Boston and New York.

Audax has about $1 billion in assets under management in private equity investing and mezzanine financing. Griffin says its 65 employees are "all on e-mail and heavily use BlackBerrys," a hand-held device coveted by many on Wall Street built by technology firm Research in Motion. "E-mail is the most important application here," he says, noting that "instantaneous communication is the key to our success. It's a high priority."

However, spam was starting to get in the way of that success and bogging down the firm's e-mail system, so a few years ago Griffin began using an internal-filter system to weed out unwanted missives.

It was installed on Audax's mail servers and had to be manually managed by its three-person IT shop.The IT staff would constantly fine-tune the filters to capture and quarantine spam. While it was effective at reducing the amount of junk mail that got through, the problem was that maintaining the system and keeping the filters up to date with the latest spam tricks was "very labor intensive and difficult to do right."

That's because spammers are not static. Their tactics shift and their methods for deploying spam are in a constant state of flux. So the IT department was constantly tinkering with the filter configuration, which were based on words, phrases and e-mail addresses. As well, they would subscribe to publicly available real-time blackhole lists, which contain server IP from ISPs whose customers are sending out spam or IP addresses, or servers that have been highjacked for spam routing. While helpful, Griffin says that blacklists are "not 100 percent reliable."

Despite his IT team's best efforts, spam was still getting through and there was the constant concern of false positives, where an e-mail identified as spam is quarantined, but actually turns out to be an important message someone requires.

Moreover, it wasn't a "self-serve" system that end users could tweak, so the IT department was constantly called upon to help staff find messages and draw items down from quarantine. Griffin says it had become "unbearable for a lot of our users."

So Griffin set out to find another solution. He had read about some products that offered outsourcing services in industry publications and noticed that Redwood City, Calif.-based Postini, had consistently scored well. "One thing that caught my eye was that it had an ASP model. It wouldn't require me to buy a product and put it in here."Postini is one of a growing number of firms that provide e-mail security and management services to help corporations deal with spam. Firms in this space which have an increasing presence within financial-services firms include New York City-based MessageLabs, San Francisco-based Brightmail and Redwood City, Calif.-based Tumbleweed Communications.

As the spam problem worsens, more financial institutions are looking for solutions.

The extent of the spam problem varies widely. The Radicati Group, a Palo Alto, Calif.-based research firm that tracks spam, estimates that 45 percent of all messages are currently spam. It expects that number to hit 70 percent by 2007.

However, some of the e-mail filtering companies have already seen spam surpass those numbers. In December, MessageLabs reported about 62.7 percent of the traffic over its systems was spam. Postini's recent figures suggest that 77.9 percent of e-mails are spam, while Brightmail reports that 58 percent of the e-mails it filtered were spam. That's up from 42 percent a year ago.

But it's not just spam that's a problem. A growing percentage of the e-mail traffic also contains viruses. In December 2003, MessageLabs found that one of 158 e-mails contained a virus. The ratio for financial services in the U.S. was one in 188.Pornography is also a problem, with one in every 2,400 e-mails containing attachments with possible pornographic images.

The cost of managing such junk is getting expensive. First, there's the impact on staff productivity and the time it takes to weed through the junk, especially if a firm doesn't try to filter it out. Then there's the cost of handling the extra traffic. Radicati estimates it costs on average $49 per user annually for a company with 10,000 employees of $490,000 per year. It notes that a 10,000-user company running MS Exchange typically has 21 servers processing mail and the equivalent of five of them would be handling spam. By 2007, the same firm will need 50 servers to handle e-mail and half of those will process spam.

As well, there's the storage cost of spam, which is especially problematic for broker-dealers, which must follows special SEC rules on archiving and storage.

Last year, Ferris Research of San Francisco, Calif., pegged the total cost of spam to U.S. businesses at $8.9 billion. Four billion was attributable to lost productivity and $3.7 billion for server and bandwidth costs.

Norm Fekrat, a partner in the communications and high tech practices at Accenture in New York, says firms underestimate the cost of spam within their organization. "They're incurring a tremendous amount of spam time. Employees have to go through and delete all that mail."

Fekrat says like it or not, firms have to focus on filtering incoming spam "to stop it before it gets into the enterprise." They also need to develop better policies around e-mail distribution to make sure that employees are not spamming.Thomas Bookwalter, a consultant with 17a-4, LLC in New York, which advises firms on electronic communications and regulatory issues, says the key to filtering spam is making sure that the filter sits in front of the e-mail server. Otherwise, it's arrived, and is subject to SEC Rule 17a-4, which imposes archiving, indexing and retrieval requirements on firms.

As well, by filtering before it gets in to the organization, it reduces storage and e-mail management costs.

Once spam has entered, he says, "you need a clear audit trail of everything that got handled. It doesn't mean it can't be deleted," he says, but firms have to "create an archive of unquestionable integrity."

Scott Petry, founder and vice president of products and engineering at Postini, says that spammers' techniques are growing in sophistication, making it difficult for individual investment firms that rely on their own filtering to keep up.

Petry says that filters must be rigorous and adaptable. Simple techniques like only permitting e-mails based on a person's contact list isn't enough and certainly won't catch spam spoofers, one of the latest spamming techniques.That's where spammers hide their missives and send them out under another user's email address.

"Spammers are definitely doing a lot of clever tricks." It includes spam spoofing and html encoding that disguises the actual message in e-mails to get through filters. The HTML code breaks up words like Viagra, allowing them to slip through a filter and show up as readable in the actual message.

E-mail-service firms are using sophisticated heuristics to flesh out spammers and have staff that study developments and troll online for the latest spam developments.

Mark Sunner, chief technology officer at MessageLabs, says that his firm has more than 7,000 different rules in place that it applies to e-mails to determine if they're spam. They examine the spam and tally traits to see if it qualifies as spam. "It's very much a kind of an arms race."

Audax's Griffin says what he likes about the Postini system is that there's a level of self-service. He says the firm receives 12,500 e-mails accounting for 640 megabytes of information a week.That's what makes it through the filters. The firm sends out 5,000 e-mails worth 300 megabytes. "Each user can fine-tune the level of tolerance."

Users can also get an e-mail report each day that summarizes everything that was quarantined as possible spam and they can then access any message that was improperly filtered.

Since he implemented it, Griffin says he has "heard very little noise from the end-user community. It really does take the day-to-day-administration right off the plate (of IT staff)."

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights