10:34 AM
IT Challenge: Spam
The cost of managing such junk is getting expensive. First, there's the impact on staff productivity and the time it takes to weed through the junk, especially if a firm doesn't try to filter it out.
Then there's the cost of handling the extra traffic. Radicati estimates it costs on average $49 per user annually for a company with 10,000 employees of $490,000 per year. It notes that a 10,000-user company running MS Exchange typically has 21 servers processing mail and the equivalent of five of them would be handling spam. By 2007, the same firm will need 50 servers to handle e-mail and half of those will process spam.
As well, there's the storage cost of spam, which is especially problematic for broker-dealers, which must follows special SEC rules on archiving and storage.
Last year, Ferris Research of San Francisco, Calif., pegged the total cost of spam to U.S. businesses at $8.9 billion. Four billion was attributable to lost productivity and $3.7 billion for server and bandwidth costs.
Norm Fekrat, a partner in the communications and high tech practices at Accenture in New York, says firms underestimate the cost of spam within their organization. "They're incurring a tremendous amount of spam time. Employees have to go through and delete all that mail."
Fekrat says like it or not, firms have to focus on filtering incoming spam "to stop it before it gets into the enterprise." They also need to develop better policies around e-mail distribution to make sure that employees are not spamming.
Thomas Bookwalter, a consultant with 17a-4, LLC in New York, which advises firms on electronic communications and regulatory issues, says the key to filtering spam is making sure that the filter sits in front of the e-mail server. Otherwise, it's arrived, and is subject to SEC Rule 17a-4, which imposes archiving, indexing and retrieval requirements on firms.
As well, by filtering before it gets in to the organization, it reduces storage and e-mail management costs.
Once spam has entered, he says, "you need a clear audit trail of everything that got handled. It doesn't mean it can't be deleted," he says, but firms have to "create an archive of unquestionable integrity."
Scott Petry, founder and vice president of products and engineering at Postini, says that spammers' techniques are growing in sophistication, making it difficult for individual investment firms that rely on their own filtering to keep up.
Petry says that filters must be rigorous and adaptable. Simple techniques like only permitting e-mails based on a person's contact list isn't enough and certainly won't catch spam spoofers, one of the latest spamming techniques.
That's where spammers hide their missives and send them out under another user's email address.
"Spammers are definitely doing a lot of clever tricks." It includes spam spoofing and html encoding that disguises the actual message in e-mails to get through filters. The HTML code breaks up words like Viagra, allowing them to slip through a filter and show up as readable in the actual message.
E-mail-service firms are using sophisticated heuristics to flesh out spammers and have staff that study developments and troll online for the latest spam developments.
Mark Sunner, chief technology officer at MessageLabs, says that his firm has more than 7,000 different rules in place that it applies to e-mails to determine if they're spam. They examine the spam and tally traits to see if it qualifies as spam. "It's very much a kind of an arms race."
Audax's Griffin says what he likes about the Postini system is that there's a level of self-service. He says the firm receives 12,500 e-mails accounting for 640 megabytes of information a week.
That's what makes it through the filters. The firm sends out 5,000 e-mails worth 300 megabytes. "Each user can fine-tune the level of tolerance."
Users can also get an e-mail report each day that summarizes everything that was quarantined as possible spam and they can then access any message that was improperly filtered.
Since he implemented it, Griffin says he has "heard very little noise from the end-user community. It really does take the day-to-day-administration right off the plate (of IT staff)."