Spam e-mail making you lose your lunch?

In a recent survey, more than 70 percent of executives said that electronic mail has become the most important form of business communication, more important than even the telephone. E-mail is obviously an essential business tool, yet it is being seriously abused by “spammers” sending unsolicited and undesired mail.

Message Labs, an e-mail security firm, scanned 840 million e-mail messages in April 2004. Eighty-three percent of the messages were classified as spam, nearly double the ratio of 43.7% recorded in September of 2003.

What is spam? Spam is defined as unsolicited e-mail, or junk e-mail. It is an untargeted mass mailing promoting a product, service or company. Spam is almost always commercial e-mail, though it can include hoaxes or chain mail as well. While of questionable legality, spam is seldom welcome, and occasionally contains viruses.

Companies send spam for two reasons – it’s virtually free, and it works. It costs a spammer the same to send a dozen unsolicited e-mails as it does to send a hundred, or a thousand, or a hundred thousand. And people will respond, either by opening the e-mail or going to a web site (28%), or purchasing a product (8%). Sending out 100,000 e-mails and getting 8,000 purchases with little to no marketing or sales expense is a large incentive to spam.

Spammers subscribe to lists of e-mail addresses, containing both unqualified and qualified addresses. Unqualified addresses are those that may be valid. They’re often obtained by searching the internet, browsing through companies’ web pages, etc. Qualified addresses are those that are known to be valid; there’s a person looking at the e-mail. Qualified addresses are obtained from other lists, when someone responds to a spam e-mail from an unqualified list, or from asking to be unsubscribed from a list. Obviously qualified addresses are preferred.

The Can-Spam Act of 2003 was intended to reign in the rampant spam attacks most people suffer. Endorsed by many spamming advocates, the law actually does very little to reduce spam. It requires mass e-mailers to maintain their own equipment, making it illegal to “hijack” another system to send their spam. They’re also required to provide some system for recipients to “opt-out.” The details of such a system are vague, and could include having to submit a written request via fax or regular mail. Obviously, requesting to “opt-out” would then qualify an address, which could be sold to other spammers. Finally, that only applies to spam originating within the United States. Spam from outside the country is immune to this law. As of January 2004, more than 99 percent of spam failed to comply with the Can-Spam Act.

Spam is costing American companies millions of dollars in both technology costs, and in lost productivity. Every spam e-mail that an end user receives had to be downloaded from a server, and saved on a local hard drive. Every spam e-mail that gets deleted had to be reviewed by an end user, wasting 5-10 seconds of corporate time. Averaging 10 spam e-mails a day across the country, this quickly adds up. Spam related losses for 2002 are an estimated $8.9 billion nationwide.

There are numerous ways to combat spam, depending upon circumstances. An end user with a single e-mail address from their internet service provider (ISP) should develop better e-mail practices.

• Don’t respond to or open spam. Asking to be removed merely tells them that someone is reading it, making you a more desirable target. Opening any unsolicited e-mail is a bad idea.
• Don’t purchase anything from spam. Purchasing from a spam e-mail merely encourages the spammers, and funds the next wave.
• Don’t preview messages. Many spam e-mails include “web beacons” or “1 pixel” files. Essentially, these are files on a server somewhere. When you preview the message, you request these files from the web server which can track your usage. It’s also a bad habit with the current virus threat. You should turn off message previews.
• Most of today’s e-mail clients feature some sort of spam block. Various third party solutions are available to provide or enhance these functions.

Essentially, this is a feature (or add-in product) that scans your inbound e-mail for various spam symptoms, and isolates those it considers to be possible spam. This is far from an ideal situation, as you’ve already downloaded the e-mail from your ISP, and it’s sitting somewhere on your hard drive.

Medium-sized business users should ensure that their mail servers are secure. Operating open relays on their mail servers would allow spammers to use them for spam attacks. Businesses have two primary options– implementing spam filters on their mail servers, or getting spam filters placed at or above their ISP.

Placing spam filters on the e-mail server is similar to the filters on e-mail clients, with the same shortcomings. The e-mails are downloaded, and then scanned through a filter. E-mails that are considered spam are isolated. However, the e-mail has to be downloaded, which wastes bandwidth and hard drive space. For an individual, this isn’t as large an issue. But for a 100-person office, it can be 10,000 spam e-mails a week. Why pay for bandwidth and hard drive space that you can’t use?

Placing spam filters at or above the ISP is the ideal solution. Essentially, an additional link is placed between your e-mail server and its server. This new server contains the filters to remove the spam e-mails, and only send the legitimate e-mails to your server. You only use bandwidth and hard drive space for legitimate e-mail. Additionally, most services will also provide virus scanning capabilities, reducing your exposure to another e-mail pitfalls.

Spam has rapidly become a way of life, and it’s likely to continue. Legislation can’t stop it, as it was already illegal in many of its practices. Short of redesigning the entire e-mail system, the only way to curb the flood of spam is to make it less effective for spammers, while making it more difficult for them to get their message across.

Email James at James_Osborne@mnccpa.com.