A vast majority of IT professionals responsible for e-mail management describe spam as a serious problem in their organizations, but nearly half say they've found ways to cope with it, a new survey finds.
Of the 1,303 SearchWin2000.com members who took part in the survey, 86% said they've been inundated with mass-mailed messages. Only 12% of respondents said spam was "not a big deal."
A system administrator for a small bank who was contacted about the survey echoed the frustration that many IT workers and their users experience in dealing with the problem.
"Our bank depends on e-mail, both internally and externally, and having to filter through 75% junk is a waste of time, energy, storage and bandwidth," said Roger Wright of Southern Commerce Bank, in Tampa, Fla.
Wright tried enabling content filters on his e-mail server but abandoned that tactic because of the risk of automatically deleting legitimate messages, known widely as "false positives." Instead, he installed a client-side tool from Sunbelt Software Inc., Clearwater, Fla., called iHateSpam, to manage the junk mail within Microsoft Outlook.
"It is very effective, but still requires the users to review and delete the unsolicited mail they receive," he said.
No magic bullet
There are so many spammers, and so many techniques for sending spam, that any effort to combat it must be a multipronged approach, according to the head of a software company that makes an antispam tool.
Gideon Mantel, CEO of Commtouch Software Ltd., recommended that IT managers start with three very basic but helpful steps: Counsel users about not opening unsolicited attachments, tell them never to hit the "remove" link in an e-mail message, and limit the number of e-mail addresses placed on a company's Web site.
"We are going to the basics in educating our users, but if we do the basics, the basics are working," said Mantel, whose Netanya, Israel-based company shuns a content-filtering approach to spam in favor of a statistical-analysis method.
Commtouch's flagship product, Anti-Spam Adaptive Protection (ASAP), is an add-on to Microsoft Exchange. It analyzes 10 to 20 million e-mails a day for excessive-mailing patterns, rather than simply blocking key words such as "Viagra." He said, "For some people, 'Viagra' is a very legitimate word."
Free antispam tricks
Other experts on spam say there are several free tricks to trip up spammers that IT managers can implement with relative ease. In addition to the basics that Mantel cited, the Center for Democracy & Technology, a Washington think tank, recommends that users create "disposable e-mails" when corresponding with companies they are unsure about.
CDT, which in March posted the results of its own research on commercial spam, said users and IT managers can also thwart automatic e-mail "harvesters" by obscuring e-mail addresses in "human-readable" or "HTML-obscured" form.
An example of a human-readable address is "yourname at domain name.com," instead of "email@example.com." On the other hand, HTML-obscuring entails encoding e-mail addresses. West Bay Web Internet Publishing offers a free tool that changes an e-mail address from an ASCII format to its decimal equivalent.
'Do not spam' proposal criticized
One idea that few agree will work is a national "do not spam" list. Congress appears poised to pass such a law in the near future. However, last week, the idea was labeled a "waste of time" by Federal Trade Commission Chairman Timothy J. Muris.
Commtouch's Mantel agreed with that assessment. He said that spreading viruses and hacking are already illegal, and yet those practices continue unabated. "A good chunk of spam is already illegal, or at least semi-illegal, so they [spammers] will not stop," he said.
Southern Commerce Bank's Wright was equally pessimistic.
"Although a 'do not spam' registry sounds like a good idea, I think it would be nearly impossible to enforce due to the number of open relays in existence and the proliferation of spam sources outside the United States," he said. "Spoofing e-mail addresses also makes this a no-win option."
Instead, Wright said, he'd like to see better use of "white list" software that enables an e-mail client to determine which e-mails are acceptable. He'd also enlist the support of Internet service providers (ISPs), whom he would like to see charge subscribers for bulk mail based on the number of messages they send, a more expensive proposition than charging on a per-byte basis.
FOR MORE INFORMATION:
Best Web Links: Exchange and other groupware
Product & Vendor Solution Center: Antispam software