Inundated with spam? Featured

8:00pm EDT July 26, 2008

Spam, which in a broad sense is any unsolicited, unwanted electronic message, is a serious problem that continues to grow at an alarming rate. Not only does it slow down the passing through of legitimate mail over the Internet — and therefore slow down the conducting of actual business — but also dealing with spam has become an enormously time-consuming issue for IT departments.

“Spam has changed in nature over the last few years,” says Michael Lee Grissom, associate vice president for information technology at Fontbonne University. “In the early days of the Internet, it involved Internet hoaxes — you’d hear about a hoax and pass it along to your friends. Then, marketers got hold of the idea and the rest is history. Because e-mail is free, spammers don’t care if they have to send out millions of messages to get one or two responses. And there really appears to be no end in sight.”

Smart Business spoke to Grissom about spam and what organizations can do about it.

How prevalent has spam become?

To give you an example, Fontbonne University has approximately 3,000 active users in e-mail at any given time. A few years ago, we were getting 20,000 messages from the outside every day. Today, we’re getting 350,000. Only 4 percent of that is legitimate e-mail. Everything else is spam. The volume is incredible. One day, we received 700,000 spam e-mails.

What special challenges does it present for the IT department and the organization as a whole?

Dealing with spam takes a tremendous amount of time. And spammers get cleverer all the time. As soon as the IT folks figure out a way to block the spam, the spammers come up with another way to get through. In addition, spam competes with legitimate e-mail, so when waves of spam hit your filter, everything slows down. This frustrates the users. Then there is the constant education that the IT department has to do with the employees about what they can and cannot do with the e-mail system.

What are the best lines of defense?

Three or four years ago, a spam filter was optional. Today, it’s an absolute must. You can filter your e-mail on site, but the downside is that all mail has to come through, which eats at your bandwidth. But the advantage is that you have more control with your settings, and you can go back into the log and retrieve messages that got caught in the filter but that were legitimate and should have made it through.

A second option is that you can out-source your e-mail service for a monthly fee, go to the provider’s browser and pick up your mail. This probably works best for smaller businesses with 20 employees or so.

A third option is a service that you route all your mail to; they filter it out and pass to you what appear to be legitimate e-mails. The downside is that while you can go back through the log, the service is expensive for a large organization. But, it will save you bandwidth. In addition to having a good filter, you can limit the types of attachments you’ll let go through.

Another thing you can do is educate users to be very selective about whom they give their e-mail address to. Educate them about phishing, as well. Phishing is where criminals try to collect personal identification about people under false pretenses. You would be amazed at how many people fall for phishing scams and give out their credit card, bank account and social security numbers just because the request looked ‘official.’ When employees do this on your watch, it’s your problem, too.

How flexible are filter rules?

There is a lot of tweaking you can do, adding your own blocked and suspect key words, etc. But you have to be careful with the words. For example, take the word ‘sex.’ What if you’re a university and you have a team of psychologists working on a project about human sexuality? Also, if the filters are catching legitimate e-mail from certain senders, you can put their names on ‘whitelists’ to allow them to come through.

What does the future hold? Will things get better?

It’s getting more and more difficult to decipher what’s legitimate and what is not, and the pace is picking up. Personally, I don’t think the outlook is good. And because it’s the ‘worldwide’ Web, it’s near impossible to try to regulate spam. If we had laws in the United States, the spammers would send their messages from Canada, India or Asia. A direct outcome of all this is that more people are having multiple e-mail addresses, segmenting by activity. And, in fact, some people are becoming less dependent on e-mail out of sheer frustration. It’s very difficult to get your arms around the entire issue. It’s just an ongoing battle with no real end in sight.

MICHAEL LEE GRISSOM is the associate vice president for information technology at Fontbonne University. Reach him at (314) 889-1488 or mgrissom@fontbonne.edu.