Spam: managing a solution

March 26, 2007

Spam cannot be ignored. In January 2004, Microsoft CEO, Bill Gates made the now infamous statement that, ‘Two years from now, spam will be solved’. Three years on, the problem has not only not been solved, it has worsened – and quite considerably.

Recently, the volume of spam e-mails sent has dramatically risen on a global scale – in the 12 months to November 2006, the daily volume of spam rose by 120%, jumping 35% in November 2006 alone. By December 2006, 85 billion spam e-mails were being sent every day.

With the situation worsening at an exponential rate, any business not employing an effective means of managing the issue will most likely have noticed that their e-mail users are receiving an ever-rising tide of spam. Consequently, e-mail is becoming less viable as a business communications tool.

Voluminous spam

This massive surge in volume is, in part, due to the continual evolution of spamming techniques. Until relatively recently, spammers focussed their activities on distributing identical e-mails to as many recipients as possible. This allowed businesses to utilise a simple anti-spam tool, such as a free piece of software, to tackle the bulk of the problem.

However, spammers quickly learnt how to fool these simple spam blockers. For instance, rather than one mail being distributed to many recipients, each mail is now being personalised to the recipient in an attempt to dodge their filtering systems. Spammers are now able to distribute e-mails in massive volumes, both in textual and graphical format – the latter including minute changes that are unique to each e-mail, again in order to elude capture.

So, with less sophisticated means of combating spam no longer viable, what can lawyers do to tackle what will continue to be, for the foreseeable future at least, an unwanted side effect of modern e-mail usage?

You can take some steps on your own to improve the amount of spam that you might receive. For instance, it is certainly true that signing up for large numbers of newsletters online exacerbates the issue – although, of course, it is sometimes necessary. In fact any activity where you publicly share your e-mail address will attract spam, including news groups and contact pages of company Web sites. Also, you should never click on the hyperlinks contained in spam messages that claim to remove your e-mail address from their mailing list, as these are merely intended to identify your address as active – and hence worth spamming even more.

Manageable spam

A number of more proactive strategies can be employed by a legal organisation against the spam threat, involving both hardware and software, which purport to combat the problems. However, the downfall with both solutions is that, similar to a reliance on good user practice, each requires at least a degree of user intervention or management in order to be effective.

An increasing number of companies are therefore making use of a third option – a solution that utilises a specialist managed service in order to combat the issue. E-mail managed services offer a number of key benefits. Most importantly, a managed service operates outside the office network, acting as an effective barrier to allowing spam or viruses through to the company servers, whilst also ensuring that users do not need to manage or update the service with, for instance, virus definitions.

By filtering e-mail before it reaches the network, unlike standard hardware or software solutions, the threat caused by spam is effectively removed, and users won’t experience a downgrade in service. Also, as the e-mail is managed externally, managed services eliminate the problem of wasted bandwidth due to downloading spam and viruses, effectively providing additional resources within the user organisation at no extra cost.

A high-quality managed service can capture 99.2% of unwanted e-mails of all types, including image spam, pornography and phishing attacks. This success rate is achieved by utilising multiple specialist spam filters to provide a layered solution to the issue – including such technologies as IP reputation filters, Bayesian filtering, a collaborative engine, a Recurrent Pattern Detection engine, a directory harvest module, and spam blacklisting. Most hardware or software solutions often only use one or two of these techniques.

Another key factor to success for a solution to the spam problem is to have a global view of it, and being able to react to new outbreaks as and when they happen. Hence, leading-edge managed service providers deliver added functionality, such as ‘zero hour’ protection from the initial seconds of a spam or virus outbreak, protection against denial of service attacks, or attacks intended to acquire named recipients at the company, 24-hour customer service support, and visual reporting mechanisms.

With all e-mail filters there is a balance between the percentage of spam that is captured and the number of legitimate e-mails that are incorrectly identified as spam, which are known as ‘false positives’. Industry leading managed services will currently capture only one false positive, which is easily recoverable, in approximately every 300,000 emails. More simplistic spam solutions will capture as many as one in 1000 and, in order to locate it, users will often have to manually sift through the spam anyway.

Finally, this third way – outsourcing your e-mail management, filtering and support – is, ultimately, a more cost effective way of ensuring that e-mail remains usable, rather than managing it in-house. This is because of the cost associated with the leading edge hardware and software, as well as with the technical skillsets required.

Soluble spam

So, with even the legal sector under attack and the volumes of spam and malicious e-mail increasing month-on-month, it indeed appears that Bill Gates’s lofty goal has not been met.

However, legal professionals are well placed to understand the philosophy that to solve a problem doesn’t necessarily require eliminating it entirely. Rather, we can manage it to the point that its impact on e-mail usage is minor. In that way, perhaps Gates’s prediction can come true for those companies who make use of the right strategies.

James Turnbull is Managing Director of Infrastructure Solutions at Northgate Solutions, a provider of ICT and managed services solutions and software: