Las Vegas

Spamunsolicited e-mail, usually for commercial purposesis not only a nuisance for corporate users, it is a drain on productivity, said a panel of experts at the recent Comdex 2003 Global Technology Marketplace held here.

Panel leader Dave Piscitello, president of Core Competence Inc., a network management consulting firm based in Chester Springs, Pa., noted that in addition to its unsolicited status, spam is often “advertising for dubious, offensive, potentially illegal products and services.” Often, he added, the message is a scam involving some get-rich-quick scheme or soliciting donations to phony causes.

According to Michael Osterman, president of Osterman Research Inc., Black Diamond, Wash., however, a significant problem for businesses is that their employees may each spend more than 6 days a year dealing with the spam they receive.

Osterman said that, for most people, between 50% and 65% of all e-mail is spam. He noted that his companys research found that users identify spam as their No. 1 problem consistently. “Its grown so quickly; its a very serious problem,” he said.

While some 80% of organizations have some form of anti-spam technology in place, even protected employees will spend as much as 80 minutes per 1,000 e-mails (about 2.4 work days a year) dealing with spam, he emphasized. Unprotected employees will spend about 200 minutes per 1,000 e-mails (6.1 work days per year).

“Spam is not free speech,” Piscitello claimed. “It is costly for organizations.” It is also costly to the technology community because “it turns a lot of consumers away from technology,” he added.

He pointed out that spammers and anti-spam technologists are constantly “playing a game of cat and mouse,” with spammers working hard to find ways to bypass anti-spam filters.

When it comes to such filters, however, Osterman said that in his research, 40% of spam-filter users report that the products performance is degrading over time. “Early generation systems are not as effective as current products,” he noted.

Osterman said that with spam filters, false positiveslegitimate e-mail identified as spamare “more of a problem than spam itself,” because they could result in missing important e-mails. He added that an “acceptable” level of false positives is 3%, while 1% is “good” and the “ideal” is .0002%. Having zero false positives is possible, he noted, but that requires “a lot of tuning.”

He also pointed out that anti-spam laws have been passed in 28 states but that they have been difficult to enforce. One reason is that they dont apply to offshore spammers. Often, he added, such laws are “too vague to allow judicial interpretation.”

Osterman predicted that the percentage of e-mail that is spam will increase but noted that protected users will not experience the increase to the same extent. One area of particular concern will be increased pornography spam, which could result in potential workplace claims (sexual harassment) and could involve “enterprise liability for internal and external e-mail,” he noted.

“Spam volume and tactics represent a real threat to e-mail uptime and quality of service,” stated Scott Petry, founder of Postini, an e-mail security company located in Redwood City, Calif. He said his company had processed 148 million e-mail messages for its clients, finding that about 111 million, or 75% of those messages, were spam.

“People send out spam for profit and viruses for sport,” noted Paul Judge, chief technology officer for CipherTrust Inc., a security solutions developer based in Alpharetta, Ga. Anti-spam technologies primarily offer detection and protection that includes white lists (lists of acceptable e-mail senders) and may also include a challenge/response mechanism. Such a mechanism, he explained, requires that the sender answer a question, thereby insuring the sender is human, rather than a computer running through a list.

Asked for general tips on dealing with spam, the panel recommended the following:

Do not respond to any spam e-mail. This allows the spammer to validate your e-mail address.

Never click a “remove me from your list” link, since this also enables the spammer to validate your address.

Use a separate e-mail address for online commercial transactions.


Reproduced from National Underwriter Life & Health/Financial Services Edition, December 5, 2003. Copyright 2003 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.