Inundated with spam?

Spam, which in a broad sense is any
unsolicited, unwanted electronic
message, is a serious problem that continues to grow at an alarming rate.
Not only does it slow down the passing
through of legitimate mail over the
Internet — and therefore slow down the
conducting of actual business — but also
dealing with spam has become an enormously time-consuming issue for IT
departments.

“Spam has changed in nature over the
last few years,” says Michael Lee
Grissom, associate vice president for
information technology at Fontbonne
University. “In the early days of the
Internet, it involved Internet hoaxes —
you’d hear about a hoax and pass it along
to your friends. Then, marketers got hold
of the idea and the rest is history. Because
e-mail is free, spammers don’t care if they
have to send out millions of messages to
get one or two responses. And there really appears to be no end in sight.”

Smart Business spoke to Grissom
about spam and what organizations can
do about it.

How prevalent has spam become?

To give you an example, Fontbonne
University has approximately 3,000 active
users in e-mail at any given time. A few
years ago, we were getting 20,000 messages from the outside every day. Today,
we’re getting 350,000. Only 4 percent of
that is legitimate e-mail. Everything else
is spam. The volume is incredible. One
day, we received 700,000 spam e-mails.

What special challenges does it present for
the IT department and the organization as a
whole?

Dealing with spam takes a tremendous
amount of time. And spammers get cleverer all the time. As soon as the IT folks
figure out a way to block the spam, the
spammers come up with another way to
get through. In addition, spam competes
with legitimate e-mail, so when waves of
spam hit your filter, everything slows
down. This frustrates the users. Then
there is the constant education that the IT department has to do with the employees
about what they can and cannot do with
the e-mail system.

What are the best lines of defense?

Three or four years ago, a spam filter
was optional. Today, it’s an absolute
must. You can filter your e-mail on site,
but the downside is that all mail has to
come through, which eats at your bandwidth. But the advantage is that you have
more control with your settings, and you
can go back into the log and retrieve
messages that got caught in the filter but
that were legitimate and should have
made it through.

A second option is that you can out-source your e-mail service for a monthly
fee, go to the provider’s browser and pick
up your mail. This probably works best
for smaller businesses with 20 employees or so.

A third option is a service that you route
all your mail to; they filter it out and pass
to you what appear to be legitimate e-mails. The downside is that while you can
go back through the log, the service is
expensive for a large organization. But, it will save you bandwidth. In addition to
having a good filter, you can limit the
types of attachments you’ll let go through.

Another thing you can do is educate
users to be very selective about whom
they give their e-mail address to. Educate
them about phishing, as well. Phishing is
where criminals try to collect personal
identification about people under false
pretenses. You would be amazed at how
many people fall for phishing scams and
give out their credit card, bank account
and social security numbers just because
the request looked ‘official.’ When employees do this on your watch, it’s your
problem, too.

How flexible are filter rules?

There is a lot of tweaking you can do,
adding your own blocked and suspect
key words, etc. But you have to be careful with the words. For example, take the
word ‘sex.’ What if you’re a university and
you have a team of psychologists working
on a project about human sexuality? Also,
if the filters are catching legitimate e-mail
from certain senders, you can put their
names on ‘whitelists’ to allow them to
come through.

What does the future hold? Will things get
better?

It’s getting more and more difficult to
decipher what’s legitimate and what is
not, and the pace is picking up.
Personally, I don’t think the outlook is
good. And because it’s the ‘worldwide’
Web, it’s near impossible to try to regulate
spam. If we had laws in the United States,
the spammers would send their messages
from Canada, India or Asia. A direct outcome of all this is that more people are
having multiple e-mail addresses, segmenting by activity. And, in fact, some
people are becoming less dependent on e-mail out of sheer frustration. It’s very difficult to get your arms around the entire
issue. It’s just an ongoing battle with no
real end in sight.

MICHAEL LEE GRISSOM is the associate vice president for information technology at Fontbonne University. Reach him at (314) 889-1488 or [email protected].