Spam has long-been a bugbear for business – chewing bandwidth, clogging-up inboxes, and a spoke in the wheel of employee productivity. Despite improvements in anti-spam technologies over the years, spam messages still manage to slip by, and valid e-mails are lost.
Richard Broeke, an IT security specialist at Securicom, says that when an anti-spam solution falsely detects even a small percentage of e-mails as spam, it can lead to a large number of important messages being misclassified and made unavailable.
“The industry average false-positive rate is 0,15% annually. This translates into a voluminous amount of important e-mails being falsely classified as spam every year. A lot of anti-spam solutions fly well-over this average.
“The problem for businesses is a real one. It means that misclassified e-mails containing critical business information, from purchase orders and invoices to enquiries and contracts, are sent the spam bin. Even if users have direct access to the spam folder and they are diligent about checking it, it means wasting many hours sifting through messages to look for valid e-mails.
“Aside from being time-consuming, the chances are high that business critical content will still be missed, given the sheer volume of spam that floods e-mail on a weekly basis. In many cases, the valid e-mails classed as spam are simply automatically deleted,” explains Broeke.
Research by Osterman Research on behalf of Trustwave in January this year found that the typical e-mail user receives a median of 80 e-mails per day. In a 260-day work year, a typical e-mail user will receive 20 800 e-mails.
An organization of 750 employees will receive 15.6 million e-mails annually. Based on the industry average false positive rate, that means that 23 400 valid e-mails each year in an organization that size will be falsely identified as spam and placed into quarantine or deleted.
Aside from wasting time, with the potential of still missing valid e-mails that have been misclassified, searching spam folders poses another problem.
“Employees often end-up tagging as valid e-mails which are well-and-truly spam. The result is that they allow security threats to be reintroduced back into the e-mail system. Phishing scams, spyware, adware, Trojans and viruses can all be unleashed onto the internal network by just one employee who clicks on a link or attachment that contains a threat hidden in a spam message,” comments Broeke.
According to him, the Trustwave research showed that 64% of companies have experienced malware infiltration through e-mail.
“Email remains a favoured channel for hackers, spammers and cyber criminals. Oftentimes, cleverly-disguised spam is the conduit. These messages perpetuate malware and phishing, amongst other problems. So aside from absorbing bandwidth and storage, spam is also a security threat,” says Broeke.
He explains that anti-spam solutions use a dynamic set of inbuilt matching criteria to individually interrogate mail messages and detect spam. Upon matching a specified number of these criteria, a message will then be identified as spam and removed from the system.
There is a growing trend towards cloud-based anti-spam services which reflects that companies are seeing the benefits of eliminating spam before it even enters corporate networks.
“Certainly, moving to cloud-based anti-spam services bodes well for delivering clean and valid message streams into company e-mail systems,” acknowledges Broeke.
As not all anti-spam solutions are created equal, Broeke says companies must make sure that the solution they have in place effectively stops spam before they get to the e-mail server, with a false-positive rate below the industry average of 0.15%. Solutions that offer a 90% catch rate might sound good but, that’s not good enough.
The solution should also provide optimal protection through continually and automatically updating itself to safeguard the business against emerging and fast-spreading threats.
The best anti-spam solutions offer organisations easy deployment, ease of use and low admin, without sacrificing control.
Securicom provides a comprehensive, packaged solution for managing e-mail and e-mail security. The solution, e-Purifier, utilises best-of-breed technologies, including Symantec Brightmail, and encompasses e-mail content management, anti-SPAM (from Trustwave), recipient validation and three layers of anti-virus to provide proactive and effective management of e-mail at ISP level.
It is a fully hosted solution that is offered on a subscription basis, making it cost-effective and accessible for smaller businesses that don’t have the budget or resources to purchase and maintain a best-of-breed on-premise solution.
