Spam taking a toll on business systems

Some IT managers are battling spammers, but others say the fight is too expensive

Raymond Huff doesn't do much to block spam from invading servers and e-mail in-boxes at his company, Trans Pacific Stores Ltd. He doesn't have to.

But he's paying a fairly high price for that luxury. Huff is keeping Trans Pacific's e-mail addresses under wraps, thereby limiting potential customer contact.

"We don't get that much spam coming into our system because we don't give out our e-mail addresses" to anyone other than business associates, said Huff, vice president of the Lakewood, Colo.-based provider of snacks and sundries to office buildings. In fact, the company avoids publishing e-mail contact information on the Internet, and employees are encouraged not to release their e-mail addresses. And it's all because of spam, Huff said.

The recent proliferation of unsolicited commercial bulk e-mail, commonly known as spam, has end users and network and messaging administrators scrambling for ways to be rid of the bogus, lewd and annoying electronic messages that can flood user mailboxes and cripple networks.

Beyond the technology issues, companies are concerned about messages that are inappropriate, if not downright offensive, in a business environment.

"We don't want the lewd pictures - my wife doesn't need a penis enlargement, and I don't need breast implants," said Bob Kramer, owner of CIS Internet Services, a small Internet service provider in Clinton, Iowa. Kramer's problem is that his company has been hijacked. His domain has become a favorite for spammers to spoof in the "to" and "from" fields, and the sheer volume of spam that moves through his servers as a result has nearly crippled his business, Kramer said.

Brightmail Inc., a San Francisco-based developer of spam- and virus-blocking software, measures spam attacks - blasts of unsolicited e-mail messages to many addresses from a single source. According to its research, such attacks increased from 148,100 in January 2000 to 2.8 million last month. HiWaay Internet Services in Huntsville, Ala., meanwhile, puts the number of spam messages it blocks per minute at about 150, which equates to 78.8 million per year.

That surge has moved some companies to take drastic action. For Todd Meagher, co-founder of Credit.com Inc., the potential loss of legitimate business correspondence inherent in blocking spam is an acceptable price to pay to keep his network spam-free.

Credit.com is a credit information and services company in Alameda, Calif., that has also been the victim of domain spoofing. Meagher uses a combination of filtering devices and blocks at the router to keep unwanted traffic out. Unfortunately, it also keeps some legitimate messages out.

"The trouble is, almost all filters today work using simple keyword-matching approaches, when what's needed is something with more natural language interpretation intelligence," said David Ferris, president of Ferris Research Inc. in San Francisco. "Otherwise, any reasonable attempt at defining filters ends up either letting much too much in that you don't want in, or stopping bona fide messages."

"That's the price you pay," Meagher noted. "There's no clean solution yet."

As unsophisticated as existing tools are, people will pay for them, Ferris said.

"One reason people will pay for antispam services is because of the false positives. You'll be charging through, deleting a whole load of spam, and in the rush you'll inadvertently delete important things that superficially look like spam but aren't," he said.

"Another reason is that many users will have restrictions on their mailbox sizes for the foreseeable future," Ferris said. "A flood of spam can cause the message store space to run out, in which case new bona fide incoming e-mail will be refused."

Using existing tools, as crude as they may be, is the only solution now, because spammers aren't easy to identify.

"The biggest problem about spam is that the people who do it lie," Kramer said. They hide behind false addresses, relay messages through "open relay" e-mail servers, many of which are located offshore, and generally make it difficult to find a person or organization that could be held accountable.

Read accompanying story:

Copyright © 2002 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon