Mark Gibbs: What spam really costs, Part I

I’ve recently discovered 1) how few companies have a handle on how their e-mail systems work and what they cost, 2) how little they know about their users’ experience, and 3) what spam really costs. To answer the latter you need to know the former.

The first issue requires a straightforward review of your system architecture, including equipment, services, and (this is the one that almost always gets overlooked) how they integrate (or don’t) with business processes (if you have trouble getting this review done, let me know, I will be only too happy to help you for an exorbitant fee).

You also need to know what your incoming data services look like: what they cost per month, what percentage of the bandwidth is actually used and what fraction of that is used for e-mail.

And you’ll need to know what the management and maintenance costs are for e-mail, and what costs are involved with the storage of e-mail on a monthly basis (don’t overlook desktop costs and transient storage on the server).

The next issue is crucial: You need to survey your users. “What!” I hear you exclaim. “We have to actually talk to them?” Yep, sorry. In the case of spam, you need to find out what your end users actually do with e-mail and what they perceive the spam problem to be.

The first task is to find out how much mail each user sends and receives each month (a month usually gives a more accurate profile than a week or a day) and segregate that into internal and external routings. Then ask the users what percentage of the mail they receive is what they think of as spam.

This is a crucial issue: What you in IT think of as spam could differ significantly from the end user’s viewpoint. For example, you’ll both (I hope) agree that hot teens and the enlargement of bodily parts constitute spam. Where you’ll differ could be more subtle. Your users might not object to refinancing opportunities and actually might welcome offers from obscure Chinese manufacturers. You’re going to have to do a little digging here.

So, if you have a large user population and can’t survey everyone, use a statistically significant sample, and then go and find out what they think. Then ask them to forward samples of each type of spam they get for analysis (make sure you use the term “analysis” – it always sounds much sexier then “check out”).

You also should watch a few users handle their e-mail. Find out how long it takes them to handle the spam they get and then work out the average time it takes for them to handle a spam message.

In the spam cost models I have built, I worked with a value of 5 seconds for a user to handle a piece of spam, but your users’ mileage might vary. Some IT people have told me their average user takes roughly one minute to deal with each spam, which significantly increases the cost.

OK, so that’s your homework. Find out all of those figures, and next issue we’ll start working on the last issue: what the cost of spam really is for you.

Send your homework