Let’s say your employees make on average $20/hour and spend a minimum of six minutes each day dealing with the junk e-mail they receive. That works out to about $2 in lost revenue per worker each day. Multiply that by the number of your employees and the number of working days a year and that multi-billion dollar figure suddenly hits home.
Mike Stiers, technical analyst at Schukra of North America, worked out that calculation to determine how much their anti-spam software was saving this supplier of lumbar seat comfort systems for the automotive, aviation and commercial furniture market. Based on their 250 employees, Stiers calculated the Lakeshore, Ont.-based firm has reclaimed over $100,000 in lost labour by eliminating spam from employees’ inboxes. “When people come to their PCs Monday mornings, they don’t see 300 spam messages,” he says. “They can get right to what they need to do.”
Ferris Research claims that 15 per cent to 20 per cent of incoming e-mail for U.S. users is unsolicited commercial e-mail. Spam has become a big business. The research firm estimated in April 2003 that there were 11 million anti-spam seats deployed globally at a value of US$55 million. Gartner predicts that 80 per cent of all e-mail will be spam by the end of 2004.
Finding a fix that fits
Selecting a product from among the thousands with huge price differences can be daunting, but Stiers made quick work of it last March. After a week’s research and testing, he chose the Internet edition of Power Tools for Exchange from Ottawa-based Nemx Software Corporation. “It stopped 99 per cent of the junk e-mail,” he recalls.
Nemx claims to offer the industry’s only proven anti-spam, anti-virus and secure content management products created exclusively for the Exchange Server environment. As a ‘plug & play’ add-in to Exchange Server, no additional hardware, software or operating system is required. Users no longer need to manually filter spam using Outlook.
Initially, Stiers worried about false positives. “I was sitting there watching mail as it was stopped,” he admits. But only about once a month, a legitimate e-mail would be falsely identified as spam. “Since we don’t delete them, we just quarantine them and we were able to go back and retrieve that e-mail at their request.”
Stiers at first just relied on the software to check the address of every incoming e-mail against databases of known spammers. When one of the major providers of that database no longer offered that service, he purchased Concept Filtering from Nemx to look at each message, assign a value for each word and then quarantine the message if it identifies three ‘bad’ words.
Having implemented it two weeks prior to this interview, he had 10 mistakes in those first two weeks. He expected those false positives to decrease with modifications back to his acceptable level of one per month.
Still, that requires someone examining the quarantine list to catch what could be a valuable e-mail that might be worth more than the $100,000 he reckons the anti-spam efforts save the company. Stiers seems to accept that duty unequivocally. He says he gets at least one message every two minutes, blocks over 1,000 junk e-mail messages a day for their 250 users, but spends only about five minutes a day looking at the quarantine for false positives.
“You just scroll through quickly and can see the obvious ones that stick out,” he shrugs. “You can easily pick them out, hit the release message button and it goes to the intended recipient. I’ve got maybe two calls saying they’ve missed a message.”
He deletes the messages after one month. Between March and mid-November, he has blocked over 120,000 spam messages, he says. “That’s a pretty cool deal for about $750.”
Reducing the number of e-mail messages to back-up each weekend is another bonus. But Stiers perhaps most appreciates the fact that the software sits on the server and is transparent to users. “Some people will install spam software on each of the individual users’ e-mail client. Administration of that is so much more difficult because now you have 200 other licenses to deal with, 200 other users with their computer on and you have to update the list.”
John Gilbert, director of information systems at Eagle Creek, Inc., chose a hardware solution which not only fights spam before it hits their mail server but also prohibits a spammer from hijacking the company’s email system to send spam. When unwanted e-mails at this California-based manufacturer of travel gear grew to more than 100 a day and their content become “a bother” to senior executives, Gilbert checked out BrightMail, MessageLabs, TrendMicro, MacAfee and others. He chose Meridius security gateway server from BlueCat Networks Inc. of Richmond Hill, Ont. “It was the only product I found other than using a service which would allow me to integrate directly into my configuration without me having to make major changes,” he says.
Eagle Creek has 89 staff but 110 e-mail addresses which include Web sites, sales, marketing departments, online purchasing and other purposes. E-mail first comes into the company’s firewall, then goes for virus scanning to Trend Micro virus scan software, then returns to the Meridius mail relay appliance to determine if it is spam or not. If it is not classed as spam, it is passed on to the mail server.
BlueCat describes its Meridius server as a dedicated network appliance that uses Linux and a Java technology-based management console for Windows, Solaris, Mac or Linux clients.
Using the open source SpamAssassin engine, it offers a multi-level gateway protection that includes real-time black lists, spam detection and spam quarantine. It is also available with COMMAND antivirus software from Authentium, Inc. of Jupiter, Fla.
Users watch for accuracy
Gilbert likes the Hotmail-style quarantine box for each user which addresses the worry of blocking valued e-mail. He says the server sends out a digest on each user automatically – requiring zero management administration. The user can view the quarantined e-mails or just leave them to be automatically deleted in 10 days or whatever choice of selected frequency. Gilbert has the digest of quarantined items delivered to users’ PCs twice daily. He likes being able to leave it to the user to accept or reject the quarantined e-mails.
He finds it quick and easy to ‘white list’ e-mail addresses or add addresses to the black lists.
He cites as “an extremely useful feature” the ability to automatically dump correspondence sent to the people who have not worked in the company for some time or for which there is no e-mail address, such as [email protected] “For me as the only administrator dealing with e-mail, it’s been a really great thing to say ‘don’t keep letting these e-mails through’.” As well, all the postmaster e-mail gets delivered to him, so he has to look at anything that has failed because of a wrong address or there is some other communication problem with either inbound or outbound.
Gilbert finds it runs about 80 to 95 per cent effective at catching spam and keeping it out of the users’ mailbox. False positives are “usually solved within 24 hours by me adding that e-mail address to the white list,” he says.
He finds it takes five minutes to go through the spam filter because the quarantine digest shows the sender name and subject line. Legitimate e-mails stand out.
Eagle Creek uses Microsoft Exchange 2000 for its internal e-mail. Gilbert says he found it onerous to use Exchange to alias an e-mail for a transition period to allow e-mail to one user to go to another user. In contrast, “I just go to the Meridius and zoom, bam, save, apply, done – and I can go in and delete the e-mail address out of Exchange, clean up that user, remove their files around and I’m done.”
He says the Meridius also does its own DNS “so there’s no additional load on my DNS servers.”
The latest version features enhanced reporting tools. “I can tell people we’re getting 10 to 20 e-mails per second and eight of them are spam.”
Administration has been minimal after the initial integration which only took about 2.5 hours with the aid of a phone call.
Eagle Creek purchased a service agreement along with the hardware and Gilbert was impressed when BlueCat had a new box shipped the next morning after it was determined that something was not working well with the original equipment. He says most companies would have engaged Eagle Creek in two or three days of troubleshooting time and effort first.
Since installing it in April 2003, the Meridius is saving at least six to seven hours a week on his own workload, Gilbert estimates. “It’s easy to set up, configure and maintain,” he summarizes. “I’m in charge of security, phone systems, Internet communications, Web servers, backup, recovery, you name it – so I really appreciate a solution like this.”
The Meridius retails in Canada at $15,000.