Depending on whom you ask, at least half of all the e-mail traffic on the Internet these days is spam. Some say it’s even more. IDC Canada country manager Michael O’Neill has been tracking the spam that finds its way into his e-mail

box for more than four years. In August 2000, it accounted for 2.4 per cent of his e-mail. By this summer, it was 61 per cent — even though his mail is filtered with the latest technology.

We know spam clogs the arteries of the Internet like a gelatinous, fatty meat by-product, but the true costs are still difficult to quantify. “The real problem is the time that it takes to deal with it,” O’Neill says. “If you get 100 junk messages and you have to spend five seconds sorting each one manually, that’s almost 10 minutes of lost productivity. And that’s nothing compared to what can happen if you inadvertently open an infected message or delete a legitimate message by mistake.”

Those are not inconsiderable stakes for small and mid-sized businesses whose fortunes can turn quickly on a missed opportunity. Even if the get-rich-quick schemes and cheap Rolexes from spammers leave you cold, such junk e-mail remains impossible to ignore. “Oh it’s a big issue,” says Michael Bulmer, Microsoft Canada‘s Office 2003 product manager. “It’s gone beyond being a computer industry issue to a social issue.”

It’s something Bulmer is painfully aware of, as Microsoft Outlook and Outlook Express are about as close to the Kleenex of e-mail clients as you’re going to get. In Bulmer’s opinion, spam is a nuisance more than anything, but it’s a nuisance Microsoft has to deal with, by virtue of its market leadership. “We are dedicated to stopping spam,” he says firmly.

Indeed, Outlook offers a range of features to help minimize the nuisance. Its junk mail features let users block spam and create a “black list” of blocked addresses and domains. Users can then exempt certain messages and addresses from the rules and add them to a “safe senders,” or “white list.” The Outlook junk mail filter is based on algorithms that Microsoft is constantly updating, so Bulmer says your best bet is to stay on top of the service packs (Windows operating system updates).

Rule-based e-mail filtering works to a point, but can be difficult to manage in the long run, and can frequently block messages that you in fact need. “I don’t actually recommend white lists,” IDC’s O’Neill says. “I often get e-mail that I need or can use from people that I don’t expect to get e-mail from. White lists are based on knowing who your senders are. And black lists just don’t often work.”

This is primarily because spammers almost never use their own e-mail addresses. “Senders typically spoof a domain,”” says Tristan Goguen, president and CEO of Internet Light and Power (ILAP), a Toronto-based Internet service provider (ISP). “I’d guess that easily 80 per cent of spam does not come from the SMTP servers associated with the domain.”

Surprisingly, this fact could provide just the answer to fighting spam. Goguen says SMBs typically believe their ISPs should stop the problem. For the record, ILAP agrees, and as a result, it is the first Canadian ISP to deploy a technology called SenderID — sponsored by the ISP industry and backed by giants like Microsoft — to kill spam dead.

It’s a surprisingly elegant solution to an annoying problem. “SenderID checks the source of a message at the incoming server against an approved and authenticated list of sources,” Goguen says. If it matches, it actually came from the server it purports to have come from and is probably not fraudulent mail. If it doesn’t match, it’s spam and it’s filtered out.

The main obstacle to SenderID is that it needs widespread buy-in. “Companies need to publish their SPF (sender policy framework) records, which say ‘only accept mail from this source,'” Goguen says.

The good news is that SenderID is gaining support, and although only five per cent of domains have published their records, Goguen is sure the adoption rate will soon go up. The good news is that Microsoft and most of the other big vendors are behind SenderID. “It needs to be an industry standard,” Bulmer says. “We’re actively working with the industry on this. Bill Gates says he sees a spam-free future.”

It’s worth noting that Gates also once said that no one would ever need more than 640k of RAM, so in the meantime IDC’s O’Neill has some practical advice until SenderID fulfills its promise. “Don’t reply to spam. This indicates that you have a working address,” he says. “Learn how to handle it quickly. The biggest cost of spam is the waste of time, so don’t waste your time. If it looks suspicious, then it is. Delete it. And I would recommend that anybody should have the tools to deal with infected files, because you’re going to get them.”

SMB Extra Home

Contact the editor

Share on LinkedIn Share with Google+