About 18 months ago John Mather, CIO of Toronto-based Manulife Financial, noticed a disturbing trend. Whenever he paid a visit to his company’s claims centre in Waterloo, Ont., he was approached by a growing number of employees with the same complaint: We’re being buried alive by Internet spam; please
do something to stop it!
“”That’s when it really hit home for me,”” says Mather. “”A lot of the spam was of an offensive nature, and I decided we had to get in front of the problem.””
In November 2002 Mather tested an anti-spam product at Manulife’s U.S. division. And in March 2003 he rolled out the software across Manulife’s entire IT network, spanning 14 countries, including Canada, China and Japan.
In the case of Manulife, a global life insurance and wealth management giant with annual revenue of $16.2 billion, and $142.2 billion in funds under management, e-mail messages from external senders are subject to inspection by two filters. The first is a universal filter that checks content against the company’s code of ethics. That means any e-mail containing sexually explicit or otherwise offensive material is nuked. The second line of defence is a personal filter each employee can customize to his or her preferences.
“”The same commercial e-mail can be a nuisance to one party, and not to another,”” says Mather, who admits some employees have opted not to use this second screen.
How well has the system worked? Of the 40,000 daily e-mails that are subject to inspection by anti-spam software, 30 per cent are blocked. Less than one per cent of these e-mails are false positives, or messages that should have been allowed through. Another 4,000 messages, or 10 per cent of those screened, are spam e-mails that should have been caught.
Manulife’s solution may not be perfect, but it has arrived in the nick of time. Consider that U.S.-based consulting firm IDC estimates that world-wide 20 billion e-mails are sent each day and by 2006 that figure is expected to triple to 60 billion. At the same time, the volume of Internet spam in the U.S. — the world’s biggest source of junk e-mail — has grown from a low of about seven per cent in 2001 to its current level of about 40 per cent. Much of this increase has happened in the last 12 months.
By year end, junk e-mail in the U.S. is expected to crest the 50 per cent mark. When that happens, the value of e-mail — widely touted as the greatest things since the invention of the telephone — will begin to nosedive.
“”Spam is putting an enormous strain on the bandwidth of IT networks,”” says Jack Sebbag, Canadian general manager of Network Associates Inc., a Santa Clara, Calif.-based anti-spam vendor with annual revenue of US$900 million.
The figures in Canada are not quite as dramatic — the current level of spam as a percentage of total e-mail is estimated to be about 30 per cent — but we are closely following our neighbours to the south. Still, less than 10 per cent of Canadian companies have any sort of spam filter.
That’s not to say, however, spam is being ignored. “”Spam is in the top three of every CIOs to-do list,”” says Sebbag. The reason is spam is not only wasting IT resources, it is most importantly reducing the productivity of this country’s knowledge workers.
A case in point is Toronto-based FSC Internet, a vendor of Internet security products. President Richard Reiner estimates that before he installed a spam filter late in 2002 he was receiving about 400 daily spam messages alongside some 200 legitimate e-mails. “”Something popped up every 45 seconds,”” says Reiner, noting each of his employees lost 30 minutes a day rooting out spam. Multiply those minutes by 50 employees, and Reiner estimates spam was costing his company about $200,000 a year in lost productivity.
If spam was costing a small company such as FSC Internet $200,000 a year, the cost to the economy as a whole surely runs in the billions of dollars.
Why did Reiner not install a spam buster sooner? “”We didn’t bother with the first-generation anti-spam technology because it only checked for key words, says Reiner. “”As a result it blocked too many legitimate e-mails.”” By contrast second-generation technology not only looks for key words, it also checks other characteristics such as the size of type, and whether or not the message contains blinking HTML code. It then assigns a value to the e-mail, and if that value exceeds a prescribed threshold the message is pulled.
John Gustavson, president of the Canadian Marketing Association (CMA), says his members, which include the country’s biggest financial institutions, major retailers and packaged-goods companies, have been prohibited from spamming potential customers since 1997.
The Direct Marketing Association, the CMA’s U.S. counterpart, has issued more or less the same edict, but its definition of spam is a little different. Whereas the CMA defines spam as an unsolicited e-mail, the DMA defines spam as bulk e-mail that is fraudulent.
The latter definition has created a regulatory hole in the U.S. the size of California. And since spam knows no borders, Canadians are unwitting victims of America’s refusal to get tough on spam. “”Legislation will be needed to slow these people down,”” says Sebbag of Network Associates. “”The problem is U.S. anti-spam laws are not worth the paper they are printed on.””
What’s needed is international co-operation between an alliance of English-speaking countries interested in rooting out spam. “”A good start would be a North-American Do Not Spam Registry,”” says Gustavson. Such a plan would mirror U.S. President George Bush’s National Do Not Call Registry, which is aimed at putting the slap down on irritating telemarketers. Effective Oct. 1, 2003, a U.S. company calling phone numbers that appear on the registry is subject to $11,000 in fines.
But what’s to stop U.S. spammers from moving their operations to Mexico, Belize or even Canada if authorities start giving them a hard time at home?
The short answer is nothing. The onus rests on individual companies to inoculate themselves against the spam virus.
Mike Cuddy, CIO of Concord, Ont.-based Toromont Industries Ltd., has known this all along. He has been protecting this $1.2 billion distributor of Caterpillar heavy equipment with spam-busting software since 2000.
“”Spam used to be background noise, but now it’s a major annoyance,”” says Cuddy, who upgraded his junk-e-mail defenses earlier this year to include internally and externally generated blacklists of spammers. “”In the last 12 months unwanted spam has increased at least threefold.””
For Cuddy, doing battle with spam is a cat-and-mouse game. Each time he finds a better mouse trap, spammers do their best to beat it. “”I don’t think any of us want a world where the only messages we receive are those we requested,”” says Cuddy.
He’s right, but it all boils down to numbers. A few stray messages are not a problem. When your computer screen gets mucked up by spam every few seconds, however, it’s a little difficult to cruise the information superhighway.