While their inboxes are getting flooded with easy money and miracle cure offers Canadians still don’t know what to do about spam, a survey shows.
On Tuesday, Symantec Corp.’s Toronto offices released the results of its Canadian
spam survey. The survey was carried out for Symantec by InsightExpress research firm who asked 500 Canadians questions relating to their understanding of and ability to deal with unsolicited commercial e-mail or spam. This was the first official Canadian survey done by the Internet security software manufacturer. Symantec produces the Norton Internet Security 2003 suite which includes the Norton Spam Alert filtering tool.
The Symantec survey found that while the increasing number of spam messages is a concern to Canadians who see it as a burden and a privacy concern, they still feel a lack of adequate information on spam-combating tactics.
Awareness of the problem is certainly there, said Michael Murphy who is general manager for Symantec in Canada, but education on what needs to be done still has a ways to go. The problem, he said, is that when information on what to do about spam is highlighted in the media, enterprises and consumers get excited, but few days later it’s all forgotten.
“”It’s like a New Year’s resolution,”” Murphy said. “” It gets made but it’s not followed through on.””
Even if end users don’t want to invest in anti-spam software, there are still things they can do, he said. One of the simplest ones is deleting the unsolicited messages. Responding, even to ask to be unsubscribed from the mailing list, is the wrong thing to do.
“”People need to be careful not to respond to suspicious e-mail,”” he said. “”That’s a tactic that spammers use to confirm that an e-mail address is active so they can send even more e-mails.””
Giving out e-mail addresses in chat rooms is also a risky move, Murphy said, but if it must be done it’s a good idea to have two e-mail addresses and in those situations share your secondary, or “”junk”” e-mail address.
The problem of spam is a fast growing one, according to Vancouver-based open source software developer ActiveState Corp. Director of product management Chris Kraft pointed to a report from Radicati Group Inc. — a California-based consulting and market research company — which states that while current SPAM levels are quite high, representing 45 per cent of all e-mail numbering 35 billion messages, they are expected to skyrocket to 70 per cent by 2007 numbering 53.8 billion messages.
The enterprise market is a bit more aware of what the spam threat means to the work environment and actively seeking to address the threat, Kraft said. Enterprises are concerned about spam for various reasons; one of the most obvious ones being the effect getting rid of spam has on productivity. An ActiveState white paper on E-mail threats cites Gartner Group research that shows businesses would experience a 30 per cent savings in the time employees spent managing e-mail if it rid itself of spam.
“”It takes anywhere from five to 10 seconds to identify a spam message and delete it,”” Kraft said. “”When you multiply that by the average number of spam messages received by individuals and by the number of employees in the company, those numbers become very large and significant.””
Other enterprise concerns are tied to the amount of time IT help desks have to spend responding to employee spam-related concerns as well as bandwidth consumption.
The enterprise spam filtering software space has seen a big vendor shake out over the last year, Kraft said. The spammers have been aggressively evolving the nature of their messages, making them harder to spot. Older or simpler technologies which relied on real time blackhole lists or other simple cataloguing methods are falling by the way side, he said.
“”Spammers are able to morph their messages very quickly now and do different things,”” Kraft said. “”They’re able to change what might fundamentally be one message into thousands of potential messages that would need to be catalogued. “”
So instead, solutions such as ActiveState’s PureMessage now sit on the server that interfaces between the public Internet and the enterprise network, filtering incoming and outgoing e-mails using a combination of heuristics, spam directories, and spam signatures. The program then deals with suspicious e-mail according to enterprise-set spam policies.
The responsibility for deciding what to do with spam will always ultimately reside with the end user, Murphy said, because they should have control over their own e-mail. Products like the Norton Internet Security 2003 software can alleviate the spam problem but not get rid of it completely, he said, since few end users would be happy about a third party just deleting their e-mails, spam or otherwise.