For the City of Yellowknife, spam had become the virtual equivalent of black flies — painfully irritating and increasingly unavoidable.
Spammers were harvesting e-mail addresses off the city’s Web site
and jamming users’ — including the mayor and councillors — inboxes with up to 100 largely unsavoury spam messages a day, says network administrator Andre Thibodeau.
“It was a constant problem,” says Thibodeau. “There were constant e-mails and phone calls from staff — they wanted the spamming stopped. So we started putting blocks in our e-mail servers to stop accepting mail from from yahoo.ca and hotmail.com. Of course there’s a lot of legitimate e-mail from those domains as well, so that didn’t work because you have the public trying to contact the mayor and the councillors and they couldn’t get through, so we had to take all that out.”
It was a problem for more than the users, though. Thibodeau estimates he used to spend 10 hours a week dealing with spam-related problems.
Spam was also a big problem for the secretary at the city’s firehall: the city uses e-mail to communicate confirmation of the city’s emergency services and its dispatch to staff responsible for sending out billing notices.
“It was getting really difficult for the secretary at the firehall to filter visually on the screen between spam and messages from 911,” says Thibodeau. “It didn’t affect the 911 calls operationally, just (the staff person’s) performance and work.”
The city needed the IT version of RAID — something that would stop unsolicited e-mail dead in its tracks. Thibodeau researched the anti-spam software available and settled on a solution from Ottawa-based Roaring Penguin Software Inc. called CanIT, which, according to the company, boasts a kill rate of 99 per cent. Thibodeau says that stat is accurate, based on his experiences.
“It has probably cut out about 98 per cent of the spam,” he says. “Maybe once every two weeks a user will call to say they got a spam message.”
His 10 hours a week dedicated to spam have also been reduced to about five minutes a day. “You log into a Web-based interface, and it sorts it by spam score. We said anything over five is flagged as spam, and anything over eight is automatically deleted,” he says.
David Skoll, president of Roaring Penguin, says CanIT works by sitting on the e-mail server rather than on the user’s desktop.
“By rejecting spam at the server you stop it before it gets on people’s machines, and that’s especially important if you’re dialling in long distance to pick up your mail,” says Skoll. “You don’t want your filtering to take place after an expensive long-distance call.”
It also makes the spam stay on the sender’s server, increasing the cost to the sender, not the recipient. “It’s a small thing but it’s fun,” he says. “It makes people feel good.”
CanIT allows users to create their own blacklists, whitelists and rules and to customize it even to the extent they can make it look like their own Web sites. The scoring system lets users decide whether or not to reject mail as spam.
“It has a GUI that lets you sort through mail very efficiently,” says Skoll. “One person can sort through mail for 100 people in about 10 minutes because interface makes it super-efficient to look through the messages.” At the same time, he adds, “If you want to reduce the workload you can get it to reject messages automatically by setting thresholds, but that’s up to you, we don’t force you to follow our rules.”
Some anti-spam software vendors have taken a different approach — trying to identifying trusted senders rather than trying to eliminate unknown senders. But that puts the onus on e-mail senders, even legitimate ones, to prove they exist, says Skoll.
“For business reasons, a lot of those systems have some sort of challenge response mechanism where the sender has to prove they’re real and that might work on small scale, but it’s totally unacceptable for business. If you have an e-mail address on your Web site people will just get annoyed if they have to prove their existence. It also increases by a factor of three the number of mail messages every time someone wants to contact you, so you’re just making things worse. It’s just as spammy as real spam.”
Thibodeau settled on Roaring Penguin because it’s a Canadian company, first and foremost, but also because the product was easy to install and customize. The city paid just over $6,000 for the product, including 15 hours of support and any upgrades.
Roaring Penguin also provides all customers with source code, which allows them to tailor the product to their needs. Having the source code also protects the city’s investment, says Thibodeau.
“If Roaring Penguin ever went under we could continue to develop the software,” he explains. That’s even more important because while Roaring Penguin has been around for four years, the product is only about a year old, he adds.