False Positives

By Anne Chen  |  Posted 2002-08-19 Print this article Print

Certainly, concerns over false positives are one reason many enterprises are still letting spam flow into e-mail in-boxes relatively unchecked. While many vendors say false positives number less than 0.001 percent of filtered-out messages, experts such as Ferris Nelson said that, for a large corporation that receives more than 40,000 e-mail messages a day, even that small percentage adds up.

One way of dealing with false positives is to use a solution that allows all messages designated as spam to be sidelined into a folder that IT managers or end users can access later. At telecommunications equipment maker Cypress Semiconductor Corp., in San Jose, Calif., concerns over false positives led the company to subscribe to such a solution: a managed service from Brightmail.

Last year, help desk technicians at Cypress Semiconductor were receiving 20 calls a day from the companys 4,000 users complaining about the amount of spam they were receiving. At the time, Dennis Bell, director of technical operations, estimates one in seven e-mail messages entering the company was spam. Last September, Bell decided his IT staff was spending too much time writing rules to filter spam from his companys Unix-based Sendmail e-mail server from Sendmail Inc., in Emeryville, Calif., running on a Sun Microsystems Inc. e250 server. Bell decided to install the Brightmail Messaging Security system, which constantly updates rules identifying new spam and then pushes them out to the computers of customers running its software. There, the spam is filtered and blocked when it hits the users mail gateway.

"Spam was on the cusp of becoming a real problem, with a drumbeat of complaints and [human resources] getting involved," Bell said. "But I really had to justify the cost and push for a solution. Luckily, the time savings from having to delete spam and the productivity gains are more than enough of a return on investment."

Today, Cypress Semiconductor receives 350,000 e-mail messages per week, with approximately 90,000 of those messages identified as spam. Even as the volume of spam has increased from 15 percent of all incoming mail to almost 25 percent during the last 10 months, Bell said he has yet to receive a complaint from any of his users regarding false positives. In fact, the help desk reports a 90 percent reduction in help desk spam calls.

One reason Bells team is avoiding complaints about false positives is that Brightmail saves messages identified as spam rather than discard them. Any message identified as spam is put into what Brightmail calls a gray mailbox. Every Sunday night, an automated program counts the number of messages each user has in his or her gray mailbox and automatically sends them a Web-based link. Users can click on the link to view the messages that have been quarantined. While most employees checked their gray mailboxes every week for the first month, Bell said hardly anyone uses it anymore.

Avoiding false positives can be costly, however. Since all filtered messages are stored for at least 30 days, Bell said he is now storing gigabytes worth of gray mail.

"Every incident of a false positive can be devastating," said Ferris Nelson. "The chance of filtering out an e-mail involving a contract worth millions of dollars is just too high for many enterprises."

This is certainly the case at PayPal, where Levchin has avoided deploying spam-filtering technologies because he considers mass blocking to be an expensive proposition. While PayPals IT department has tested a dozen spam solutions, including SpamAssassin, user fears of false positives have persisted. The company uses mail servers from Sendmail and IronPort Systems IronPort 850 gateway for outbound mail. Employees use the mail client of their choice.

While it is not currently using a spam-specific solution, PayPal encourages employees to develop anti-spam rules within their e-mail clients. Levchin said he has written personal filters sophisticated enough that the amount of spam that does enter his in-box is manageable. To avoid having users receive spam via instant messaging, Levchin has deployed an enterprise-class IM product inside PayPals firewall and decided not to support Web-based IM platforms such as those from America Online Inc. and Microsoft.

Its not surprising that Levchin and others at PayPal remain dubious about the accuracy of anti-spam blacklists and other spam-filtering technologies. PayPal, which sends out millions of e-mail messages daily informing its 18 million users of financial transactions taking place, has itself been wrongfully included on blacklists and blocked by ISPs, Levchin said. To avoid being blacklisted in the future, the company is looking into using Bonded Sender, a bonded e-mail marketing program from IronPort Systems.

For now, said Levchin, thats the best he can do until technology improves enough to reduce the risk of false positives. As the cost of receiving spam on corporate BlackBerry pagers and traditional e-mail grows, however, Levchin knows eventually hell have to do more. "Spam is one of those passive priorities where we cant afford to spend too much time on it right now," Levchin said. "Id love to see it go away, and as spam gets noticeably expensive for us, we will need to take some sort of real action."

Senior Writer Anne Chen can be reached at anne_chen@ziffdavis.com.

Related stories:
  • Trio Take Different Tacks in Fighting Spam
  • Anti-Spam Bills in the Works
  • Pre-Approval for Mass E-Mailers on Tap
  • Service, Tool Take Meat Out of Spam
  • Review: Mail-Filters.Com Can Ban Spam
  • New E-Mail Technologies Put Spam in the Cross Hairs

    As a senior writer for eWEEK Labs, Anne writes articles pertaining to IT professionals and the best practices for technology implementation. Anne covers the deployment issues and the business drivers related to technologies including databases, wireless, security and network operating systems. Anne joined eWeek in 1999 as a writer for eWeek's eBiz Strategies section before moving over to Labs in 2001. Prior to eWeek, she covered business and technology at the San Jose Mercury News and at the Contra Costa Times.

    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel