Stop the Spam Madness

Firm deploys filter to keep improper e-mail out.

"Enrich your sex life!" "Receive a free listing on the International Executive Guild CD-ROM!" "Accept credit cards today!"

If theres one thing Mark Yankowskas doesnt need, its another e-mail message trying to sell him some must-have product.

Thats why, after too many mornings spent wading through spam in search of legitimate e-mail, Yankowskas, IT director at Rockwood Specialties Inc., in Alpharetta, Ga., quickly made a decision when the company was broken up and sold off last year: To can spam on the newly formed chemicals companys network, Yankowskas would deploy an e-mail filtering system. He decided to take the action not because spam was hampering productivity but because he could easily see how it could, given its proliferation.

"Weve actually been lucky so far with spam because were a relatively new company," Yankowskas said. "But I knew the amount would only grow, and the thought of receiving more spam was very unappealing."

As in-boxes are flooded with unsolicited e-mail messages and as spammers become smarter and more evasive, now is the time for enterprises to take a stand on spam, experts say. Enterprises that rely on e-mail to conduct business should decide in advance when and how to control the messages that stream into their e-mail systems.

There is a downside to filter technologies, however: They carry connotations of Big Brother. And while employers are exempt under the Electronic Communications Privacy Act—which prohibits the government and private citizens from monitoring electronic transmissions—experts recommend companies make sure their monitoring programs are legal under the ECPA.

Enterprises should remember they are, after all, responsible for messages sent from their servers and are liable for damages if they cannot prove they tried to stop harassing or offensive messages once theyre discovered. In one famous case, Chevron paid $2.2 million to female employees to settle a sexual harassment lawsuit in 1995 after they claimed they were harassed by an e-mail.

"Were still in the early stages of detecting spam, but it will grow by leaps and bounds," said David Ferris, president of Ferris Research Inc., a consultancy in San Francisco. Ferris estimates that 10 percent of a typical users e-mail today is spam, or unsolicited commercial e-mail.

That number will increase to 44 percent by 2005, averaging 53 messages a day per e-mail in-box, Ferris estimates.

Last year, after the $2 billion company was sold to Kohlberg Kravis Roberts & Co. L.P., Rockwoods Yankowskas saw rebuilding the companys corporate network as a golden opportunity to install an e-mail scanning service. Because Rockwood was already using managed firewall services from Activis Ltd., of Reading, England, Yankowskas decided on Activis e:)scan e-mail security scanning service to protect the e-mail accounts of his companys 3,000 users.

Rockwood uses Microsoft Corp.s Exchange and Outlook applications for e-mail. The scanning service monitors 2,000 outbound e-mail messages a day and scans the 200MB to 500MB of e-mail being transferred over Rockwoods T-1 lines daily.

e:)scan monitors all e-mail and checks for viruses. It also filters content for signs of spam, harassment, offensive or potentially harassing messages, and inappropriate jokes. The service looks for words and phrases that show up in typical spam messages, such as "free credit," as well as other terms designated by Yankowskas and his three-person staff.

After a message is checked, it is distributed to in-boxes or quarantined by Activis. Yankowskas and his staff receive e-mail informing them that a message has been quarantined and why. Using a Web browser interface, they analyze the messages and release them if they are business-related. The turnaround time is about 12 hours, depending on how quickly IT can examine the quarantined messages. Roughly 100 e-mail messages are quarantined a day.

The filtering service quarantines roughly 3,000 messages a month for inappropriate phrases and catches about 250 e-mail messages infected by viruses each month. The total cost of the service: $32,000 yearly. Since it would take four full-time employees to do the same job, the price of the service is well worth it, Yankowskas said.

While experts such as Ferris agree filtering spam is necessary to keep unsolicited messages from clogging servers, they warn that companies must deploy the technologies carefully. Filtering has some organizations such as the American Civil Liberties Union questioning the constitutionality of such practices.

To avoid legal issues, Yankowskas and his staff carefully review every quarantined message. The company also educated its employees on how the filtering software works and regularly reminds employees to avoid confusion. The e-mail policy firmly states that corporate e-mail is for business use only.

"Is there something Big Brother about it? Sure," Yankowskas said. "But its quite simple: E-mail is for business."