How to Fight Spam Strategically

New software can help ease the influx of spam, but there's no silver bullet yet for winning the war. The answer? Get strategic with this comprehensive guide to combating the spam blitzkreig. CIO Insight

Sure, spam is all over the news. But what does it really mean to your organization?

CIOs have two recurring e-mail nightmares. In the first, the CEO receives an unwanted message, usually containing something rated NC-17. "Thats when senior management says, Ive seen the last body part in my e-mail I ever want to see. Fix it!, " says Gartner Inc. research director Maurene Caplan Grey. In the second, the CEO doesnt receive a critical message hes been waiting for all week. Either event can be career-threatening for the CIO. Theres no question that most executives want e-mail to be the strategic communications backbone of their business. But thats increasingly difficult as spam inundates in-boxes. CIOs dont need much more detail on the damage being inflicted on users, e-mail systems and storage space by the rising tide of unsolicited e-mail, because theyre living it. "Spam creeps up on you, like shocks going bad on your car, and all of a sudden you realize how bad the ride is," says David Jordan, the chief information security officer for Arlington County, Va.

Yet spams already mind-numbing numbers just keep growing and growing and growing. Paul Judge, CTO of antispam vendor CipherTrust Inc., says spam comprises up to 61 percent of all in-bound corporate e-mail. Antispam service provider Brightmail Inc. claims that out of the 70 billion messages it processes every month for the 300 million users in its worldwide network, over 50 percent are spam. The countrys biggest e-mail provider, America Online, claims it stops an average of more than 1.5 billion spam messages a day, spiking at times to more than 2.5 billion. Says Michelle Boggess, electronic data security coordinator for Pensacola, Fla.-based Baptist Health Care, a $743 million not-for-profit: "Some of our users were getting spammed so heavily that they were spending large amounts of their own time picking through e-mail." The deluge creates a huge drain on worker productivity.

But spam is in the eye of the beholder. There are any number of generally accepted industry, organizational and personal definitions of spam, all of which may be in conflict. Brightmail CEO Enrique Salem defines spam as all unsolicited bulk e-mail. Jeff Ready, CEO of spam-filter vendor Corvigo, suggests three categories for spam: the messages you want, the messages you dont want—usually bulk marketing e-mail—and "other." That third category typically includes e-mail newsletters and opt-in messages that users may or may not want on a given day, but cant be bothered to unsubscribe to, making it especially difficult for corporations to screen out every questionable message.

In many companies, though, the biggest risk isnt letting through unwanted messages. Its the danger of blocking the ones people need. One so-called "false positive" that deletes a critical e-mail or relegates it to some little-used, out-of-the way folder could severely affect the success of your companys business. To avoid this and other risks of poor spam management, its the CIOs job to get educated. "I dont think ignorance is an excuse for not being accountable," says Cynthia Luman, vice president of computer operations at CSX Technology Inc., a subsidiary of CSX Corp., a transportation and logistics service provider.
The Fact Sheet is available in Adobe Acrobat PDF format. To download the free Adobe Acrobat Reader plug-in, click here.
To download the accompanying fact sheet on Spam, click here.
Tell Your Users:

  • Start sending spam messages to a specific internal e-mail box, so we can get a handle on how big the problem is.
    Ask Your E-Mail Administrator:
  • Whats your estimate on our current spam message volumes?
    Ask Your CEO:
  • How much does this issue matter to you?Next Page: First step: Managing people with policies.