In a world where almost 90 percent of e-mail is spam, organizations must take steps to protect their end-users and their mail servers.
The name attached to unsolicited commercial e-mail seems almost silly, born as it was from a Monte Python skit. However, spam is serious business, costing organizations millions of dollars each year and creating severe headaches for network administrators.
By some accounts, spam appears to be on the wane. End-users generally report that the amount of spam they receive in their e-mail inboxes appears to be decreasing, suggesting that anti-spam technologies are effectively stopping most spam traffic at the network perimeter through the latest filtering techniques.
Despite improvements in anti-spam technology, however, about 18 percent of e-mail delivered to inboxes is spam, and this is expected to grow to 19 percent by 2014, according to The Radicati Group. Organizations poorly protected against e-mail threats pay a high price — in 2010, a typical 1,000-user organization spends more than $3.2 million annually to manage spam, the technology market research firm says.
It’s simple arithmetic. Worldwide e-mail traffic totaled about 250 billion messages per day in 2009, and upwards of 90 percent of that traffic is spam. Spam remains a significant threat, consuming valuable network resources and providing a conduit for the distribution of malware and phishing scams. A robust spam-filtering solution, coupled with a holistic approach to security, is essential.
Spam comes to mail servers from two primary sources: commercial spammers and the so-called “botnets” consisting of millions of infected PCs running spam Trojans without their users’ knowledge. These networks of compromised computers, sometimes known as zombies, are revenue-generating businesses for organized, professional criminals, and by far the most significant source of spam.
A recent study found that 78 percent of all spam generated during the last six months of 2009 originated from just five major botnets. The emergence of several large-scale botnets, including Zeus and Koobface, has led to an enormous spike in the volume of spam. The spamming botnets are difficult to combat because they are constantly morphing, being replaced and upgraded.
What’s more, the amount of malicious spam — messages that carry some sort of malware or a pointer to a malicious site — has skyrocketed. According to one report, the volume of malicious spam reached 3 billion messages per day in the second half of 2009, compared to 600 million messages per day in the first half of 2009. Much of it involves scams linked to financial fraud, specifically credit card theft and malware attacks that load a password-stealing Trojan onto the victim's computer. Again, the major botnets are the main sources of these attacks.
These statistics make headlines, but don’t speak to the desperate battles network administrators wage against spam. Experts estimate that at least 90 percent of all mail server connection attempts come from spammers and spam engines on the prowl for mail servers they can use to spew out more unwanted messages. That places an enormous burden on server and network resources.
If a spammer finds a security hole, he can flood your server with thousands of outbound spam e-mails, tying up this essential business resource. If an organization doesn’t find and correct the security breach, its server could be blacklisted and prohibiting from sending legitimate e-mails.
Experts recommend a multi-pronged approach to spam prevention. The first prong of spam prevention involves preventing spammers from using mail server for their illegal activities.
A second prong involves protecting end-users against spam by filtering e-mail at the server level and preventing spammers from “harvesting” legitimate e-mail addresses. While no spam protection solution is foolproof, the latest offerings use state-of-the-art techniques to keep up with ever-changing spam and malware exploits. Some solutions also allow end-users to review mail that has been flagged as spam and notify the network administrator of any false-positives. This enables the network administrator to fine-tune the software for improved accuracy.
A third “prong” is also available — outsourcing Microsoft Exchange to a hosting provider. A hosted solution removes Exchange from the in-house IT infrastructure and puts it on dedicated, trusted servers owned and managed by the hosting provider. The hosting provider’s servers will have solutions in place to filter traffic, and be constantly monitored by engineers. The cost of the active monitoring and filtering is rolled into the monthly hosting cost at a nominal rate since it is spread over hundreds of customers.
In addition to eliminating security headaches, hosted Exchange solutions are often more cost-effective than supporting Exchange in-house. Although e-mail is mission-critical, it isn’t a core business function, and its costs and risks extend well beyond the capital and operational expenditures typically associated with software. Most organizations consider this a cost of doing business, but it doesn’t have to be. Even organizations with hundreds of users find it’s cheaper to go with a hosted solution.
Spam is far from funny, costing billions of dollars each year and sapping both human and network resources. With comprehensive security and anti-spam solutions, however, businesses can have the last laugh.
