Stopping Spam Is Not Mission ImpossibleBy Steven Vaughan-Nichols | Posted 2004-06-09 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Channel Zone Editor Steven J. Vaughan-Nichols thinks it's up to us to stop spam, since neither the law nor upcoming changes to SMTP will do the job for us or our customers anytime soon.Your mission, should you choose to accept it, is to stop spam from overwhelming your bandwidth and mail servers and overrunning your customers' mailboxes.
We have every faith that you and your anti-spam efforts will be successful. If you fail, we will disavow any knowledge of your actions. This message will self-destruct in five seconds ...
Mission impossible? It used to be, but today, you can stop spam. And now more than ever, your customers are demanding that you do stop it.
Want some more bad news numbers? The latest monthly spam figures by e-mail security provider MessageLabs Ltd. show spam volumes in May hitting an incredible 76 percent of inbound e-mails scanned. Postini Inc., a major anti-spam service company, reports an even higher 78 percent for May 2004.
Sounds unbelievable? Think again. I get 1,000 messages a day, and with my personal anti-spam program, the incredibly reliable, open-source POPFile, my average daily spam ration is 75 percent. Wow.
David Daniels, president and CEO of Starfish Internet Service, a small, North Carolina-based ISP, told me a while back, "Our spam filters reject about six emails for every one we accept."
Besides ticking off customers, spam also hurts your bottom line by increasing your bandwidth and storage costs. Alexis Rosen, president and co-owner of Public Access Networks, which runs Panix, the United States' second-oldest still-running ISP, finds that the "majority of incoming mail is spam."
That, in turn, "chews up a lot of bandwidth and disk space," Rosen said. But what really eats up system resources and "puts significant stress on the mail server" is the constant disk I/O. "Disk activity is the most precious and expensive resource we have," he said.
So, what can you do about it?
Well, you can forget about the law solving the spam problem. The federal CAN-SPAM Act went into effect Jan. 1, and there's more junk in my inbox than ever.
It's also great that efforts such as SPF (Sender Policy Framework) and Microsoft's Caller IDwhich would prevent e-mail address spoofing and worms turning PCs into SMTP mailing zombies that power a lot of today's spamare making progress.
Heck, for once, we even have two standardization efforts working in concert with each other. But even so, it will take more than a year before these standard efforts bear fruit.
What you should be doing in the meantime.
What you should be doing in the meantime is deploying anti-spam services at the gateway/mail server level both for your own company and for your customers. As much as I like POPFile, it's an end-user answer, and such solutions don't help free up either bandwidth or mail-server storage.
One answer that some ISPs are trying out is to simply not let most users use SMTP unless they use an approved SMTP server.
BellSouth, for example, now automatically prevents its new users from using any SMTP server except its own mail.bellsouth.net servers. It's simple, it works, but it also will annoy your customers who have their own legitimate SMTP servers.
Thus, I think you'd be better off running your own anti-spam services. Brightmail recently won a
Brightmail will run on Windows 2000, Server 2003, Solaris and Red Hat Linux. The company is also in the process of being acquired by Symantec. I think this move makes sense for both companies and for us.
If you want to roll your own solution, you can build your own anti-spam filters around an MTA (mail transfer agent) and SpamAssassin, a popular open-source mail-filtering program for Unix and Windows.
If SpamAssassin is too much trouble, Len Conrad's IMGate is an open-source anti-spam product that is easier to use and works well.
Although it's designed to be used with Ipswitch Inc.'s IMail 6 for Windows NTthis MTA is a personal favorite of mineit can work with most MTAs where it acts as an SMTP filter sitting between the mail servers and the Internet.
If Brightmail's price tag is too big and running open source doesn't appeal to you, you can still get spam protection for yourself and your customers as an outsourced service from companies such as Postini.
Regardless of which way you decide to address spam, though, keep one thing in mind: Today, taking care of spam is not mission impossible.
Steven J. Vaughan-Nichols is the editor of Channel Zone and has been covering the channel for more than a decade.