Brockmann & Company's introduction of The Spam Index nailed down quantitative measures for several things that e-mail users intuitively know: E-mail is useful (82 percent of respondents to the online poll on which the index is based said that e-mail is very important to their jobs) but the experience is less than fulfilling (21 percent are satisfied with how their e-mail works).
Putting numbers to formerly fuzzy feelings extended to the relative importance of e-mail compared to other modes of business communications, as well. Questions on this topic led to "astounding" answers, said President Peter Brockmann:
[Fifty] percent more people rated e-mail very important than those who rated mobile voice very important. Two times more people rated e-mail very important than those who rated desktop phones very important. Five times rated e-mail as more important than IM, and e-mail was 12 times more important than fax.
E-mail, in other words, is vital but not necessarily working well. The survey asked four basic questions on spam and e-mail. The company performed some statistical legerdemain on the results and produced an index that it says provides actionable intelligence about anti spam techniques.
The fast-paced changes in spam approaches -- and the technology used to deliver them -- are keeping organizations and vendors off balance. In the UK, for instance, research performed by PineApp and reported in SC Magazine reveals that though 97 percent of companies have spam technology in place, 50 percent aren't adequately dealing with image-based spam. About the same amount -- 48 percent -- said that this form of spam, which is more demanding on antispam technology because of the size of the files, is causing problems.
There are many antispam approaches. (A good buyers' guide can be found at Baseline magazine.) The Spam Index identified challenge/response -- in which the sender has to click on a link for the message to be delivered -- as the favored approach by users. Said Brockmann:
The result is that challenge/response technology is the best at dealing with spam. The lowest average spam index is the best. Challenge/response is twice as good as next best, which is hosted processors. Third are the filter appliances. So challenge/response -- from companies like SpamArrest and Sendio -- got the lowest average score. They also got the most consistent score by a wide margin.
The index can also be used to assess the productivity of those satisfied with their antispam systems compared to those who aren't, and to track reaction in companies that switch antispam techniques or even change settings on existing platforms.
The real-world cost of spam can be great. This Washington Post story describes the experience of Franklin D. Azar & Associates PC, a law firm in Aurora, Colo. The firm was under siege from pornographic spam. IT's response was to adjust the Barracuda firewall gear. The result was, in 20-20 hindsight, predictable: A notice of a hearing before the United States District Court for the District of Colorado ended up in the junk mail folder (a "false positive") and the appearance was missed. The penalty -- that firm was required to pay the other side's legal fees -- seems to be relatively minor. It's easy to see how such a situation could evolve into more serious penalties and clients angry enough to lodge a complaint.
The platforms used by spammers shift at a fast clip. A few weeks ago, spams hidden in .pdf files were all the rage. Now, according to this story in PCWorld.com, Excel spreadsheets are delivering more than profit and loss statements. The CTO of Commtouch Software suggests that Excel is the natural progression for "pump and dump" schemes, in which fraudsters buy positions in companies and run massive spam campaigns to raise the value of the shares, which are then sold.
The bottom line is that spam will keep evolving and the challenges will keep shifting. That, however, is no justification for poor antispam performance. Indeed, Brockmann seems like a man who isn't satisfied with the state of antispam technology.
I'm appalled ... that vendors are comfortable issuing press releases that say their products have 95 success rates with 0.5 false positives. I think that's deplorable. We shouldn't accept that for automobiles or software. The goal should not be to sell more software. The goal should be to protect the integrity of e-mail systems.