Welcome Guest

Very expensive SPAM

True cost of spam to business


What is SPAM?

Definitions of Spam on the Web:

  • To indiscriminately send unsolicited, unwanted, irrelevant, or inappropriate messages, especially commercial advertising in mass quantities. Noun: electronic "junk mail".

    •
  • is unsolicited e-mail. The term spamming is also sometimes used by search engines to mean web sites that try to gain a higher listing by submitting hundreds of almost identical pages or by inserting hundreds of keywords within a web document.

    •
  • Spam refers to electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited e-mail. In addition to being a nuisance, spam also eats up a lot of network bandwidth. Because the Internet is a public network, little can be done to prevent spam, just as it is impossible to prevent junk mail. However, the use of software filters in e-mail programs can be used to remove most spam sent through e-mail.

    •
  • Unwanted, unsolicited email

    •

    Spam has moved away from being the irritating, but harmless unsolicited e-mail, towards a more sinister and threatening problem.

    Spammers now use worms to infect both end user systems and servers—which are then used to either act as a proxy for fraudulent activities (fake websites, spam relays, etc.) or extract private data for organised criminal activities, such as identity theft. This poses a threat for home users, but a greater threat is posed to corporations as they have a duty to protect the privacy of customers’ data.

    The classic focus point, when discussing the cost of spam to a business, is the lost productivity of staff — meaning the time them to identify an e-mail as junk and then delete it.

    This doesn’t sound like it would really have much of an impact, but research from 2004 (nucleusresearch) estimated that in one year the productivity cost per employee is about $1934!

    Updated research carried out at the beginning of 2005 (InformationWeek) estimated that the annual cost due to loss of productivity is about $21.58 billion!

    Now that’s a lot of money. Even if your organisation filters spam somewhat effectively, most employees will check their personal e-mail accounts a few times per day, thus having to deal with spam on systems that are out of your control. Interestingly, the associated costs of spam, and the number of spam e-mails delivered varies largely depending on geographical location.

    An article from the beginning of 2005—this time based on UK statistics (Personneltoday)—suggested the total cost to UK businesses was £1.3 billion, with a cost per user of £374 ($598)—much lower than the previous estimate of $1934! This research also suggested that the severity of spam varied by country, with the UK receiving higher amounts than France, Germany, Italy and even China.

    There are other business-related costs incurred because of spam; some of these are actually caused by anti-spam systems that mistakenly identify genuine e-mail as spam. Dana Blankenhorn discusses these here.

    From the IT department's point of view, there are different costs associated with spam. First, consider the cost of anti-spam software or solutions. While there are perfectly good open source implementations (in fact, many commercial products are based on these with a little additional eye candy), the majority of companies go for a commercial solution that could cost $'000s

    Bandwidth costs associated with spam can also be considerable; some companies estimate that as much as 50% of their bandwidth usage can be attributed to spam (also take into account bounces, file attachments attributed to Worm activity, etc).

    We can notice when a large spam attack is in progress. Our internet connection slows considerably.

    Additionally, even if anti-spam solutions are used to reject junk mail before entering it into your delivery system—this has to be processed, scanned (in the case of malicious junk mail or worms), and then rejected. This all munches CPU power and generates high memory usage, meaning more powerful (and therefore more expensive) hardware needs to be put in place. Our company is currently in the process of replacing our SMTP gateway for just this reason; it’s struggling to deal with the sporadic and often heavy spam attacks where accounts are bombarded with junk. Traditional methods used to block known spammers before they even start an SMTP session are now becoming ineffective. This is due to the increasing use of botnets to relay the traffic.

    Last, but not least, another potential cost associated with the more malicious form of spam (generally due to worms) exists.

    There have been several high-profile cases recently in which large corporations were fined due to the leaking of customers’ private information, leading to identity theft on a massive scale. With the growing presence of Trojan and worm-based proxies, we need to be careful that the combination of an unknown (as-yet undiscovered) malicious program, badly enforced desktop security, and users' stupidity don’t end up causing major information leaks. This is especially important in the financial services industry as information held is more sensitive and more useful to criminals (or rival enterprises) than in other industries. Although we can never make sure everything is covered, we need to make sure that firewalls and traffic filters are truly used to their full ability.

    You can see here that being complacent about security - especially in the Windows World -  could prove very costly!