Johannesburg, 18 Nov 2008
Just how much damage is unwanted e-mail - of both the harmless and malicious variety - doing to local corporate networks?
A recent analysis of a major South African-based corporate`s e-mails over a three-week period by Johannesburg-based SYNAQ, a company focused on delivering managed services in the mail security and network monitoring arenas, turned up some horrifying statistics.
During the study period, SYNAQ processed some 260GB of mail - or around 53 million e-mails - that was destined for the corporate`s network.
Only 822 000 (1.5%) were legitimate e-mails.
Of the remainder, 850 000 (1.6%) carried malicious viruses and 51.4 million (96.9%) were harmless, albeit annoying, spam.
However, SYNAQ`s technical director David Jacobson points out that harmless spam is more than annoying. It slows the network and consumes expensive bandwidth.
"We estimate that the amount of additional bandwidth that the corporate would require to accommodate the spam so that it doesn`t impact negatively on the network would cost around R25 000 per month. That can hardly be considered harmless," he says.
"If left unchecked, the cost of spam would increase exponentially. There`s no sign of a slowdown in the distribution of unsolicited bulk e-mails while spammers are becoming increasingly sophisticated in bypassing anti-spam filters."
According to Jacobson, spam used to be fairly easy to filter. It usually came from fixed IP addresses which could be countered by using a blacklist; the "from" address was not usually forged and so could be filtered; and spam contained keywords - like "penis" or "Viagra" - that could be blacklisted
However, he says, the simplistic filtering of "from" addresses and content is now useless and has been for the past few years.
In addition spammers use a number of tricks designed to fool spam filtering programs such as misspelling commonly flagged words. So "Viagra", for example, is written as "v1@gra", or "penis" as "pe.nis". Spammers also use invisible ink camouflage techniques.
But as spammers` tricks become more sophisticated, and because spam changes its form so often, the only feasible solution against this plague is to ensure anti-spam defences are constantly updated.
"At the same time, you have to ensure that your e-mail security protection doesn`t inhibit legitimate e-mail correspondence," Jacobson warns.
For example, greylisting - a relatively new technique that has shown some promise - often causes delays on the delivery of initial e-mails. Similarly, content blockers that unilaterally block all mails containing suspect words such as Viagra may not take account of the fact that in some instances, mails containing the a word like Viagra may be perfectly legitimate for members of the medical or pharmaceutical professions.
"What`s required therefore is a dynamic e-mail protection solution that is able to deal with changing threats on a daily basis while simultaneously managing the availability and performance of e-mail services.
"Because few businesses have the in-house skills - or the time - to continuously monitor and maintain their anti-spam defences, they are increasingly turning to companies that provide managed e-mail security solutions to continue the war on their behalf," he concludes.
Share