Circling the Wagons

By Ray Everett-Church

(Back to article)

In the classic Godzilla movies, the authorities tried to keep Godzilla from crushing Tokyo by throwing everything they could at him: tanks, battleships, fighter planes and whatever else they could muster. And, as always, Godzilla just swatted them aside and continued on its rampage.

When it comes to spam, despite throwing everything we have at the monster, the problem just keeps getting bigger and nastier.

With ever-increasing volumes of spam, CIOs are finding it takes ever-more powerful servers, more bandwidth, more network resources, and more time and expense administering ever-more complicated email architectures.

CIOs need to look ahead and develop ways to end the run-away costs that spam is creating. In a world without spam, a CIO would spend exactly as much on their email technology as their internal usage requires. But, since we live in a world with spam, they must now scale their email infrastructure to meet not just their own needs, but the spammer's needs as well.

The Spiral

Unfortunately, nearly all of today's anti-spam technologies require enterprises to not only scale to meet the spammer's volume, but also add the additional overhead needed for blacklists, whitelists, and content filters. More hardware, more bandwidth, more administrative overhead, and more reliability issues associated with the greater complexity ... these costs are only continuing to get worse.

Organizations should recognize both the strengths -- and the limitations -- of the various anti-spam technologies. By deploying a layered approach with technologies suited to the tasks, the run-away costs of spam can be held firmly in check. Many tried-and-true anti-spam approaches can still be quite effective (and cost effective) if you understand the capabilities and limitations, and deploy the technologies in a layered fashion that brings out the best in each.

The best solution for the near term is for organizations to deploy a cocktail of technical solutions targeted at each of the component pieces of the spam problem. You can think of it as something analogous to 'zone-based' defense in basketball: identify your areas of risk and task your most appropriate resources to protecting those zones.The most basic approach is a multi-tiered, anti-spam architecture. Imagine an organization's email infrastructure as having three layers or zones.

The innermost zone, which we will call the 'mailbox zone', is where end users interact with their mailboxes. Just beyond this layer lies the 'server zone'; the home of an organization's email servers. At the perimeter is the 'network Zone'; the land of routers, bridges and switches handling all of the network's packet traffic, including the data packets that comprise your email.

An effective multi-tiered defense strategy includes defenders in two, or possibly all three zones.

In the mailbox zone, the focus of defense is on keeping spam out of an individual's inbox. Filtering products are used as an individual means of defense. While these tools can be highly personalized and individually effective, they offer no organization-wide protection and provide scant defense from the economic consequences of the spam assault. They are also inefficient for the growing population of mobile, wireless users.

In the server zone, a layer of defense is applied across all mailboxes. These include add-in products such as gateway mail transport agents and specialized filtering appliances that replace, or sit adjacent to multiple email servers. These defenders are generally quite effective and offer organization-wide protection.

More Spam, More Money

However, as the spam assault grows in intensity, more defenders are required to maintain effectiveness, resulting in increased defense budgets.

In both the mailbox and server zones, filtering approaches are the technology of choice due to their high effectiveness. But left alone, these defenders will grow to consume as many resources as the spam itself. These defenses do nothing to short-circuit the fundamental elements of spam: volume and speed. Filters need a front-end to control the volume and speed of mail so the filters can work most effectively.

Thus, it is still necessary to deploy a defense strategy against the aspects of spam that other solutions do not address. By deploying a perimeter device like an anti-spam router in the network zone, enterprises can push the costs associated with combating spam to the outermost edge of the network, where a much smaller investment can return much greater dividends.

CIOs need to take a more proactive approach in dealing with the problem of spam. Filtering is not the end solution and, as costs continue to spiral out of control, CIOs need to develop strategies aimed at controlling costs, while eliminating the problem. A multi-tiered approach can effectively, keep spam entirely off of the network and out of your user's inboxes.

Ray Everett Church brings over 15 years of experience to his role as TurnTide's chief privacy officer (CPO). He is a co-founder and serves as counsel to the Coalition Against Unsolicited Commercial Email (CAUCE), the nation's oldest and largest anti-spam advocacy group. In addition, he has co-authored Internet Privacy for Dummies (2002) and Fighting Spam for Dummies (2004), among other publications. You can contact Ray via email at ray@turntide.com.