Can Email Be Saved?

By Jeff Vance

(Back to article)

Can email be saved? One Interop exhibitor believes it can, but to win the war on spam, malware, and phish we will have to change how we go about fighting them.

“Spam filters are just guessing machines,” said Tim Lee-Thorp, vice president of marketing for Sendio, an anti-spam startup. “There’s a basic mistake in this approach, which regards spam as a nuisance rather than a real threat.”

That threat could be to financial assets, as with ID theft or phishing, to productivity when employees are swamped with unwanted mail, or even to network resources when false positives force organizations to store tons of junk mail for recovery or archival purposes.

“When spam was largely from annoying marketers, filtering made sense. But the typical spam sender today isn’t a marketer but an organized criminal,” Lee-Thorp noted.

Those who track spam, such as Postini and SonicWall, show an ever-increasing volume of spam, despite better filtering technologies. For May 24, Positini reported that 80% of all emails were spam. At the SonicWall booth, a representative handed me their latest statistics, which showed that spam volumes rose by 44% in Q1 2007 from Q4 2006.

Overall junk email – which includes spam, phishing, viruses, Directory Harvest and similar types of attacks – rose 24% over the same period.

For the average knowledge worker, though, things don’t look so bad – on the surface. The typical enterprise email inbox doesn’t reflect the nature of the problem. With a spam-blocking gateway in the network and some sort of client-side filtering in place, spam seems reasonably manageable.

The Forgotten Spam Victim – IT

That’s just the appearance, though. IT administrators know that the problem is deeper. Bandwidth is tied up, storage and backup plans are thrown out of whack, and when an important email gets lost, IT can spend hours searching through archives for that one false positive.

While I was talking with Sendio at Interop, a couple of their customers dropped by the booth. Erick Grau, IT manager for Khronos, a New York based asset management firm, noted that in the financial world, one lost message could be disastrous.

“If a false positive filters away a time-sensitive, important email, we might lose a million-dollar deal,” he said.

Another data storage issue is data content management and retrieval.

“If you’ve created a medical fund data store, you don’t want a bunch of Viagra emails in there,” Grau said.

Without a better solution that prevents spam from ever getting stored, while saving potential false positives for potential retrieval, data management efforts are undermined.

A second Sendio customer, the White Bear Lake Area Schools, which is just outside of St. Paul, Minn., also struggled with storage.

“We have about 14,000 email accounts,” said Chris Hautman, technology manager for the schools. With spam getting into the network before being filtered, it all became part of the schools’ ongoing backups. “Spam was the main reason our backup times were becoming longer and longer.”As a result, the schools backed up less often – meaning spam was undermining data recovery. Relying on filtering, Hautman was constantly fine-tuning the system. With a majority of spam blocked, false positives went up, and teachers, administrators, and parents would complain. If more messages were passed through, end users griped about increasing amounts of junk.

Is Sender Verification the Answer?

To address these issues, both Khronos and White Bear Lake Area Schools installed Sendio’s I.C.E. Box. The appliance sits in front of the enterprise email server infrastructure and relies on sender verification.

When a message is received from a first-time sender, the box identifies the message for special treatment. The sender receives an immediate acknowledgement of the receipt of the message and a request to verify the email address. If the sender replies, there’s a very good chance that a real person is on the other end of the message. Spam servers, of course, can’t do this, nor can spam zombies. They are only effective if invisible, which prevents them from being blocked at the ISP or domain level.

“It’s important to remember exactly what spam is if you want to fight it,” Lee-Thorp said. “It has three key features: it’s unwanted, voluminous, and anonymous.”

Most technologies focus only on volume and the probability that a message may be unwanted. They determine those probabilities through content analysis or various systems of scoring. A much more basic indication, though, is overlooked. Anonymous email is almost always unwanted. Not allowing senders to be anonymous makes the content somewhat besides the points.

Other I.C.E. Box features include the ability to automatically whitelist a user’s contacts, while also whitelisting the addresses on outgoing email, which cuts down on the number of verifications a person’s contacts need to perform.

“After the system is trained, this can operate beyond the spam level, giving end users control over who gets into their inboxes,” Lee-Thorp said. If a sender has been verified, but keeps sending pesky forwards, for instance, that person can be blocked outright or quarantined so the messages can be grouped and scanned in an instance, without ever cluttering an inbox.

For an IT administrator, I.C.E. Box is also about more than spam, or, more accurately, it frees them from having spam abatement as one of their major, time-consuming projects.

“I felt like my job had become spam management,” Grau said. “Now, I can tackle all of those other projects that I didn’t have the time to work on.”