Skip Links

Coming soon to your IM client: Spim

By , Network World
February 09, 2004 12:05 AM ET

Network World - Instant-messaging spam - or spim, as it's often called - is beginning its march into the corporate world. Spim isn't nearly the headache that e-mail spam has become, largely because instant messaging isn't as ubiquitous as e-mail in corporate settings and IM spammers are easier to catch with the closed nature of IM networks. But experts predict that unwanted IMs have the potential to wreak just as much havoc as spam.

"So far we're told by customers that [spim] is not a big problem. But we find it hard to imagine that it's not going to turn into a tremendous issue," says Sara Radicati, principal analyst at The Radicati Group. Radicati reports that 26% of companies are using IM as a corporate service, and 44% say employees use IM but it isn't a company standard.

Also: Another window for spim

Financial companies are known for their heavy use of instant messaging, but Lee Blackmore, director of IT at Stifel Nicolaus, says he was surprised to learn how widespread IM use was at the Midwestern brokerage house. He was about to ban all use of IM for fear of security breaches that the service can cause, but the company's institutional traders put up a fuss. Instead, he agreed to let the company's 175 traders use any IM service they like and installed IMlogic's IM Manager to control and secure communications.

"My concern [with IM], in running the IT department, was spam, and what people were really using [IM] for," Blackmore says. Although the traders block incoming messages from people who aren't on their contact lists, the majority of them are allowed to use IM to communicate with people outside the company.

As corporate use of IM rises, so does the potential for abuse. With the most popular consumer IM services - namely those from AOL, Microsoft's MSN and Yahoo - available for free, all spammers need is a list of screen names to start clogging these systems with unwanted messages. Granted, it's much harder today to flood networks with IMs than with e-mail because bulk mailing tools and lists of user names aren't readily available to IM spammers. But some say it's just a matter of time.

"God help us if we can't see this thing coming" based on the industry's experience with e-mail spam, says Jon Sakoda, vice president of products at IMlogic, which develops software that adds security to popular IM services.

Much like e-mail spam, spim eats up network resources and drains users' productivity, but has the added punch of creating workplace issues when messages of a sexual nature invade workers' screens.

"There's some real potential danger for corporations," says Matthew Prince, CEO of consulting firm Unspam and an attorney. "Many workers believe that their employer has the duty to protect them from unsolicited and pornographic content. If [the employer] didn't, that would be enough to constitute a hostile work environment."

Despite the potential threats posed to corporations, some of the major IM service providers maintain that spim isn't really an issue. Spim accounts for less than 2% of traffic that crosses Yahoo's IM service, called Yahoo Messenger, says Lisa Pollock Mann, senior director of Yahoo Messenger.

The company makes it difficult for spammers to abuse its service by requiring Yahoo Messenger senders to have a Yahoo ID; obtaining one includes a registration process and an image verification test that automated systems can't pass, she says. Yahoo also monitors its IM network for signs of abuse, such as a high level of message sending, and will kick off any member who violates the terms of service, Mann adds.

However, some experts dispute the IM service providers' claims that spim won't become a major problem. "I'm very skeptical. Years ago if someone had asked them they would have given the same answer about e-mail spam," Radicati says.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News