ISPs ratcheting up their anti-spam efforts

Customers look to ISPs to share burden.

As the spam epidemic continues to worsen, ISPs are taking on a more leading role in trying to stop unwanted e-mail from reaching corporate networks and consumer in-boxes.

As the spam epidemic continues to worsen, ISPs are taking on a more leading role in trying to stop unwanted e-mail from reaching corporate networks and consumer in-boxes.

Although a few ISPs have offered anti-spam services for years, many are just starting to roll out their offerings. These anti-spam services range from server filters that ISPs use to capture spam intended for their customers, to managed services that those providing e-mail hosting have added to their lineups.

"Because ISPs can capture traffic at the aggregation points and cleanse the traffic prior to it being sent on to the customer, it makes more efficient use of their network" to use anti-spam filters, says Michael Suby, a senior research analyst at Stratecast. "In some regards it's self-serving, but in a good way. On the inbound they're catching traffic they don't have to pass through ... so they're reducing their network requirements and also serving their customers."

Yet, like any other anti-spam technology, the filters and techniques that ISPs offer are not a cure-all.

"We don't guarantee that it blocks spam 100%; our lawyers won't let us say that," says Matt Bobb, vice president of product development and core services with EarthLink, about the ISP's new SpamBlocker service. "But I have not received one piece of spam since I started using it."

SpamBlocker is a challenge-response system that forces an e-mail sender who is not listed in a recipient's address book to demonstrate that the sender is not an automated spam program by answering a simple question before getting the recipient's permission to send an e-mail.

About five months ago EarthLink began offering SpamBlocker, a free, homegrown service, in addition to Brightmail's antivirus software for ISPs, which runs on its servers as an extra layer of protection, Bobb says. Brightmail captures 70% to 80% of the spam coming into EarthLink's network. "It was fine up until a year ago, when the spam epidemic exploded. Then we said we really need to step up the level of protection, since we were hearing from our customers that [spam] was getting in the way of their productivity. Plus it's annoying," Bobb says.

While EarthLink's customers are primarily consumers, companies are looking to ISPs to take spam detection off their hands. Companies offering e-mail hosting services, such as Sprint and Cable & Wireless, in the past year have added anti-spam filters to block unwanted e-mail before it reaches their customers' networks.

Employees at Tri-Chem in Madison Heights, Mich., a manufacturer of industrial cleaners and related products, were so frustrated with the spam flooding their in-boxes that management considered tearing out all the computers in the organization and returning to paper-based systems, says CEO David Chernow. Instead, the company enlisted Sprint's E-mail Protection Services to block spam before e-mail flows into Tri-Chem's network. The $2 to $4 per user, per month, cost of Sprint's service, which includes antivirus protection and other messaging options, is made up in regained productivity for the 100-person workforce, Chernow says.

"If you think about the time and energy you spend [deleting spam] every day and the drain on the servers, we see that getting an anti-spam service has really cut down a lot on costs," he said.

Sprint turns to partner

For this offering, Sprint partnered with anti-spam service vendor FrontBridge Technologies, which collocates switches in the ISP's network, says Stacy Meadows, group manager of managed IP security services product management with Sprint. The service uses heuristics, blacklists, fingerprinting, rules-based scoring and other methods to detect spam. It also includes Web reporting tools for view statistics, such as how many spams were received and who in the organization received the most spam, and a quarantine area where the customer's network administrator can review e-mail that the service considered to be spam.

"The key advantage is we are taking all of this [unwanted e-mail] outside the customer's network, so it's never reaching the network or burning resources," Meadows says.

While having an ISP take over a company's spam headache and its e-mail might seem like an elegant solution, some experts warn that these services don't offer customers as much control over how spam is managed as in-house anti-spam filters might.

"If I were a business, I don't think I'd want my ISP filtering my mail for me; I need to have control of everything, and I want the spam so I can see the false positives," says Matt Cain, an analyst with Meta Group.

And even though many ISPs, like Sprint, offer spam management tools, they're rarely customizable down to the end-user level, Cain adds. That means users can't always, say, check quarantine in-boxes or add to white- or blacklists. Instead, that burden is given to an administrator.

C&W partnered with another U.K. company, MessageLabs, to offer spam and virus protection to customers that use its hosted services. While this service does not give a company's end users much control either, MessageLabs is working to add those tools to the offering, says Robert Hansen, C&W's product manager of managed security services.

C&W began offering spam protection about six months ago in the U.S. and views it as a necessary component of its hosting service.

"ISPs have to [offer anti-spam]. If they don't do it they're behind the times," Hansen says. "Customers need [spam protection] so badly that they're willing to go" to other vendors if their ISP doesn't offer it, he says.

Don't expect miracles

With most ISPs offering some form of spam protection, it might seem that in-boxes today should be virtually spam-free, because all e-mail that travels across the Internet must traverse an ISP's network at the sender and recipient ends. But could ISPs become designated spam guards and hold unwanted e-mail at the edges of their networks until their users clear it?

The costs keep going up

Numbers show the effect of spam on on the average company.
Spam costs the average corporation $49 per user each year; a company with 10,000 in-boxes is out almost half a million dollars.
Today, if that company is running 21 Microsoft Exchange 2000 servers, five will do nothing but process spam.
By 2007, that number will jump to 25 servers processing spam, out of 50 total servers, if more isn’t done to block unwanted messages.

Unfortunately not, these vendors say. As long as spammers continue to find ways around spam filters and techniques, unwanted e-mail will slip through even the most-rigorous detection technology.

"Spammers are very clever. It's an interesting battle. When we filter out words at [an e-mail message's] header, such as 'girls,' they change the spelling to 'girlz,'" says Ceil Hall, product development director for AT&T's Worldnet consumer ISP service. Worldnet has offered spam protection via Brightmail's anti-spam software for ISPs since 1999. "It could be a lot worse" if ISPs were doing nothing to block spam, she says.

And while ISPs have the right to filter all spam coming into their networks bound for their customers, as long as they state so in their terms and conditions, few are prepared to take on the role of judging what their customers deem spam and what is wanted e-mail.

"It's way too huge of a burden" for ISPs to make those judgment calls, says Stewart Baker, general counsel for the U.S. Internet Service Provider Association. "ISPs can block some stuff that's obviously spam, but there's a lot of [unwanted mail] that gets through. If ISPs want to filter more aggressively, they're running a bigger and bigger risk that they'll lose mail that people want."

Copyright © 2003 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022