Positively false

Yes, anti-spam measures are easy and inexpensive but the devil lies in the management. I would suggest you train your users in the reality of e-mail reliability, enable sender whitelists, and put the onus on the recipient and the sender to track their messages if they matter. And maybe personally handle the CEO’s false-positive problem.

Regarding last week’s Backspin about the disappointing outcome of New York’s case against spammer OptInRealBig.com, reader Scott Hutchinson writes: “To a big spam house, a $50,000 fine can be considered a cost of doing business and, in this case, cheap advertising. Now everyone who might want to use a spam house to advertise knows this company is effective.”

Yep, therein lies the Catch-22 – unethical marketers and how they operate is something that needs to be talked about, but that also gives them exposure. On the other hand, exposure in Network World shouldn’t be of much value because readers (ahem!) don’t spam.

Anyway, we were talking about false positives – the problem of valid messages being judged as spam and being delayed or deleted – and I suggested this really shouldn’t be that much of a problem. It all comes down to how seriously you treat messaging and whether your users understand the technologies and processes involved. The issue is really simple: SMTP e-mail is unreliable. That’s it.

If it matters to you as the originator of a message that it gets through you need to ask for confirmation of delivery by reply or by phone. On the other hand, if you are the recipient and you want to make sure that messages from Sender X have the best possible chance of reaching you, then you must make sure that your e-mail works correctly and that the sender is in your whitelist.

The problem seems to be that some people hold e-mail to higher standards than the technology and their responsibility warrant. I heard of an IT person who was getting grief from his CEO because the anti-spam system filtered out a few personal – not business! – messages and the CEO missed a golf date.

Now let’s ask ourselves: Is this reasonable? Well, it would be if the CEO were willing to buy the resources that would ensure that his precious e-mail was handled by a human, but you know what he would say: “Why have we spent all this money on an anti-spam system if it doesn’t work?”

One reader said he is “somewhat confused about all the hand-wringing about spam at the corporate level. As you noted, implementing a fairly simple tool basically solves the problem and requires about a half-hour a day to check for false positives, and most of those are personal and are not critical business messages.”

So what might the false-positive problem look like to a large organization?

Let’s look at a company with 10,000 users that each get an average of, say, 100 messages per day. If we assume 95% of the messages are spam and there is a false-negative rate (spam identified as valid messages) of 1%, then 94.05 of the spam messages will be quarantined and 0.95 of the spam will sneak through to the user’s in-box.

Of the five valid messages delivered, let’s presume there is a 1% false-positive rate (valid messages identified as spam). That means 0.05 of these real messages will be quarantined and 4.95 will be delivered as legitimate mail.

Added up, the result will be a total of 94.1 messages sent to quarantine and 5.9 to the user’s in-box.

Thus we will have a total for all users of 500 false positives per day that we have to sort out from a total of 941,000 messages judged as spam. Even if we can eliminate 99% of the true positives there are still about 9,410 messages to process and at 5 seconds each that’s 13 man-hours per day – essentially a job of two more people just because the CEO doesn’t want to miss a golf game!

So, yes, anti-spam measures are easy and inexpensive but the devil lies in the management. I would suggest you train your users in the reality of e-mail reliability, enable sender whitelists, and put the onus on the recipient and the sender to track their messages if they matter. And maybe personally handle the CEO’s false-positive problem.

Positively write to backspin@gibbs.com.