• United States

Justifying anti-spam costs

News Analysis
Jun 14, 20045 mins
Data CenterMalwareTechnology Industry

Analyzing the toll unwanted e-mail takes on productivity, bandwidth, storage and support aids your attack.

If spam has a bright side, it’s that the universal annoyance this unwanted e-mail causes everyone from the loading dock manager to the chairman of the board makes it easier for IT to win spending approval for tools to help fight the beast.

Spam’s strain on corporate coffers isn’t just in lost productivity, which some companies report can be in the hundreds of thousands of dollars per year. It also steals from bandwidth, network storage  and end-user support. And the cost of spam doesn’t stop there, considering the potential damage to a corporation’s brand or possible litigation arising from the exchange or receipt of questionable e-mail.

Even though selling the benefits of spam blockers can be fairly straightforward given that they must deal with a flood of junk mail, experts say accurately documenting the cost of spam can help IT secure a larger budget and ensure that an effective system is put in place.

“You want to make a Cadillac decision, not a Hyundai decision,” says Tom Pisello, founder and CEO of consultancy Alinean, which assesses the business value of IT investments. He says good spam filtering systems can reduce the productivity losses associated with spam by 40% and the associated IT costs by 70%.

There are dozens of anti-spam products and services to consider, such as e-mail appliances, filtering software and hosted services.

“Midsized and large companies need a more sophisticated system than smaller companies, and that’s why you have to do your due diligence. A business case is going to be needed for any purchase over $50,000,” Pisello says.

And that is the low end. Effective spam-filtering products can run into six figures.

IT managers who do the work to document their needs also are those more likely to gain the benefits such as payback on anti-spam products within six months or less and a ROI of well over 300%, Pisello says.

Quantify costs

Where does the assessment start?

Most IT managers build their case on four key areas: productivity, bandwidth, storage and help desk support. While lost productivity is an obvious area where spam takes its toll, users shouldn’t ignore that spam can consume up to 11% of a company’s bandwidth and up to 500G bytes of storage each year, according to Alinean. Spam also can generate up to five extra help desk calls per day, per 100 users, which can mandate the need for extra staff.

“After we totaled up our costs it was a no-brainer,” says Mark Fitzgerald, senior technical specialist for workplace automation technology at KeyCorp, a financial services company in Cleveland with assets of $86 billion. “Spam was costing us over $1 million per year.”

Fitzgerald used that figure as the centerpiece for a formal proposal and ROI overview.

“Spam was so bad it was an easy decision,” he says. Fitzgerald secured an initial $150,000 budget and this January deployed an IronPort C60 anti-spam appliance backed by spam filtering services from Brightmail. The company now blocks 90% of the spam that comes to its gateway, compared with the 27% previously weeded out by a faltering content filter.

Eliminating 80% to 90% of spam is an admirable target, experts say. But IT users must ensure they don’t block valid communications and should aim for less than 1% false positives.

Fitzgerald says appliances such as IronPort probably will be out of reach for smaller companies, but he recommends those companies make a detailed list of desired features. “We did a lot of research up front and created a list of our needs,” he says, which ensured the company met its priority for a product that guaranteed few false positives.

Sometimes, however, money is an issue and users must react quickly.

“In our situation, it was a matter of ‘you need to go fix this,'” says Ron Mann, network administrator for the Colorado Department of Agriculture in Denver. And he had to fix it on a $1,600 budget, he was told.

Mann says he got to work and downloaded evaluation software from three companies before selecting Power Tools for Exchange from Nemx Software based on its ease of use and performance qualities.

Now with the the Colorado Department of Agriculture planning an upgrade to its Microsoft Exchange infrastructure, Mann says he will use the knowledge gained on the first go-round with anti-spam software to get a new filter in place.

He says he might be too busy to determine what spam is costing the organization, but he has learned a new approach.

“The goal is to make a less-hurried decision,” he says.

And with the extra time, he says he hopes his evaluation will lead to a choice that will serve his organization in the long run. “I think spam is something we are going to have to live with and something that we need to keep a constant eye on,” he says.

Policies play a part

Experts agree and say nothing will eradicate the spam problem, but there are a few techniques that can decrease the amount of spam. Don’t publish e-mail addresses on a public Web site since spam programs search those sites for new targets, and think about text and header analysis, blacklists and anti-spoofing technology as a minimal line of defense. Also, educate users on behaviors that influence the amount of spam they receive. Alinean recommends users curtail visits or registration on questionable Web sites, and never respond to spam e-mails.