What spam really costs, Part I

I was recently ringmaster at a Network World seminar sponsored by Surf Control on fighting spam, and a couple of days ago I spoke about the cost of spam at Jim Sterne’s Emetrics Summit 2003 in Santa Barbara, Calif.

From these events I discovered 1) how few companies have a handle on how their e-mail systems work and what they cost, 2) how little they know about their users’ experience, and 3) what spam really costs. To answer the latter you need to know the former.

The first issue requires a straightforward review of your system architecture, including equipment, services, and (this is the one that almost always gets overlooked) how they integrate (or don’t) with business processes (if you have trouble getting this review done, let me know, I will be only too happy to help you for an exorbitant fee).

You also need to know what your incoming data services look like: what they cost per month, what percentage of the bandwidth is actually used and what fraction of that is used for e-mail.

And you’ll need to know what the management and maintenance costs are for e-mail, and what costs are involved with the storage of e-mail on a monthly basis (don’t overlook desktop costs and transient storage on the server).

The next issue is crucial: You need to survey your users. “What!” I hear you exclaim. “We have to actually talk to them?” Yep, sorry, but like it or not, and no matter how management policies might shelter you from the harsh reality of the front lines of your business battle, those end users are your customers. And as is always the case, fail to serve your customers and you eventually will pay for it.

In the case of spam, you need to find out what your end users actually do with e-mail and what they perceive the spam problem to be.

The first task is to find out how much mail each user sends and receives each month (a month usually gives a more accurate profile than a week or a day) and segregate that into internal and external routings. Then ask the users what percentage of the mail they receive is what they think of as spam.

This is a crucial issue: What you in IT think of as spam could differ significantly from the end user’s viewpoint. For example, you’ll both (I hope) agree that hot teens and the enlargement of bodily parts constitute spam. Where you’ll differ could be more subtle. Your users might not object to refinancing opportunities and actually might welcome offers from obscure Chinese manufacturers. You’re going to have to do a little digging here.

So, if you have a large user population and can’t survey everyone, use a statistically significant sample, and then go and find out what they think. Then ask them to forward samples of each type of spam they get for analysis (make sure you use the term “analysis” – it always sounds much sexier then “check out”).

You might also ask them to submit samples of messages they consider non-work-related but not spam. This will give you insight into what users actually do with e-mail in terms of workplace communications, such as swapping jokes with colleagues and business contacts, and keeping in contact with friends and family.

You also should watch a few users handle their e-mail. Find out how long it takes them to handle the spam they get and then work out the average time it takes for them to handle a spam message.

In the spam cost models I have built, I worked with a value of 5 seconds for a user to handle a piece of spam, but for your users’ mileage might vary. Some IT people have told me their average user takes roughly 1 minute to deal with each spam, which significantly increases the cost.

OK, so that’s your homework. Find out all of those figures, and next week we’ll start working on the last issue: what the cost of spam really is for you.

Send your homework to backspin@gibbs.com.