Spam filters: Making them work
- — 23 September, 2008 09:10
Spam. It fills our in-boxes, wastes our time and spreads malware -- and it's only getting worse. According to Ferris Research, which studies messaging and content control, 40 trillion spam messages will be sent in 2008, costing businesses more than US$140 billion worldwide -- a significant increase from the 18 trillion sent in 2006 and the 30 trillion in 2007.
In theory, e-mail filtering software and appliances allow "good" e-mail messages to pass through while stopping spam. But the filters can mistakenly allow spam to pass through (a false negative), or they can mistakenly block valid e-mail (a false positive).
Typically, after identifying a message as spam, the filtering software either blocks it or quarantines it, letting the recipient review it later. Although the latter method provides a chance to retrieve false positives, it requires time and effort that users often won't spare.
Users and organizations that receive spam pay about four cents per message to delete it, according to Ferris. But Richi Jennings, a Ferris analyst, says the cost of locating missing valid e-mails is far greater -- about US$3.50 per message.
Even worse, Jennings says, is that organizations can incur potentially greater costs through missed opportunities because of false positives they never see -- such as a request for proposal that a consulting firm fails to receive.
Combating False Positives
On both the sending and the receiving ends, minimizing false positives is critical for your organization. Here are some steps you can take.
1. Use a spam filter. False positives can leave you wondering if you should simply toss your spam filter. Don't.
False positives can occur even without a filter, such as when a user, seeing multiple spam subjects in an in-box, manually hits "delete" multiple times, not realizing that buried within the list is a legitimate e-mail. A state-of-the-art spam filter catches 97 percent to 99 percent of spam, says Jennings, thus helping prevent erroneous manual deletions.
2. Locate your filter at the network DMZ. A "demilitarized zone" in the context of a computer network is an area that buffers the private internal network from the public Internet. Systems in the DMZ are vulnerable to attacks from the outside, but they protect the internal network from outside attacks. Putting your spam filter at the DMZ allows it to monitor the characteristics of the connection and acquire more information about incoming e-mail messages, which can be critical to determining whether a message is spam, says Jennings.