Babies and bathwater

Throwing away your spam filter so it cannot prevent crucial messages reaching your inbox rather misses the point

Throwing away your spam filter so it cannot prevent crucial messages reaching your inbox rather misses the point

Concerns about the volume of unsolicited e-mail and its effect on productivity are increasingly outweighed by concerns about the reliability of the e-mail system itself.

Although most e-mail users are willing to tolerate the odd unwanted message that bypasses a spam filter, the risk that legitimate e-mail may be mistakenly blocked by a spam filter - false positives - has given many companies sleepless nights and provoked some users to action.

US operator Verizon is currently facing a lawsuit from five customers who claim they lost potential clients because the company’s spam filter blocked legitimate sales enquiries. It remains to be seen whether the case will open the floodgates for similar claims, but evidence has suggested that nearly all business users have suffered from over-stringent spam controls preventing the delivery of legitimate e-mails.

The reliability of e-mail is integral to its value as a business communication tool. It is increasingly the main point of contact between companies, clients and customers, relied upon to relay contracts, deadlines and purchase orders. So although spam is seen as a problem, it is one that a growing number of users are willing to tolerate rather than risk the prospect of losing a client or sale.

But if spam controls are turned off altogether, companies will encounter a bigger network burden, reduced productivity and potential legal claims from their own staff for not doing enough to protect them from, for instance, offensive pornographic spam.

So what is the solution? Users must draw a distinction between critical and non-critical false positives. User-to-user e-mails fall into the first category and should easily be decipherable as legitimate messages by an intelligent spam filter. The non-critical false positives are e-mails users may wish to receive, but which are not necessarily essential, such as newsletters.

A major step for companies in tackling the problem of false positives is to avoid cheap, “silver bullet” security solutions. Although some false positives are inevitable, most should apply only to non-critical messages.

Customers can opt to implement “whitelist only” systems, where e-mail can pass through the spam filter only if the sender has prior approval. But managing a company-wide whitelist could prove costly and time consuming.

Another option is to put control in the hands of the end-user. Anti-spam technology deployed at the network edge can block messages that obviously match the criteria for spam and the remaining suspect messages can be quarantined into junk folders which can be reviewed by end-users. These folders can be set to expire after a certain time period (say, one to two weeks) to keep them manageable.

Users can be sent a daily digest of all blocked messages so they can release any they want and add them to their personal whitelist, allowing them to pass in future without interference.

The spam hysteria of the past few years has created the impression that blocking unwanted e-mail is the paramount concern for businesses, with the result that some have lost sight of their users’ real concerns. Blocking unwanted messages ultimately serves no purpose if it undermines the effectiveness of e-mail. The balance between security and reliability must be redressed.

Jamie Cowper is senior technical consultant at Mirapoint

Mirapoint can be found at InfoSecurity at stand number 355

Read more on Antivirus, firewall and IDS products