About four years ago, Tim Carter had what felt like a nervous breakdown, but it wasn't because of his personal life. "I snapped. I literally went nuts because I was receiving so much spam about 100 messages a day," says Carter, an information resource manager for a small college in the Amherst, New York area.
So what did he do? He looked up the owners of the spam sites in the WhoIs domain registry, contacted them and told them to take him off their lists. "I had it down to about 25 or 30 spam a day; it had dwindled, but after that there was no improvement," says Carter. "I'd get into work by 7:45 and by lunch time I might be done looking up all the spammers and contacting them. It would take me hours and hours."
The company registers e-mail addresses or entire domains on a "Do Not Intrude Registry." Here's how it works: Install the Blue Frog client on an Internet-connected PC. No integration with existing network or e-mail infrastructure is required. Your spam is forwarded to Blue Security for analysis.
Blue Frog then posts "opt-out" requests on the sites advertised by spam, asking spammers to remove registered addresses from their mailing lists and to stop sending unsolicited spam to Blue Community members. By eliminating spam sent to their e-mail servers, domain owners reduce expenses on network bandwidth, e-mail storage and backup.
"Now all I do is forward my spam to them. I'm a bit obsessive, so I used a spreadsheet to keep track of how many spam e-mails I got per hour for four accounts. After I downloaded Blue Security's application, I averaged maybe 10 a day or less," says Carter. "What used to take me hours and hours is now done automatically. It takes a minute to install, it sits in your system tray, you forward all your spam to that address and then sit back and laugh."
Eran Reshef, CEO and founder of Blue Security, says, "The key thing is getting enough people to realize that just deleting spam is not going to remove the problem. We are creating a community. We need to stand up for our rights and change the way spammers treat us. We're finding that spammers understand that sending out messages to people who are going to complain or work with ISPs to close them down and not buy their product is counterproductive. A lot of times they comply."
Blue Security also sends daily reports to the FTC, Interpol, the SEC., ISP domain registrars and the like about illegal spam activities, sometimes garnering instant results. "For example, we notified a free hosting provider about some illegal activity going on," says Reshef, "and within 24 hours they had closed down 300 Web sites."
Blue Security's service is free for consumers and small businesses registering domain names with up to 200 e-mail addresses. The free service will be available for the remainder of 2005 and through 2006 if you join the Blue Community before March 31, 2006.
You're Not Alone
Industry watchers say unsolicited e-mails comprise anywhere from 30 to 60 percent of incoming correspondence for most companies, resulting in $20 billion of lost productivity per year. The Radicati Group, a market research firm, says the number of spam missives ballooned from 15 billion in 2003 to 35 billion in 2004.
|Blue Frog automatically contacts spam companies and tells them to remove you from their spam lists.|
The good news is that the market has matured to meet the needs of companies suffering from a deluge of spam. In the past, you needed separate applications to stem spam and protect your network from viruses. Now many security solutions for e-mail wrap spam filtering, virus and "denial of service" (DoS) attack prevention into one package. They guard your e-mail server by receiving and filtering all your incoming messages.
Taking Spam Off Your Hands
One market leader in this area is Postini, a Redwood City, Calif.-based company that specializes in e-mail security and management services and offers a plan for small businesses. The service is designed to stop spam, viruses, phishing and DoS attacks before they reach your company's server.
Once you subscribe to Postini's Perimeter Manager Small Business Edition (for $30 per person per year), your company's incoming and outgoing e-mail gets routed through Postini's servers for analysis and, if necessary, deletion or quarantine. Postini also provides security for instant messaging (IM) and archives e-mails, which can be useful should a firm face legal action or need to recall important information.
"We don't sell hardware or software, we sell a managed service, so it's perfect for small businesses who do not have IT departments to install, configure and maintain software," says Andrew Lochart, senior director of marketing for Postini. "The average small business owner does not have a black belt in e-mail management, that's where we come in." About 88 percent of a company's e-mail is spam, or phishing or virus-related, says Lochart, which can overwhelm businesses with small servers.
|Use the Report Spam menu option to forward your spam to Blue Frog.|
Of course not every anti-spam service or application is foolproof, sometimes scanning results in "false positives," or legitimate e-mails that get flagged as spam. Postini puts all suspected e-mails occurring in the past 24 hours in a quarantined "in box" so the intended recipients can easily scroll through to check for anything worth keeping.
If You Have Money to Spend
If you can afford something in the $7,000-range, you might want to consider CipherTrust IronMail by Cipher Trust. The company offers a solution customized especially for small business owners, called IronMail S-class. You can get a free trial at the Web site.
IronMail protects e-mail systems in five ways, according to its Web site. First, it examines each connection request before it is accepted to ensure that it's legitimate. So, for example, if IronMail cannot validate the sending server (using a technique such as Reverse DNS lookup), or a message is sent from a known spammer (as identified by a real-time black hole list), it is automatically rejected.
Second, once IronMail determines that a connection is an actual e-mail-connection request, it captures and examines all the data in the connection to make sure it's not carrying a mail attack, such as buffer overflow. Third, it protects privacy (with SSL encryption) and against viruses. Fourth, it protects Web mail systems such as Microsoft's Outlook Web Access and IBM's iNotes by detecting and blocking Web-based attacks.
Finally, it protects your company by enforcing compliance with company e-mail policies. This can include forcing (or denying) client-based encryption for select users, groups and domains and checking messages and attachments for disallowed user-specified keywords, such as offensive language.
In the end, one thing is certain when it comes to spam: whether it's free or it costs thousands of dollars, it pays to have a system in place so you're not driven to tracking it in a spread sheet and spending each morning canning your own spam.
When Michelle Megna began covering technology for computer magazines, the CD-ROM and AOL didn't yet exist. Since then, she's been on the byte beat for FamilyPC, Time Inc. and the New York Daily News. She's still waiting to see a pair of 3-D goggles that actually work.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|