Putting spam in its place

Spam is annoying, but harmless, right?Wrong. According to the market research company Radicati Group of Palo Alto, Calif., more than 50 billion pieces of spam will be sent every day by 2007, and organizations will pay nearly $200 billion per year to deal with them.Pop-ups are similar: costly nuisances that organizations must somehow handle.Many products are available to manage spam and control pop-ups, ranging from free downloads to expensive solutions involving hardware, software and services. Spam is unwanted or irrelevant e-mail, regardless of source or purpose. Most spam is sent to annoy or to make money. Spam has many negative effects. The time required to read and delete spam is significant, distracts employees from their actual work, and can cost an organization hundreds of dollars per employee per year.All that spam flowing through the network eats up resources. It sucks up storage and backup space, just as legitimate e-mail does. Since spam ultimately arrives via Internet connections, Internet bandwidth is diminished. Some unwanted e-mail'especially pornographic messages or images'can upset employees and leave organizations liable for damages. Also, spam can contain malicious payloads that devastate systems.The problem is worse for government agencies that try to be easily available to the public. Accessible e-mail addresses are harvested and spread by spammers, making government agencies prime targets. People might be contacting officials about legitimate issues such as pornography, so simply excluding e-mail containing certain keywords will not be effective.Window pop-ups also are driven largely by senders' desire to advertise and sell products.Pop-ups can take several forms:Employees have to waste time closing these pop-ups, which can proliferate rapidly. Each pop-up uses system resources, leaving less memory and processing power for legitimate applications.The more recalcitrant pop-ups can even require help from system administrators, interfering with their other responsibilities. Some pop-ups also present offensive text and images. Finally, pop-ups can camouflage malicious activities. You can classify anti-spam programs as in-house or outside methods.Outside solutions are supplied by vendors whose servers become the destination for all e-mail sent to the organization. The vendor then separates legitimate e-mail from spam and forwards it to your employees.The advantage of this method is that spam never enters the organization, relieving system, Internet and network resources from the burden. This method is completely transparent to employees and requires no special software or configuration.A drawback is that you may not have much control over individuals' spam criteria, and users can't fine-tune their own preferences.If an organization elects to handle its own spam, it can do so at the point e-mail enters the system, at the e-mail server or at the users' client computers.E-mail gateways consist of hardware, software or a combination of both. They very often include other features such as a firewall or an antivirus program. Organizations that need all these features should look for a single appliance to handle everything.Many programs work with the organization's e-mail server. This gives administrators a great deal of control over configuring and fine-tuning the anti-spam features. If an organization does not control its Internet connection, this is the next best thing.Finally, individual copies of anti-spam software can run on each user computer. This lets users control their own spam sensitivity, and this software is often very inexpensive or free. But letting spam into an organization at all is a drain on resources: Such client-based software usually only makes sense if it's impossible or impractical to use systemwide solutions.There are many approaches to catching spam, no matter who filters it, or where. Almost all solutions employ the simplest one, a blacklist blocking known spammers, spam-ridden domains or even entire countries.A whitelist is the opposite of a blacklist: It's a list of known nonspammers, including friends and family. Scans for significant keywords, such as 'viagra,' catch only the more obvious spam messages. Most spammers know how to outwit these defenses, sometimes simply by misspelling words such as 'vi@gra.'Many vendors compile databases of profiles that classify an e-mail as spam. Heuristic techniques learn what is spam, and what is not, as they go along.Some systems use a whitelist of senders known to be acceptable and send challenge messages to everyone else. Senders must establish themselves as legitimate before their e-mail is accepted.Bayesian analysis uses statistical methods to classify e-mail as most likely spam or not.So, which approach works best? None of them'or, at least, none of them alone.Each approach has some drawback that either lets spam through or blocks legitimate e-mail. That's why programs that use multiple approaches, or layers, are best. You should either find a solution that employs many approaches or apply several solutions, each using different approaches. Make sure combinations of solutions don't become unwieldy to administer or use.Pop-up blockers also come in different flavors. Some simply filter Web pages and strip out codes that make pop-up windows possible. Others can do the same thing with incoming images, sounds, animations and so forth. More sophisticated programs can muzzle spyware and keep adware from delivering its ads. Most such programs run on individual users' computers.Vendors periodically update their libraries of keywords, fingerprints and so forth. Make sure the vendor does this frequently enough to suit you. Software should also be able to access updates automatically. Some vendors charge for updates, some don't.Since one of the main reasons to eliminate spam and pop-ups is to save time, solutions should be as low-maintenance as possible. You want solutions you can set and forget, without having to reset parameters constantly. Take into account special situations your agency may face. A challenge-based solution doesn't make sense if you welcome e-mail from the public, since each contact is probably unique. If you need to accept e-mail that may have questionable words, solutions that block all such messages won't work.