Aficionados of frightening statistics may take pleasure in reports about the relative proportions of spam to valid e-mail -- it's as much as 71% of total message traffic -- according to recent estimates. For Windows IT managers, these numbers represent a depressing fact of life about the number of staff hours it takes each day to deal with spam systematically.
Sure, there are dozens of spam-fighting solutions available. The bigger issue is how to equip your staff with the knowledge to effectively use these tools since defending against spam is not something for which prepackaged courses or curriculums currently exist. Without a readily available source of general training or related certification, companies that want to take a strategic and proactive approach to the problem must make a commitment to antispam staff development.
I recently spoke with Sara Radicati, president and CEO of messaging market research firm The Radicati Group about the current state of antispam education for e-mail administrators. What follows is a recap of her recommendations for developing a well-trained, well-informed and successful cadre of enterprise messaging professionals.
- Designate specific administrators or technical staff to deal with spam, even if it's only part of their larger overall set of responsibilities. The composition of this antispam team should include individuals who are familiar with messaging hardware (routers, gateways, ISP routers) as well as spam-handling software tools, technologies and services.
- Formulate a daily response plan for handling spam. The grim reality is that more than half of all regular messages are unwanted, and as much of this unwanted traffic as possible must be filtered or blocked before it fills server stores and users' inboxes.
- Know when you are under siege. This means using traditional tools such as network traffic and utilization monitors, as well as reporting tools from messaging servers to characterize message traffic. They will help your staff establish a baseline for what's normal on your networks, message-wise. Then when spikes or attacks occur, they'll be able to spot them and respond to them quickly.
- Develop a multilayered approach. Since no single solution can catch all unwanted e-mail, you'll want a solution that involves two to three layers of protection to undermine weaknesses or omissions. First, route spam through a screening service before it ever hits your own mail servers. Then use one or two packages on your servers to further scrub out unwanted traffic. A third layer could involve a set of junk mail filters or client-based message screening tools at users' inboxes.
- Limit exposure to lost or curtailed e-mail due to denial of e-mail service or restricted access to e-mail servers or forwarding services. Create a list of backup e-mail addresses, alternate e-mail routes and plans for when and how to turn off or re-establish e-mail service under extreme conditions or when conditions change.
- Anticipate problems. Insist that your antispam team spend time each day learning about potential threats, attacks and other sources of unwanted e-mail from news and information on the Web, in trade press articles and other outlets, including vendors. Make sure the staff is prepared to act on such warnings when it's necessary.
- Use your vendors wisely. The dearth of institutional antispam training and curriculum doesn't make it impossible to get up to speed on the latest in spam-fighting techniques. Vendors are a good source of information on general spam trends and -- more importantly -- how to get the most out of the specific tools and solutions they've sold you.
A good working knowledge of local messaging traffic and tools works hand in hand with well-formulated response plans to deal with problems as they occur. Though there may not be a one-stop training outlet for those who manage spam, good staff management, planning and training will see organizations through daily escapades with this form of bedevilment.