Going Green: How Environmentally Friendly is your Company’s Anti-Spam Solution?

I originally posted the following at CIO.com (http://tiny.cc/Pvz1g)

Last week McAfee, in conjunction with ICF International, published The Carbon Footprint of E-mail Spam Report, a report that details the “carbon footprint” of sending, receiving, and viewing spam. A novel new concept – the environmental impact of spam?

One of the most significant findings of the report was that nearly 80% of the energy consumed by spam comes “from end-users deleting spam and searching for legitimate e-mail (false positives).” The act of sending a spam message, consumes less than 1% of the GHG emissions associated with any given spam message – and the real “damage” so to speak is done once the spam message hits a user’s inbox (27% of GHG emissions are a result of false positives and 52% of emissions are a result of viewing spam).

I have to beg the question here, if the “damage” being caused is more or less in our hands (i.e. once the spam message reaches our inbox), is there such a thing as a “green” anti-spam solution we can implement to address the problem? Logic would say yes – anti-spam solutions that are able to eliminate false positives, and minimize the amount of spam end-users receive and view, are by course of reason and logic “green” solutions.

Here, lets explore the three criteria organizations can use to determine how “green” their anti-spam solution is: number of false-positives, spam messages viewed, and methodology used to stop spam.

False Positives
Twenty-seven percent of GHG emissions resulting from a typical spam message are the result of false positives. Anti-spam solutions that may block a high percentage of spam (98 or even 99%), but result in a high number of false positives, are usually more trouble than they are worth. While your end-users may not have spam in their inbox, the time spent searching for legitimate messages in a junk folder is costly in terms of lost productivity and environmental impact.

False positives are typically a problem that is inherently associated with filter-based anti-spam solutions – solutions that are built to avoid false-positives, and don’t rely on a “spam-filter” to scan the content of a message are more effective in addressing this “environmental” concern and time eater.

Spam Viewed
A staggering fifty-two percent of GHG emissions resulting from any given spam message are a result of viewing that piece of spam. This piece of criteria couldn’t be any simpler: the higher the spam stop-rate (i.e. 95, 96, 97 %) of your solution, the more environmental friendly it is. If your solution doesn’t allow spam messages to reach end-user’s inboxes, then your users aren’t spending time viewing or deleting these messages, and ultimately the GHG emissions associated with any one of these messages is eliminated.

Or, even better, select a solution that won’t allow spam through, period. Here, I’m sure to hear a resounding… “easier said than done!” However this point comes back to the methodology behind your solution and how it addresses the problem of spam.

Let’s discuss…

Solution Methodology
Sixteen percent of GHG emissions associated with a spam message can be traced back to the spam filter that worked to stop that spam message. Needless to say, without any anti-spam filter in place, emissions would increase dramatically in other areas (such as spam viewing), and any solution is better than none. However, some are better than others, and today organizations have a plethora of choices when it comes to selecting an anti-spam solution – and no longer need to rely on filter-based solutions to solve their spam problem.

Increasingly, organizations are moving away from “filter-based” solutions, to solutions that focus on the trustworthiness of the sender, not the content of the message. Although spam filters have gotten “better,” they still create an arms race – spammers are continually looking for new and innovative techniques to break or circumvent the filters and filtering companies are continually creating updates to combat these new attacks. This ping pong effect results in more spam, more management, and a problem that isn’t solved.

Sendio (for the enterprise), Earthlink, Spam Arrest, and Boxbe (for individuals) are all companies that have rolled out solutions that adopt an “Opt-in Model” to stop spam. Similar to many popular social networking sites, (such as Facebook and LinkedIn) these solutions utilize something similar to the “friend request,” allowing users to build their own network of trusted contacts instead of relying on a filter to determine what is and isn’t spam. By adopting an approach that puts users in control, organizations can truly address their spam problem – and totally eliminate false positives as well as spam viewed. To eliminate the time and carbon emissions associated with these two components eliminates nearly 80% of the carbon emissions associated with spam!

Ultimately, how environmentally friendly your anti-spam solution is, is directly correlated to how effective that solution is – and implementing anti-spam solutions that are highly effective, will be both good for business and for the environment.

Follow me on twitter: http://twitter.com/sendio & http://twitter.com/talgolan

Phishing, with a side of Swine Flu

I just read the following on the MSNBC web site:

Phishing with Swine Flu as bait

Phishers and spammers have caught Swine Flu fever and are exploiting fears around the outbreak to try to sell pharmaceutical products or steal information, security experts said Tuesday.

The e-mail scams have a subject line related to the Swine Flu and typically contain either a link to a phishing Web site or an attachment that contains malicious code, the US-CERT said in an advisory. (Read More…)

Stuff like this reminds me how evil some people can be, and how ubiquitous email has become. Let’s be clear, these types of attacks always happen through email. Not through websites. Not through your fax machine. Not via instant messaging (IM), or SMS. These attacks don’t reach you via your cell phone, and these attacks don’t arrive via FedEx or UPS. Its ALWAYS via email.

For the last decade companies like Microsoft, Cisco, Symantec, Google, McAfee, Trend Micro, Sonic Wall, Barracuda Networks, etc. have made (and spent) billions of dollars trying to convince us they know what they are doing when it comes to the security of our email. How much longer, and how many more exploits like this one, is it going to take before people realize that email, the original social networking application, deserves to be secured the same way Facebook, Twitter, LinkedIn, AIM, and Plaxo are secured?

Isn’t it time, once and for all, for authenticated email to take the main stage? What is everyone so afraid of? Threat free email is available, today, and is currently in use by millions of people and thousands of companies around the world.

It is time to stop the insanity. Continuing to do what you’ve always done (filtering your email) will always yield the mediocre results you are seeing today.

Why the cloud is a great place for enterprise email

Why the cloud is a great place for enterprise email.

  • E-mail is required to be on-line 24 x 7 x 365 with “5 9s” reliability. Using cloud computing resources can give even small businesses the opportunity to provide email reliability that used to only be available to the largest enterprises. Medium to large enterprises can benefit by “off-loading” the responsibility of up-time to the cloud provider.
  • Security. E-mail is perhaps the single most targeted vector for enterprise security attacks. Through judicious use of cloud computing, e-mail can be kept completely private while being kept at a distance.
  • Bandwidth/resource conservation. Cloud computing allows enterprises of all sizes to keep e-mail threats away from their primary bandwidth sources. In addition, the computing resources required to protect the e-mail stream can be re-purposed for other activities.