E-mail is a mission-critical application in most accounting firms.

Important business information is being transferred to and from clients, as well as among members of the firm. Spam is a growing problem in most firms, especially where e-mail addresses and domain names have been public for several years.

Even if names and addresses are relatively new, spam will continue to grow at a rapid rate due to the fact that it is inexpensive to acquire e-mail addresses. A Google search shows offers to “blast” thousands or even millions of e-mail addresses for less than 1 cent per message. Inexpensive tools are also available to the “do-it-yourself” bulk e-mailers.

While it is cheap for spammers to deliver messages, it is not so cheap for firms and organizations to deal with the messages. According to a quick calculation based upon certain reasonable assumptions, it costs a 25-person firm over $22,000 and each employee almost $900 in lost production dealing with unwanted spam on an annual basis. (See “The cost of spam,” on p. 25.) The loss becomes three to four times greater when you consider the lost revenue, assuming those hours could be billed to clients.

The cost of spam  
  Assumptions
Mail boxes 25
Spam messages per day 50
Time to deal with each message 5 seconds
Days per year 365*
Average cost per hour $35
 
Cost  
Cost to firm $22,179
Cost per employee $887
* Spam doesn’t stop on weekends and holidays. 

Federal and state governments are making it tougher for spammers by enacting anti-spam legislation; however, most of the spam originates from outside of the United States (especially China). It therefore is necessary for firms to develop defenses and protection systems against spam, viruses and content.
For the most part, larger firms with professional information technology skills on staff have alleviated, if not solved, the problem with a variety of anti-spam techniques. Smaller firms are generally faced with additional challenges due to the lack of internal IT skills. We have heard of smaller firms changing their domain name or changing e-mail addresses out of frustration. While such a move may reduce spam for a short period of time, it is not a solution to the problem given the fact that the spammers will rapidly gain addresses.The criteria for finding a solution in most firms is that it be reasonably priced and effective. Accountants generally mean “cheap” when they say reasonably priced — and yet some firms are so frustrated that they have started to raise their threshold on the cost of a solution. In selecting a solution, firms should consider the following:


  • Cost and return on investment: What is the initial and ongoing cost to maintain the system?
  • Integration: How will the product integrate with existing mail servers and firewalls?
  • Human resources: Who will manage the system and how much time will be required?
  • Ease of use: Will users have to change behaviors in order to implement “black” and “white” lists? How does the system handle “false positives”?
  • Effectiveness: What amount of spam is actually blocked?

Firms also need to be able to control the content that flows in and out of the firm as well as protect employees from offensive and lewd content. Protection of client data and confidential information is also of the utmost importance. Content can be controlled through black and white lists, as well as rule-based filtering.

Allies in the war
Appliances/URL
Barracuda Networks
www.barracudanetworks.com

IronPort Systems
www.ironport.com

Espion Interceptor
www.espionintl.com

Symantec Enterprise Gateway
http://enterprisesecurity.symantec.com

BorderWare Mxtreme
www.borderware.com

Proofpoint
www.proofpoint.com

CipherTrust IronMail
www.ciphertrust.com

MiraPoint
www.mirapoint.com


Hosted services/URL
MessageLabs
www.messagelabs.com

Postini
www.postini.com

Appriver
www.appriver.com

MX Logic
www.mxlogic.com

SpamStopsHere
www.spamstopshere.com

EndSpamEmail
www.endspamemail.com

Implementation of rules requires both time and skills, something most accountants don’t have or want to take the time to acquire. Therefore, IT personnel are left with the responsibility. Firms need well-defined policies and procedures describing the type of content that is not allowed to enter or leave the firm. E-mail administrators are faced with multiple responsibilities:

  • Selecting products to filter content.
  • Defining the rules and keeping them current.
  • Implementing the filters and ensuring compatibility with firewalls and antivirus scanning software.
  • Maintaining dictionaries for term-based filtering.
  • Monitoring quarantine mailboxes and training users to login to a Web site for “caught” messages.

If this is starting to sound complex and time-consuming, it is.Solutions that firms selected several months ago may no longer be effective due to advanced spamming techniques. Fighting spam is an ongoing battle and most firms are using one of two basic strategies:1. Utilize internal skills in implementing and maintaining effective spam management systems.
2. Outsource spam management to others who have the skills and volume to make sophisticated solutions cost effective.

Many of the outsourced solutions are through Internet service providers and can run as low as $10 to $20 per mailbox annually. In-house solutions start at a few hundred dollars for a 10-user license and range up to several thousand dollars. Some are software, while others are a combination of hardware and software. The effectiveness is directly impacted by the knowledge of the installer and ongoing maintenance. Those with the right skills can automate the management of the system through the writing of scripts and exception reporting.

Some hosted filtering services emphasize the “zero administration” feature by utilizing a three-level approach to spam filtering. They block or reject e-mails that are viruses or spam with 100 percent certainty; they tag and forward e-mails that are most probably spam; and they leave clean messages untouched.

Such services do not include white lists, black lists, notification, reporting, quarantining or other kinds of activities that require monitoring and upkeep. These services dramatically cut down on the amount of spam without the risk of false positives. We have a white paper available that explains how to set up such a system at your firm, or whom to contact for the hosted “zero administration” spam and virus filtering. Send an e-mail to whitepaper@boomer.com if you are interested.

Hosting your spam filter at the ISP or at another location can have a positive impact on your local bandwidth.

Listed in the accompanying box (“Allies in the war”) are some of the solutions available to both small and large firms. From our experience with Boomer Technology Circle member firms, they are using a variety of solutions. No one solution appears to dominate.

For server-side software listings, see http://spamlinks.openrbl.org/filter-server.htm.


L. Gary Boomer, CPA, is the president of Boomer Consulting, in Manhattan, Kan.

Register or login for access to this item and much more

All Accounting Today content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access