To determine the impact of spam and the potential benefits of antispam filtering solutions, NetIQ conducted independent research of large and small corporations worldwide, with over 750 respondents. The study asked IT executives and key business managers about the impact of spam on their organizations, the estimated costs and the current and future planned practices and solutions to help eliminate the issue. The survey indicated that almost 36% of all messages received are spam and that spam costs the average organization over $285 per employee per year in lost productivity and incremental IT costs.
According to the study, the impact of spam could be felt most in three areas of the business:
- Lost productivity -- The most damaging impact of spam is primarily to employees, with over 80% of the costs related to user lost productivity in having to recognize, manage and delete the unwanted e-mails. Studies indicate that the average user receive over 25 spam e-mails each day, and even though these e-mails take around 5 seconds to recognize and resolve, over all the users during a year these small productivity hits of 2 minutes per employee per day can add up. For remote users, or access of e-mail via voice-mail or wireless devices, the issue is compounded. The impact of spam results in an average 0.4% productivity loss per employee per year. For a typical 1000 user organization this results in over $250,000 in lost productivity per year.
- IT costs -- For IT, the cost of spam is in the consumption of resources to receive and store the spam and in the support of users in having to deal with the spam volume. Spam consumes an estimated 11% of total Internet bandwidth costs, consumes almost 500 GB of storage per year, generates over five help desk support calls per day for every 100 users and requires additional administration staff to help manage and address the inquiries. For a typical 1000-user organization, incremental IT costs are almost 20% of the total cost of spam, resulting in incremental spending of an estimated $38,000 per year.
- Legal and security risks -- E-mails laced with sexual content, discriminatory humor, viruses, worms and Trojans are becoming more common, and the risks of not proactively taking measures against these risks can be costly. If a legal issue arises, the fact that IT did nothing to help mitigate the risk of these e-mails can cost many people their jobs. The legal and security risks are difficult to quantify, but when one of these risks is realized, the costs to the organization can easily eclipse the more tangible IT and lost productivity costs.
- Educating users -- Various user practices can attract spam, and one of the best ways to prevent spam is by educating users not to register or visit suspect or questionable Web sites or to respond to spam e-mails. As well, organizations should take care not to publish e-mail addresses on any public Web sites as spam programs scrape these Web sites for e-mail addresses.
- Text analysis -- Administrators can configure anti-spam solutions to recognize words used by spammers and prevent these from being received.
- Header analysis -- E-mail headers often contain clues that the e-mail is a spam message, and these headers can be analyzed to block the spam message.
- Blacklists for e-mail hosts, domains and users -- Blocking of messages from known spam hosts, domains and users.
- Anti-spoofing -- Preventing spam e-mails from looking like legitimate correspondence, which fools the user into responding.
Common spam prevention solutions are currently blocking less than 40% of the issues, but newer generation solutions promise to effectively match IT expectations of 80% - 90% coverage with less than 1% false positives (blocking important e-mail messages that are not spam).
This was first published in December 2005