Spam--it's worse than ever

Anyone with an e-mail account has doubtless received sundry similar pitches. Ranging from the simply annoying to the truly bizarre, spam was bad enough a year ago; it's that much worse today.

Maybe it's the bum economy and certain wastrels have too much time on their hands, or perhaps there's something odd in the water supply. Whatever the explanation, so much spam is flooding the electronic gateways of corporations that CIOs face an escalating epidemic.

With daily e-mail traffic soon expected to reach the 10 billion message level, the U.S. Federal Trade Commission has finally roused itself and announced its intention to step into the fray. But the government's activism is not only belated, it's entirely beside the point: Many of the operators responsible for generating junk mail live overseas, putting them well beyond Uncle Sam's jurisdiction.

So much for winning the war on spam.

Spam entered the lexicon as a cyberadjective in April 1994. That's when a couple of Arizona immigration lawyers cross-posted thousands of copies of an advertisement for their services on Usenet news forums. The resulting disk overflows and network downtime may have earned them the undying hatred of thousands of cybernauts, but it also inspired copycats to give it a whirl.

At first, it was a mild nuisance. But as the business world got wired, spammers trained their gun sights on the enterprise. It's been a running battle of wits between the two sides ever since.

"It's a huge headache for us, a really tough one," one deluged system administrator told me. Because of the volume of mail it receives daily, this particular company now resorts to mass blocking of e-mails.

"We really have to weigh everything," he added. "We didn't want to get into the business of blocking e-mail, but we were forced to."

Sound desperate? Consider this one: In a recent article, Computerworld reported how one company simply decided it would no longer provide employees' e-mail addresses to anyone other than business associates. This may be on the extreme side, but it indicates just how high a price some IT managers are willing to pay to protect their operations from spammers.

Security and the ability to control what goes in and out of the network is a complex issue that's also chockablock with hidden costs. A lot of perfectly harmless incoming e-mail inadvertently gets knocked out with the bad because of defensive measures such as block lists or filters. Some get tagged because they include attachments, while others get held up because of suspicious origins.

Along the way, you, the poor shlub at the computer terminal, wind up getting shafted from both sides. When important e-mails fail to arrive because of cyberprofiling, that's a cost to you and your business. Then there is the concomitant cost in lost productivity associated with having to weed through so much junk mail every day. I waste a part of every hour at work deleting dozens of nonsensical messages that land in my in-box. Multiply my experience by the millions of other office workers in the same boat and you're talking about serious deletion time!

Accustomed as we are to snap resolutions of thorny problems, this blunderbuss approach may sound promising, but it's an especially unsatisfying resolution. With spammers getting more savvy, it's only a matter of time before they find work-arounds. In the meantime, CIOs don't appear to have much else in their arsenal. It's clear they can't slam doors and lock them shut, because businesses depend on their employees getting out of their networks and on others getting in.

"Ten years ago, 95 percent of the center of corporate gravity was inside the company," estimated James Hall, the managing partner of Accenture's technology business. "Nowadays, it's 60 percent outside and 40 percent inside. That means the whole issue of security is hugely more subtle and complicated."

CIOs are struggling just to keep up with the spammers, but I doubt they'll be able to keep pace. It's just like when someone wants badly enough to break into your house. You can put in alarms and gates, but the bad guys will always find counter-arrangements to neutralize what you've put in to keep them out.

Besides, technology can't entirely cover up for dumb users. Security is still a low priority for most folks. How much of this corporate spam do you think occurs because people give away their e-mail willy-nilly? Probably a lot.

Ultimately, the solution will depend upon a combination of collective user discipline and the continuing focus of IT in building new layers of sophistication. In the short term, spam just might be the challenge that peer-to-peer technology has been looking to answer for all this time. A collaborative model, such as the one offered by Ray Ozzie's Groove, lets people on different systems in far-flung areas work on the same projects.

More about that in a future column.