Exchange Messaging Outlook
Volume 8, Number 10

Greetings! Welcome to Vol. 8, No. 10, 3 Sep 2003, of Exchange Messaging Outlook, a biweekly newsletter about Microsoft Exchange and Microsoft Outlook.

• Measuring the cost of spam
• Hard spam costs
• Soft spam costs
• Can anti-spam tools stop productivity loss?
• The challenge/response anti-spam strategy
• Bring your Outlook questions!

Regular features:

• New utilities
• Updated utility
• Other resources

Measuring the cost of spam

In preparation for a talk I'm giving at the Exchange Connections conference in November in Orlando , I've been thinking a lot about the real cost of spam. For each virus outbreak, you seem to read that organizations lost so many billions of dollars. Makers of anti-spam tools toss around similar figures that they hope will convince you (and your management) that an anti-spam tool will pay for itself.

But where do those numbers come from? As you might expect, each analyst has their own methodology, sometimes even measuring totally different costs.

For example, you can consider the "hard" costs of spam -- such as the extra network bandwidth, storage, servers, and technical personnel needed to handle the portion of your mail volume due to spam. This is actual cash that your organization must spend to keep up with the spam onslaught.

Or you can try to estimate the "soft" costs -- what part of each workday is lost to time spent dealing with spam and how much that time might be worth. I've always been uncomfortable with estimates that say companies lose so many dollars because of viruses/spam/other threats (pick one or more). Rob Rosenberger, whose VMyths site is currently on hiatus while he's on military deployment, wrote about this kind of calculation a few years ago. In his article at http://vmyths.com/rant.cfm?id=155&page=4, he urged people to "do the math" and realize that such productivity "losses" are not necessarily real money that shows up on the corporate balance sheet.

Sure, go ahead and quantify it using the kind of measure I'll discuss in a moment. (And if that helps you buy a better anti-spam tool, so much the better.) But remember that productivity is a subjective concept, and keep the human costs in mind, not just the monetary figures.

If you're going to consider productivity lost to spam, interpret it in the context of your own organization. Do you hire extra people because the work can't get done with existing staff because they're too busy deleting spam messages? Would more get done in less time if people didn't have so much spam to deal with? Would the help desk be able to solve more problems if they didn't have so many spam reports to respond to? Would employees be able to concentrate on their work better if they didn't get distracted by the occasional "eye-popping" spam message? Would they be less frustrated in their jobs? These sorts of questions are very relevant when it comes to measuring productivity.

Hard spam costs

Let's start with the hard costs of spam, the actual cash you must spend to handle it. Last month, the Radicati Group (http://www.radicati.com) newsletter discussed the "IT Cost of Spam," using an estimation technique you can try in your own organization. The basic idea behind this method is that each mail server costs an average amount to operate, factoring in acquisition, upkeep, and all other costs. If you know how many servers you have, how much each server costs your organization, on average, and what percentage of your mail volume is spam, then you can figure how many of your servers are, in effect, "spam servers" -- needed mainly to keep up with the spam volume -- and can chalk up the cost of those servers to the cost of combating spam.

Radicati estimated the total purchase, deployment, and upkeep cost of an Exchange server to be nearly $97,000 per year. (About two-thirds of that cost, however, is due to "downtime," which includes both overtime for administrators to handle scheduled downtime outside normal business hours and, for unscheduled downtime that occurs during business hours, the salaries for an estimated 25% of users who are unproductive during the email outage. If that scenario doesn't fit your situation, you might want to reduce the estimated per-server cost accordingly.) Their research has shown the average company's mail stream is currently 24% spam. Therefore, if a company has 10,000 users and, on average, 21 servers, then only 16 of those servers are needed to process legitimate mail; the other five are "spam servers" at a cost amounting to nearly $490,000 or about $49 per user mailbox.

Radicati estimates that spam volume will increase to 50% by 2007, and that the same 10,000-person company would need 50 servers to serve the same 10,000 users. Half of them, however, would be chugging away at spam.

Another way to analyze the spam situation would be to perform similar calculations on an incremental basis. Based on your current costs, what would it take to add one or more new mail servers to keep up with increasing spam volume? Would you need to add a new fulltime administrator as well?

Soft spam costs

If the hard costs of spam aren't enough to convince your organization to beef up its anti-spam protection, you might throw in some soft costs, keeping in mind my earlier caveat that these are largely subjective figures.

Ferris Research (http://www.ferris.com) estimated last January that the productivity loss due to spam in the U.S. alone in 2002 was $3.6 billion out of a total spam cost of $8.9 billion. The productivity figure included both time spent determining if a message was spam and time spent reporting spam to the help desk. If you want to do your own calculations, Ferris provides an Excel spreadsheet you can download from http://www.ferris.com/url/spamcalculator.html.

A more recent survey of 76 companies by Nucleus Research (http://www.nucleusresearch.com/prspam.html) considered productivity, staff, and other costs to come up with a spam-cost figure of $874 per employee per year. In one press report on the study, Nucleus CEO Ian Campbell likened the productivity loss due to spam to having one employee out of 72 sleeping all day instead of working.

Can anti-spam tools stop productivity loss?

The Nucleus Research figure that really got my attention was that company-wide spam filters reduce the productivity loss by only 26 percent. How can this be, with many spam filters showing 90% and better filtering accuracy?

When I asked Nucleus analysts, they explained that spam leaking past enterprise filters still demands employee attention. As spam becomes more sophisticated -- for example, spoofing messages from Microsoft, PayPal, and other well known companies -- it takes more time to discern junk from legitimate mail. They also said that trust is an important factor: Do employees believe that the enterprise filter is classifying some legitimate mail as spam (i.e. yielding false positives)? If so, then employees may actually spend time reviewing messages that the company-wide spam filter has already handled.

Clearly, for an anti-spam solution to be successful both in improving productivity and in paying for itself, organizations should train employees in what to expect from the enterprise spam filter and how to recognize spam quickly and move on to more productive mail chores. Don't forget to include those training costs in your cost justification for the anti-spam solution.

The challenge/response anti-spam strategy

I have a couple of rather spam-prone email accounts whose addresses have also made it into the list of spoofed sender addresses that viruses like SoBig use. I got hundreds of copies of SoBig, then more copies of non-delivery reports from paranoid mail servers who thought I'd actually sent them a copy of SoBig. (When will the anti-virus vendors fix this?) Instead of deleting the accounts, I've been using them to test different anti-spam solutions.

Most recently I tried one of the challenge/response tools that filter mail on their own server. For my latest test, I used Mailblocks (http://www.mailblocks.com), but I have also tried USOpt (http://www.usopt.com). Their basic technique is to allow mail only from known senders into your Inbox. Mail from anyone else goes into a Pending folder, and Mailblocks responds with a message that asks the sender to go to a web site and answer a "challenge" question related to content on the web page. Since the response can't be automated, any mass mailing sender won't pass, and their message will eventually be deleted from the Pending folder. Humans can answer the question, have their message go through, and automatically be noted in Mailblocks' database as a legitimate person, both for my mail and for everyone else who uses Mailblocks.

After I set up my Mailblocks account, I redirected several existing accounts to deliver mail to my Mailblocks Inbox, which I can access by browser or IMAP. I seeded my Mailblocks contacts list by importing data from my Outlook Contacts folder. Up to a point, the system worked well; mail that I was expecting from people I knew got through fine. Spam, porn, viruses, and other junk stayed in the Pending folder (305 messages from the past 4 days). But so did the occasional message from someone I don't know.

The catch is that not every human is going to bother answering the challenge question. If I send someone a message and get such a challenge in return, I'm likely to just ignore and delete it -- maybe the message wasn't that important in the first place. That goes double if I was replying to someone else's message.

That's one of the real limitations of these challenge/response systems: While you can access your mail account and respond to messages in Outlook, doing so doesn't update the list of allowed senders stored on the server. To update the list of allowed senders, you must either add the recipient to the server address list manually or compose a message using the web interface for the mail account. Messages composed and sent with Outlook don't count. I found it awfully tedious to read a message in Outlook, then go to the web interface to respond to it.

I'd also like to see some very simple rules-based filtering included with Mailblocks. For example, I don't want to ever get attachments on some of my accounts.

Still, while this anti-spam technique might not work well for business accounts, it could have a place in your home arsenal. Some ISPs, such as Earthlink, are beginning to offer a challenge/response filter with their email accounts. If you have kids or other members of the family with a limited circle of correspondents, it might be a good solution for keeping the ugly stuff out of their Inbox.

Bring your Outlook questions!

Got a question about Outlook -- any version? Bring your Outlook questions to the Ask the Outlook MVP's Experts chat online on September 16, 1 p.m. Eastern time. I will be in the chat room, along with many of the other Outlook MVPs. We hope to see you there for a great chat! See http://www.microsoft.com/technet/itcommunity/chats/Default.asp for more information on this and other upcoming chats.

New Utilities

IVIEW CONFERENCE SCHEDULER
http://www.radvision.com/nbu/products/iview%20suite%20of%20applications/iview%20scheduler
Video conferencing (also voice and data) schedule system with optional Outlook integration module that uses Microsoft Exchange 2000 Conferencing Server.

OUTLOOKINSIDE
http://www.outlookinside.nl/OutlookInsideUS.htm
Contact management tool for Outlook 2000 or later, storing information in an Access database. Tracks correspondence and other items, and shares that data with everyone in the organization. Can associate any contact with any company. Performs merges to Word and keeps a record of the documents created. Maintains a group calendar collating appointments created by colleagues.

SEARCH AND RECOVER
http://www.iolo.com/sr/tool.cfm?tool=22#
Email and file recovery tool can restore data deleted from Outlook Personal Folders .pst files.

XC CONNECT
http://www.xcnetwork.com/workgroup_shared_calendar.jsp
Server-based Outlook collaboration solution for sharing calendar, contacts, and tasks folders, plus free/busy information. Outlook 98 or later.

Updated utility

ARCHIVE ONE CAPACITY
http://www.c2c.com/products/archive1/default.htm
Version 2.3 of this all-Exchange archiving tool adds integration with anti-virus tools, the ability to restore a message back to the mailbox, and support for distributed Exchange architectures.

DIRECTORY TRANSFORMATION MANAGER
http://imanami.com/products/dtm/
Version 2.1 of this tool for synchronizing Active Directory or the Exchange 5.5 GAL with external data sources now supports two-way synchronization with SQL Server and Excel.

GFI MAILSECURITY FOR EXCHANGE/SMTP
http://www.gfi.com/mailsecurity/index.html
Version 8 of this anti-virus and email content security tool uses heuristic analysis to quarantine any executable attachment that conducts "suspicious" activities, adds support for Exchange 2003 and Windows 2003, and improves the file decompression engine. Also includes the option of adding the Kaspersky anti-virus engine as a third or fourth scanner. An available freeware version includes one anti-virus scanner and performs basic keyword-based content analysis.

MS03-032 AUGUST 2003 CUMULATIVE PATCH FOR INTERNET EXPLORER
http://support.microsoft.com/?kbid=822925
Critical patch for all current versions of IE to remove vulnerabilities that could be used in malicious HTML-format mail messages.

POWER TOOLS FOR EXCHANGE
http://www.nemx.com/products/powertools/index_conceptmanager.asp
Version 4.1 of this multi-purpose Exchange content control tool supports a new anti-spam technique that uses natural language recognition and "fuzzy logic" to determine what a message means, rather than rate it on what spam-related words and phrases it contains.

SEPTEMBER 2003 EXCHANGE 2000 SERVER POST-SERVICE PACK 3 ROLLUP
http://support.microsoft.com/?kbid=824282
Public update to resolve a variety of issues.

SMARTDL
http://www.imanami.com/products/smartdl/
Version 3.1 of this tool for managing distribution lists adds the ability to copy and move groups between sites. Users can also create lists that reflect a specifric number of levels of managers.

WN MAILKEEPER
http://www.wickett.net/WNMailKeeper/
Version 2.4 of this personal archive tool includes various improvements to make archiving to individual Outlook message files more efficient.

Other resources

New code samples at http://www.outlookcode.com:

Sending a Fax to the Active Contact
http://www.outlookcode.com/codedetail.aspx?id=160

Simple NextBusinessDay() function
http://www.outlookcode.com/codedetail.aspx?id=153

Corrected Defining a Domain Property column
http://www.outlookcode.com/codedetail.aspx?id=152

More Information

• Click here to subscribe to the Exchange Messaging Outlook newsletter. 
• Exchange Messaging Outlook Newsletter back issues

ISSN 1523-7990
Copyright 1996-2006, Slipstick Systems and CDOLive LLC. All rights reserved.

Updated Jul 30 2006

Home | What's New | Exchange Server | Outlook | Utilities | Bookstore
About Slipstick | Feedback | Privacy Policy | Site Map | Archived Pages | Link to Us | Advertise