Exchange Messaging Outlook
|
|
|
Greetings! Welcome to Vol. 8, No. 10, 3 Sep 2003, of Exchange Messaging Outlook, a biweekly newsletter about Microsoft Exchange and Microsoft Outlook. Today's highlights:
Regular features:
In preparation for a talk I'm giving at the Exchange Connections conference in November in Orlando , I've been thinking a lot about the real cost of spam. For each virus outbreak, you seem to read that organizations lost so many billions of dollars. Makers of anti-spam tools toss around similar figures that they hope will convince you (and your management) that an anti-spam tool will pay for itself. But where do those numbers come from? As you might expect, each analyst has their own methodology, sometimes even measuring totally different costs. For example, you can consider the "hard" costs of spam -- such as the extra network bandwidth, storage, servers, and technical personnel needed to handle the portion of your mail volume due to spam. This is actual cash that your organization must spend to keep up with the spam onslaught. Or you can try to estimate the "soft" costs -- what part of each workday is lost to time spent dealing with spam and how much that time might be worth. I've always been uncomfortable with estimates that say companies lose so many dollars because of viruses/spam/other threats (pick one or more). Rob Rosenberger, whose VMyths site is currently on hiatus while he's on military deployment, wrote about this kind of calculation a few years ago. In his article at http://vmyths.com/rant.cfm?id=155&page=4, he urged people to "do the math" and realize that such productivity "losses" are not necessarily real money that shows up on the corporate balance sheet. Sure, go ahead and quantify it using the kind of measure I'll discuss in a moment. (And if that helps you buy a better anti-spam tool, so much the better.) But remember that productivity is a subjective concept, and keep the human costs in mind, not just the monetary figures. If you're going to consider productivity lost to spam, interpret it in the context of your own organization. Do you hire extra people because the work can't get done with existing staff because they're too busy deleting spam messages? Would more get done in less time if people didn't have so much spam to deal with? Would the help desk be able to solve more problems if they didn't have so many spam reports to respond to? Would employees be able to concentrate on their work better if they didn't get distracted by the occasional "eye-popping" spam message? Would they be less frustrated in their jobs? These sorts of questions are very relevant when it comes to measuring productivity. Hard spam costs Let's start with the hard costs of spam, the actual cash you must spend to handle it. Last month, the Radicati Group (http://www.radicati.com) newsletter discussed the "IT Cost of Spam," using an estimation technique you can try in your own organization. The basic idea behind this method is that each mail server costs an average amount to operate, factoring in acquisition, upkeep, and all other costs. If you know how many servers you have, how much each server costs your organization, on average, and what percentage of your mail volume is spam, then you can figure how many of your servers are, in effect, "spam servers" -- needed mainly to keep up with the spam volume -- and can chalk up the cost of those servers to the cost of combating spam. Radicati estimated the total purchase, deployment, and upkeep cost of an Exchange server to be nearly $97,000 per year. (About two-thirds of that cost, however, is due to "downtime," which includes both overtime for administrators to handle scheduled downtime outside normal business hours and, for unscheduled downtime that occurs during business hours, the salaries for an estimated 25% of users who are unproductive during the email outage. If that scenario doesn't fit your situation, you might want to reduce the estimated per-server cost accordingly.) Their research has shown the average company's mail stream is currently 24% spam. Therefore, if a company has 10,000 users and, on average, 21 servers, then only 16 of those servers are needed to process legitimate mail; the other five are "spam servers" at a cost amounting to nearly $490,000 or about $49 per user mailbox. Radicati estimates that spam volume will increase to 50% by 2007, and that the same 10,000-person company would need 50 servers to serve the same 10,000 users. Half of them, however, would be chugging away at spam. Another way to analyze the spam situation would be to perform similar calculations on an incremental basis. Based on your current costs, what would it take to add one or more new mail servers to keep up with increasing spam volume? Would you need to add a new fulltime administrator as well? Soft spam costs If the hard costs of spam aren't enough to convince your organization to beef up its anti-spam protection, you might throw in some soft costs, keeping in mind my earlier caveat that these are largely subjective figures. Ferris Research (http://www.ferris.com) estimated last January that the productivity loss due to spam in the U.S. alone in 2002 was $3.6 billion out of a total spam cost of $8.9 billion. The productivity figure included both time spent determining if a message was spam and time spent reporting spam to the help desk. If you want to do your own calculations, Ferris provides an Excel spreadsheet you can download from http://www.ferris.com/url/spamcalculator.html. A more recent survey of 76 companies by Nucleus Research (http://www.nucleusresearch.com/prspam.html) considered productivity, staff, and other costs to come up with a spam-cost figure of $874 per employee per year. In one press report on the study, Nucleus CEO Ian Campbell likened the productivity loss due to spam to having one employee out of 72 sleeping all day instead of working. Can anti-spam tools stop productivity loss? The Nucleus Research figure that really got my attention was that company-wide spam filters reduce the productivity loss by only 26 percent. How can this be, with many spam filters showing 90% and better filtering accuracy? When I asked Nucleus analysts, they explained that spam leaking past enterprise filters still demands employee attention. As spam becomes more sophisticated -- for example, spoofing messages from Microsoft, PayPal, and other well known companies -- it takes more time to discern junk from legitimate mail. They also said that trust is an important factor: Do employees believe that the enterprise filter is classifying some legitimate mail as spam (i.e. yielding false positives)? If so, then employees may actually spend time reviewing messages that the company-wide spam filter has already handled. Clearly, for an anti-spam solution to be successful both in improving productivity and in paying for itself, organizations should train employees in what to expect from the enterprise spam filter and how to recognize spam quickly and move on to more productive mail chores. Don't forget to include those training costs in your cost justification for the anti-spam solution. The challenge/response anti-spam strategy I have a couple of rather spam-prone email accounts whose addresses have also made it into the list of spoofed sender addresses that viruses like SoBig use. I got hundreds of copies of SoBig, then more copies of non-delivery reports from paranoid mail servers who thought I'd actually sent them a copy of SoBig. (When will the anti-virus vendors fix this?) Instead of deleting the accounts, I've been using them to test different anti-spam solutions. Most recently I tried one of the challenge/response tools that filter mail on their own server. For my latest test, I used Mailblocks (http://www.mailblocks.com), but I have also tried USOpt (http://www.usopt.com). Their basic technique is to allow mail only from known senders into your Inbox. Mail from anyone else goes into a Pending folder, and Mailblocks responds with a message that asks the sender to go to a web site and answer a "challenge" question related to content on the web page. Since the response can't be automated, any mass mailing sender won't pass, and their message will eventually be deleted from the Pending folder. Humans can answer the question, have their message go through, and automatically be noted in Mailblocks' database as a legitimate person, both for my mail and for everyone else who uses Mailblocks. After I set up my Mailblocks account, I redirected several existing accounts to deliver mail to my Mailblocks Inbox, which I can access by browser or IMAP. I seeded my Mailblocks contacts list by importing data from my Outlook Contacts folder. Up to a point, the system worked well; mail that I was expecting from people I knew got through fine. Spam, porn, viruses, and other junk stayed in the Pending folder (305 messages from the past 4 days). But so did the occasional message from someone I don't know. The catch is that not every human is going to bother answering the challenge question. If I send someone a message and get such a challenge in return, I'm likely to just ignore and delete it -- maybe the message wasn't that important in the first place. That goes double if I was replying to someone else's message. That's one of the real limitations of these challenge/response systems: While you can access your mail account and respond to messages in Outlook, doing so doesn't update the list of allowed senders stored on the server. To update the list of allowed senders, you must either add the recipient to the server address list manually or compose a message using the web interface for the mail account. Messages composed and sent with Outlook don't count. I found it awfully tedious to read a message in Outlook, then go to the web interface to respond to it. I'd also like to see some very simple rules-based filtering included with Mailblocks. For example, I don't want to ever get attachments on some of my accounts. Still, while this anti-spam technique might not work well for business accounts, it could have a place in your home arsenal. Some ISPs, such as Earthlink, are beginning to offer a challenge/response filter with their email accounts. If you have kids or other members of the family with a limited circle of correspondents, it might be a good solution for keeping the ugly stuff out of their Inbox. Bring your Outlook questions! Got a question about Outlook -- any version? Bring your Outlook questions to the Ask the Outlook MVP's Experts chat online on September 16, 1 p.m. Eastern time. I will be in the chat room, along with many of the other Outlook MVPs. We hope to see you there for a great chat! See http://www.microsoft.com/technet/itcommunity/chats/Default.asp for more information on this and other upcoming chats. |
|||
 |
|
||
New Utilities |
DESKTOP SIDEBAR http://www.desktopsidebar.com Information bar that docks to one side of the Windows screen, displaying Outlook Inbox, Calendar, Tasks, and Notes, plus weather, system performance data, headlines from RSS news feeds, and other useful information and tools. IVIEW CONFERENCE SCHEDULER OUTLOOKINSIDE SEARCH AND RECOVER XC CONNECT |
||
|
|
|||
Updated utility |
ALADDINS ENVELOPES AND LABELS http://www.software-solutions.co.nz/aladdins_el/alelabout.htm Version 6.0 of this tool for printing envelopes and labels from Outlook data offers a new interface, can suppress printing of the local country, and adds enhanced printer selection, support for more label manufacturers and label types, and unlimited images in labels. The Pro version adds support for Exchange public folders. ARCHIVE ONE CAPACITY DIRECTORY TRANSFORMATION MANAGER GFI MAILSECURITY FOR EXCHANGE/SMTP MS03-032 AUGUST 2003 CUMULATIVE PATCH FOR INTERNET EXPLORER
POWER TOOLS FOR EXCHANGE SEPTEMBER 2003 EXCHANGE 2000 SERVER POST-SERVICE PACK 3 ROLLUP
SMARTDL WN MAILKEEPER |
||
|
|
|||
Other resources |
SSL DIAGNOSTICS http://www.microsoft.com/downloads/details.aspx?FamilyID=cabea1d0-5a10-41bc-83d4-06c814265282&DisplayLang=en Free Microsoft tool for troubleshooting Secure Socket Layer problems with Internet Information Server -- certificate issues, missing ports, etc. -- that can prevent Outlook Web Access users from connecting. New code samples at http://www.outlookcode.com:
|
||
|
|
|||
More Information |
Click here to subscribe to the Exchange Messaging Outlook newsletter. Exchange Messaging Outlook Newsletter back issues ISSN 1523-7990 |
||
Updated Dec 14 2009
|
|||
|
Home
| What's New | Exchange
Server | Outlook | Utilities
| Bookstore Hosted by Intermedia.net
|
|||