Spam, named after the canned meat that has been the butt of many jokes, is the mass sending of unsolicited emails. It clutters email inboxes, makes it hard to find legitimate communications, eats bandwidth, consumes mass amounts of storage, and irritates the computer user. If the computer user makes a mistake and opens the wrong email or clicks on the wrong link, their computer can quickly become infected with a virus or spyware. Spam is considered so detrimental to normal communications that the Federal Trade Commission (FTC) has passed the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act aimed at preventing spam.
The numbers related to spam are staggering. To illustrate how large this problem is, take a look at the following numbers:
- Globally, unsolicited spam emails account for 14.5 billion messages each day. This represents 45% of the total email volume.
- The largest volume of spam originates in the United States, with Korea following close behind.
- The top three spam categories are advertising at 36%, adult-related material accounts at 31.7%, and financial material at 26.5% of all spam emails.
- Although spam is annoying, only 2.5% of all spam is fraudulent. Identity theft, or phishing, makes up the majority of fraudulent emails.
- Annually, it is estimated that spam costs the business world over $71 billion each year in processing time and lost productivity. That number is expected to grow to $257 billion per year if spam is allowed to continue at its current growth rate.
New Generation of Email Risks
Spam isn't just annoying, it brings many larger problems. Spam is one way that hackers can access your system. If they can convince an unsuspecting user to click on a link, they may be able to install malware on your system. Certain types of malware will provide the hacker with a backdoor into your network that they can use to access valuable information. Other types of malware will capture specific types of information and send it back to the hacker. Using these methods, your private company information or the private financial information of your customers can be easily compromised.
Another way that tricky spammers can impact your business operation is by impersonation. They will create emails that appear to be from your organization and send them to millions of email addresses hoping that someone will believe their masquerade. To take this fraudulent hoax a step further, they may even create a website that resembles the official landing page. In this way, they could trick your customers into revealing important financial information and compromise your reputation.
Your company's reputation could also be damaged if spam gets past your defenses and infects your system with a virus. The virus could use your email system to send out malicious spam to people in your address book which could also infect their systems. They will blame the original creator of the virus, but they will also blame you and your lax security procedures.
In addition to compromised reputations, other impacts represent real dollar amounts. Anti-spam technology costs businesses of all sizes a substantial amount of money in software and hardware solutions. The lost productivity experienced as employees deal with spam email translates into a major payroll expense. Wasted storage and bandwidth combined with increased internet connection costs run the spam bill up even more.
Impact on Small and Mid-Sized Business
Small and mid-sized businesses are often impacted more severely than larger businesses. They often lack the resources to implement counter-measures to detect and quarantine spam which leaves them open to risks. In addition to the loss of productivity caused by spam, the threats listed above are a larger threat to smaller businesses. Just like larger companies have the resources to fight spam, they also have a larger budget to recover from any damage done to their reputation by compromised personal information. In contrast, small to mid-sized businesses face the potential to lose a large portion of their customer base due to problems caused by spam.
As new security protocols are put into place to combat spam, creative spammers are working equally hard to find a new way around them. This trend of increasingly sophisticated security threats is causing electronic security professionals to rethink and bolster protective measures. While it is fairly easy for a human to determine if an email is spam, it's not as easy for a program to do the same. If a legitimate email is identified as spam based on a security program's inspection criteria, it is referred to as a false positive. While there is a certain amount of risk involved with missing important messages, most spam blockers rely on identifying spam by inspecting the contents of the email.
Additional methods are being developed. Some companies rely on DNS-based blacklists where a third-party service identifies spammers and maintains a list of sites that are known to send large amounts of spam. Another method quantifies the "alienness" of strings. It analyzes the incoming email and identifies it as spam if it has a substring that has a high degree of alienness when compared to the rest of the message. Security software developers continue to try to stay ahead of the spammers and hackers, and new detection methods can be expected in the future.