Hammer the spammer
Unsolicited email is both a nuisance and a danger, and customers are crying out for a solution.
Something is rotten in the state of spam. Unsolicited email is rife and threatening to not just embarrass businesses but actually block up email servers and cause network downtime.
It's triggering knee-jerk reactions in the US, with an abundance of companies popping up with anti-spam products.
Meanwhile, Hormel Foods, maker of the luncheon meat, is up in arms over the use of its tin in adverts.
The issue has got so big that the All Party Internet Group at the House of Commons has taken notice.
Derek Wyatt MP has set up an anti-spam website for consumers, www.endspam.org.uk, and was part of the Group's Spam Summit in early July, where the Group outlined its plans to put pressure on legislators.
Whether legislation is the answer is debatable, but there's no escaping spam at the moment and the problem is snowballing.
Research firm Radicati Group claims dealing with spam will cost companies £12.4bn this year, a figure set to rocket to £124bn by 2007.
Radicati's report, Anti-Spam Market Trends, 2003-2007, also claims revenues for anti-spam vendors and outsourcers will reach £409m this year, growing to £1.5bn by 2007.
So where does this leave resellers?
According to industry pundits the reseller should be a key player, not by selling anti-spam software packages but by integrating anti-spam features into security offerings.
The trouble is that there does not seem to be a definitive solution to the problem. Business users feel spam filtering software has been insufficient because of the problem of false positives; some software has blocked legitimate email too.
"There's no silver bullet," says Sean Remnant, technical manager at distributor equIP.
Remnant attended the Spam Summit and, while acknowledging the role politicians can play in raising awareness, he is sceptical about legislation.
"The law may act as a deterrent but the only way spam will be stopped is through technology," he says.
Remnant's view is shared by many in the growing anti-spam software industry.But as a distributor he has a slightly more objective view of anti-spam products.
He has spent a number of months evaluating products for distribution and has come to the conclusion that the best of the bunch offer multiple detection methods.
EquIP struck a deal with antivirus specialist Trend Micro, claiming the firm's approach to educating and supporting resellers was key. Of course, the product had to be able to do the business as well.
Trend offers a spam prevention service and module that integrates with its other security products, all of which can be managed centrally by the reseller.
Remnant believes this is where VARs can make their mark. Businesses need flexibility in their security, especially with spam, and resellers can help configure solutions to meet the needs of specific businesses, something internet service providers (ISPs) would not be in a position to do.
This configuration could also, to a certain extent at least, deal with the problem of false positives."It's not really an ISP thing. ISPs don't have a granular enough approach to customise content for individual companies," Remnant says.
"The biggest objection you get is the problem with false positives. Using an anti-spam filter may also stop legitimate email.
"The only way around it is to keep improving detection methods and for products to offer a degree of flexibility to the user. This is where resellers could offer configuration services."
EquIP and Trend will be saying as much at their joint Transfer of Information days, set up to help educate resellers on the latest market developments.
The latest one was about dealing with spam. It was a timely indication of the need to address this issue now and get resellers on board.
Both companies are keen to address VARs and give them the ammunition for dealing with the problem and overcoming objections. Many people still believe it's an ISP problem, and question the extra expense needed to deal with spam.
Should ISPs share the blame?
In fact, ISPs have come in for a bit of stick for not sorting out spam earlier. Hotmail is a great example of this. For businesses, however, ISPs have taken steps to limit the damage of security threats by installing measures to combat email abuse.
Most have antivirus scanners and some have limits on email sizes, number of attachments and number of recipients.
However, much of this is low-level and easily bypassed by the spammers, as has been proved by the statistics.
"In my view, ISPs should take more responsibility for dealing with the problem. But to reduce the issues as effectively as possible, there needs to be a multi-pronged approach with companies also taking steps to prevent spam," says David Ellis, director of e-security at distributor Unipalm.
"Products will not provide total protection but anything that minimises the impact on an organisation has to be a good thing. As well as installing products, organisations can do things such as not publish email addresses on their websites.
"White papers on this are available at www.mimesweeper.com/info/whitepapers.asp.
"As the problem is so widespread now, spam protection solutions could be a viable revenue stream for specialist resellers, but most are more successful when they focus on complete content-checking solutions for web and email."
In other words, it has to be a combined effort, and resellers have a role to play. One potential weapon is the idea of charging for emails via a sort of postage stamp method.
At the Spam Summit, MPs were referring to the idea as a tax on email and completely unworkable. Most vendors and distributors agree with this.
For the genuine email marketers, the growth of spam is of great concern. The potential knock-on effects of a blanket policy on cold calling emails could put them out of business, as could charging for emails. It's a tricky one to legislate.
Most vendors and distributors believe reseller partners have a major role to play in this area because shrink-wrapped software is not the answer.
For consumers it may be, but for businesses there is a need for individuality.
Unwanted words picked up by content filters, for example, would vary depending on the type of business. A health-related business might allow the names of body parts, whereas a finance house might not.
It is this level of detail that the reseller can provide for its customers but which is not achieved through off-the-shelf or direct-mail software.
Using a combination of products and services there could be a decent living to be made here, while being heralded as the knight in shining armour by customers.
Many vendors are linking up to provide a total security offering and it is a matter of working with customers and distributors to determine which fits best.
But the reality is that there is a demand on the desktop and on the network, and spam is now starting to threaten mobile devices as well.
There is a chance for the mobile industry to nip the problem in the bud and there are products already out there, such as Sicap's Intelligent Short Message Service Centre (iSMSC).
"I predict that content filtering will become just as much of an issue in the mobile internet access sector as it already is in the current corporate and domestic sectors," says Nick Outteridge, a representative of SurfControl.
"A recent report from IT research company Visiongain forecast that profits from pornographic material transmitted to mobile phones and devices will reach $4bn annually by 2006, and yet there is nothing in place from operators at present to secure or filter the threats that lie in mobile internet access.
"As we have already seen in the desktop PC world, content-related security issues are the largest that face home and corporate users alike, and with 3G phones this threat will undoubtedly extend to mobiles, with the breadth of interactive service they offer."
Spam is not going to go away and will have an effect on everyone's lives, at home and at work. For businesses, it is more than just annoying; it is a threat to productivity, to network security and to network stability.
Resellers should be well positioned to advise their customers on how to deal with this issue, and for once, there is no shortage of support from an industry that sees fighting this nuisance as its next big cash cow.
The problem
Unsolicited commercial email (UCE), or to give it its slang name, spam, will account for 45 per cent of all emails sent this year, according to the Radicati Group. IDC says spam will surpass a trillion messages this year. The statistics are damning.
Anti-spam company Brightmail claims pornographic spam has increased by 380 per cent since November 2001.
Meanwhile, Microsoft blocks about 2.4 billion junk emails a day, and the firm has set up a research group to develop anti-spam tools. BT Openworld also estimates that, of the 25 million emails that it monitors, 41 per cent are spam.
The problem has grown beyond expectations. Last year Gartner claimed that this year 34 per cent of all messages handled by companies would relate to UCE, and the Meta Group put the figure at between 25 and 10 per cent.
The problem for businesses is not just that staff spend their time deleting or in some cases opening junk emails, it's also the fact that many of these emails contain viruses. The sheer quantity of spam is also driving some email servers to their knees.
"Denial of service is a growing problem, especially in the US, where spam is much more rife than over here," says Phil Watts, channel and retail sales director at Trend Micro.
NetIQ claims half of spam-related problems are denial of services on networks and that, in terms of productivity, half of the problem also accounts for the time associated with the review and deletion of spam email.
Security companies are not immune and Symantec has a constant fight on its hands to tackle spam. Symantec's channel director, Phil Robins, says there are a number of bogus emails flying around trying to sell Symantec products; it is nothing to do with the company.
"Symantec currently receives about 400 submissions of spam messages per day," says Robins. "We investigate each incident and, where necessary, take legal action to stop the spam operators.
"Unfortunately this can sometimes be a long process, so an immediate conclusion cannot be reached. However, we take the issue very seriously and will work tirelessly to crack down on unscrupulous operators."
The opportunity
Selling shrink-wrapped software has its pluses but they are short-term. Resellers should be looking for an on-going revenue stream, and there is plenty to offer in anti-spam that fits the bill.
"The model of a customer paying an annual subscription fee to filter their spam is a good one," says Steve Masters, director of anti-spam specialist Mailkey.
"It's like paying BT to screen your incoming calls, or Royal Mail for a PO box. People pay for the peace of mind. If resellers latch onto this revenue stream and promote it effectively, there will be a steady revenue stream from customers."
Jamie Cowper, channel manager EMEA at Mirapoint, claims there is no logical reason why the gateway should be managed on a company's premises.
"The reseller could provide a remote managed service for the customer, blocking and monitoring spam, providing regular reports on origins, numbers and types of spam emails and so on," he says.
Phil Watts, channel and retail sales director at Trend Micro, says: "Resellers should be talking about anti-spam as part of a security solution.
"There is an opportunity for resellers to lead into a sale with customers on the back of spam and sell on other security products. They could also offer a managed anti-spam service, either remotely or in-house."
You get the picture. Many people have likened selling anti-spam products and services to selling antivirus and virtual private network solutions.
The reseller is well-positioned to offer the specific managed services that businesses are demanding and more firms are looking for resellers to take up the challenge.
US vendor CipherTrust is the latest in a line looking for UK partners for its IronMail anti-spam/email security appliance.
In short, there appears to be a major opportunity here for resellers. There is market demand and a crateful of vendors looking for keen resellers to supply it.
Key features of an anti-spam system
While US venture capitalists have started pouring money into anti-spam software start-ups, the fear is that the market will be flooded with bandwagon products that are there for a quick buck and do not really address the long-term problem.
So what should resellers be looking for? What are the key features of an anti-spam program?
Most companies recognise the need for a cocktail of anti-spam measures. Email server software provider Rockliffe has just launched an anti-spam product and, like many of its competitors, it has opted to include a mix of filters to hopefully cover all eventualities.
"Let's not forget spammers are resourceful and will find ways of bypassing certain filters," says Alan Davies, vice-president EMEA at Rockliffe.
"Anti-spam products need to incorporate the following: heuristic analysis, pattern matching, spam definitions, sieve filters, white lists and black lists."
Jamie Cowper, channel manager EMEA at Mirapoint agrees. The problem calls for "a combination of heuristic rules-based scanning, white and black lists, content filtering, and other key security features such as SMTP-based authentication", he says.
The list goes on but it is vital that an anti-spam product has this type of mix. There is no silver bullet, so a range of solutions is all the more important.
Contacts:
Brightmail (00 31) 33 45 46 650
www.brightmail.com
BT Openworld (0845) 600 720
www.btopenworld.com
equIP (01256) 365 500
www.equiptechnology.com
Mailkey
www.mailkey.com
Mirapoint (01442) 416 535
www.mirapoint.com
Radicati (020) 7794 4298
www.radicati.com
Rockliffe (0113) 383 0125
www.rockliffe.com
Sophos (01235) 559 933
www.sophos.co.uk
SurfControl (01260) 296 180
www.surfcontrol.co.uk
Symantec (01628) 592393
www.symantec.co.uk
Trend Micro (01628) 400 500
uk.trendmicro-europe.com
Unipalm (01638) 569 600
www.unipalm.co.uk