Stop spam from filtering through
As the volume of unsolicited email grows, filtering solutions must become more sophisticated to sort the wheat from the chaff
Spam, or unsolicited commercial email, derives its name from a famous Monty Python sketch involving a group of Vikings repeatedly chanting 'spam, spam, spam' in a cafe. That sketch is just about the only amusing thing about spam.
Selling solutions to overcome the menace of spam is no longer about creating awareness. Anyone with a PC knows about the problem. The real issue is convincing IT buyers not to go with cheap, counter-productive solutions.
One system integrator, which CRN contacted for a quote on this subject, contacted us too late because "your email got caught up in our spam filter".
Robert May, managing director of service provider Ramsac, says resellers will do themselves a massive disservice if, like that systems integrator, they adopt and sell inferior products.
"Cheap solutions block out useful emails too, because they are not intelligent enough. They can create more work than they save. IT staff can spend two hours each day reading all the incoming emails, deleting some and forwarding the genuine ones," says May.
Worse still, spam filter systems give a company's IT staff a power that management might not feel comfortable with.
"IT staff in some companies know everything. They get to read everything that passes through the mail server," says May.
In one company this was particularly unfortunate, as management had been emailed a detailed plan of how the company planned to review the IT staff, and decide which it would keep and which it would let go. Guess who got an early look at the plans.
May says IT buyers need convincing that the extra money they would pay for, say, a MessageLabs system is actually an investment that will bring them a good return. But is there a convincing case to be made for persuading end-users to invest more?
Widening the issue slightly, isn't it time the selling of anti-spam solutions was a little more sophisticated? In the course of researching this article, CRN was bombarded with 40 near-identical messages from different security vendors, many of them trotting out the same tired cliches about 'educating users' and 'adding value'.
Should we really be fighting spam with spam?
Simon Gawne, chief executive of Streamshield Networks, started the company because he thought he had an original approach to combating all malware, including spam.
"The problem the industry faces is that while the logical place to beat spam is in the internet, current generation technology is inefficient for the needs of the internet," he says.
Software technology that has evolved from desktops and corporate security systems isn't good enough. "It's like trying to run a water treatment plant with consumer water filters," Gawne says.
ISPs need industrial-strength systems, built from specialist silicon, such as Streamshield's. Resellers should concentrate on selling these big-ticket items, to ISPs, rather than 'water filters' to end-users, he argues.
One creative way of selling anti-spam solutions might be to stress the legal liability spam can expose companies to. Pornographic spam is on the increase, and IT managers are under pressure to stop it because recipients can take action against employers.
Employers can also take action against offending employees. Recently, 220 civil servants were disciplined, and 16 of them sacked, for having pornography on their work systems.
"This sets a precedent with clear implications for SMEs," says Nick Callaghan, managing director of ViaNetworks.
A cynic might argue that pornographic spam gives employers a weapon for culling staff cheaply. Why pay them redundancy when you can sack them on the pretext that they have been using porn?
But you don't need cynicism to sell anti-spamming systems or services, says Matt Piercy, UK manager for F-Secure. The fear of viruses is creating big enough waves. "Spammers were behind three of the five biggest virus outbreaks of the past year," says Piercy.
The MyDoom worm caused $4.5bn in damages, while Sobig cost businesses $2.75bn and Netsky $2.5bn. In effect, that is nearly $10bn worth of marketing for the anti-spam security reseller.
Worse is to follow, you could remind your clients. Spamming engines are going to make the threat much more expensive. "Viruses can seed millions of PCs with spamming engines," says Piercy.
"The going rate for a spamming network of 20,000 PCs is $2,000. A zombie PC network is a sought-after commodity in the spamming game."
Vendors, resellers and ISPs all have a role to play in helping to keep end-users' inboxes spam free, says Matt Sergeant, senior anti-spam technologist at managed email security services provider MessageLabs.
"Spam is inherently a technology problem, so the solution must be technology-led. But as the threat evolves, so must the solution. First-generation, software-based approaches are failing to protect companies because they are too reactive," he says.
Businesses want to manage spam at the perimeter, and they want service providers to do this for them. Resellers will soon make money only by reselling someone else's service.
Don't panic, though; the margins on selling a managed anti-spam service are good, according to business ISP altoHiway. Resellers sell altoHiway's anti spam service in bundles of 10 user licenses, but billing to the reseller is on an individual account basis.
Managed services are the only game in town now, according to altoHiway, especially while businesses need tailored anti-spam processes. The company sells its MailController spam and email management services through channel partners, and has created reseller portals for delivery of the service.
The firm hopes the portals will allow resellers to provide anti-spam and virus management on a subscription basis to their customers.
"Resellers don't expect to make much out of ISP services," says Chris Wood, sales and marketing director at altoHiway. "But with us they can make up to 30 per cent on new business and even renewals."
Rising concerns about false positives could also help resellers of MailController, according to Wood. "MailController uses six tests using different filtering technologies, so an email has to fail several tests before it is rejected as spam. But it still has a 94 per cent success rate at stopping spam," he claims.
Spam looks like it will always be with us. In a recent development, it is being used as an avenue for a wide array of financial scams.
New techniques like these highlight the importance of having a technology in place that can identify the source of email messages and check out their reputation before users part with their personal details.
Is there are an alternative to spending valuable time either deleting unwanted emails, or chasing emails which have been mistakenly filtered out or shunted into a junk folder?
There is, and it offers higher margins than simply selling software or someone else's managed service. Monica Seeley sells her services as an 'IT fitness coach' to some high-profile names in corporate UK, including Balfour Beatty, Toshiba, Rolls Royce and BT.
It is all very well selling firewalls, anti-virus software and anti-spam products. But viruses and spam are massively over-hyped, argues Seeley, and they leave the end-user with one more system they have to manage.
User education is far more effective, Seeley claims. Her company, the Mesmo Consultancy, offers an inbox audit, which helps users adopt practices that leave them much less open to abuse. The end result is a seminar that is profitable for both parties.
"The average user has far too much email, and no idea what kind of exposure they are open to or what action they could take," says Seeley.
The answer is not to promote a total clampdown on email. That is proving counterproductive. Customers need to be taught that they don't want to chuck the baby out with the bathwater.
Seeley charges corporations for sessions with their end-users on topics such as 'saving time at the inbox'. Resellers could do the same with corporate clients.
Since VARs are selling a service, in the form of your hard-won expertise, and not a vendor's software or hardware, it is all pure profit, instead of the narrow mark-up to win business from all the other resellers out there.
But how do you get anyone interested in email? It would be difficult to persuade anyone to give up a day to be lectured on the perils of spam, let alone someone who can have traded a few million dollars in the same amount of time.
"For really busy people, a one-hour breakfast workshop is proving really popular. Most executives are keen on anything that helps them do their job better, and email is a business tool which has been blunted by spam," says Seeley.
These one-hour workshops aren't just handy exercises in sharpening business tools. On top of the fact that VARs cabn charge for them, these sessions can also turn out to be great advertisements for resellers' other services too.
"Once they like you for having conducted a good workshop and answered all their questions, who do you think they will turn to when they do want to buy equipment?" asks Seeley.
IT analysts seem to agree with this approach. A report by the Butler Group, called Email Management, says: "Email management must not be treated as a technology problem. Organisations must examine the business reasons behind the problem and investigate the business implications of any proposed solution."
Ultimately, spam should be treated as a global rather than a local problem, according to Jamie Cowper, channel manager for security appliance vendor Mirapoint.
This realisation has spurred a rise in collective industry actions. Linx refuses to host known spammers, and Microsoft and Amazon.com joined forces to sue phishing scammers. This demonstrates the sort of global teamwork required to address the problem on multiple fronts.
Perhaps a three-pronged approach, involving ISPs, courts and vendors, may be the answer. Meanwhile powerful spam fighting tools are still going to be needed for the foreseeable future. Filtering and analytics are more important functions than spam-blocking technology.
What is needed is a revolutionary new approach. Any ideas, anyone?
CONTACTS
altoHiway (01635) 573300
www.altohiway.com
F-Secure (0845) 890 3300
www.f-secure.com
Mesmo Consultancy (020) 8455 1462
www.mesmo.co.uk
MessageLabs (01452) 627627
www.messagelabs.com
Mirapoint (020) 7357 7799
www.mirapoint.com
Ramsac (0870) 756 9001
www.ramsac.com
VIA Networks (0845) 330 8000
www.vianetworks.co.uk