The cost of spam

Part two in a nine-part series on managing spam.

About the book

For many companies and individuals, spam is an annoyance and undesired expense. This series excerpt from Privacy: What Developers and IT Professionals Should Know offers advice on what we can do to fight spam, how we can protecting legitimate e-mail and develop e-mail-friendly solutions.

Author J.C. CANNON, privacy strategist at Microsoft's Corporate Privacy Group, specializes in implementing application technologies that maximize consumer control over privacy, and enable developers to create privacy-aware applications. Cannon organized Microsoft's Privacy Response Center, an automated resource for tracking privacy issues throughout Microsoft. He works closely with Microsoft product groups and external developers to help them build privacy into applications. He also contributed the chapter on privacy to Michael Howard's Writing Secure Code. Cannon has spent nearly twenty-five years in software development.

Sample Chapter is provided courtesy of Addison Wesley Professional.

The processing of spam has become a major issue for most companies and consumers. The time it takes to process spam is not only a distraction, it is also a source of lost productivity that is affecting bottom lines. According to a recent survey, the effort being applied to managing spam will cost companies $8.9 billion yearly, with $650 million being spent on antispam and content-filtering products alone in 2003. Even if you are simply reading the subject line and the sender's name of an e-mail, it takes time to determine whether an e-mail is a legitimate message to you. Often a cursory scan of the subject line is not enough, and you are forced to open some e-mails to determine their validity. This converts to lost man hours processing unsolicited and unwanted e-mail. There is also a cost associated with processing each e-mail where it enters a company or an Internet service provider (ISP). For example, if it takes four servers to process one million e-mails per hour and half of the e-mail being received is spam, then half of your equipment costs are basically going to process e-mails that rarely benefit anyone. You also have to consider the electrical power, maintenance, administration, and storage costs for the extra equipment you have to purchase just to keep up with the additional e-mail traffic that you have to process.

Consider some numbers: Nortel Networks indicates that 70 percent to 80 percent of the e-mail that they receive each day is spam, and the rate of spam doubles every 4 to 6 weeks. This costs them about $1,000 to $5,000 per day. Aristotle Inc., a small ISP in Little Rock, Arkansas, indicated that spam costs the company $5 per customer per year. The annual cost to pay for new technology and manpower to manage the spam problem comes to $112,000 a year just for that ISP.

A report by London-based security firm mi2G shows that spam caused more economic damage than hackers and viruses in October 2003. The report goes on to say that spam caused $10.4 billion in economic losses worldwide, whereas viruses and worms caused $8.4 billion in losses, and hackers $1 billion in losses. Not only have spammers been filling the inboxes of corporations, they have also started attacking operators of spam block lists, which are providers that assist companies with detecting unsolicited e-mail. Spammers are flooding servers of the block list operators with spam attacks, forcing them to shut down. This is leading to increased costs to acquire more bandwidth and protection, costs that will probably have to be passed along to customers.
Next section: Spam litigation

Index Page

This was last published in April 2005

Dig Deeper on Network Security Best Practices and Products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.