Problem solve Get help with specific problems with your technologies, process and projects.

Understanding and preventing spam

The following excerpt is from Chapter 3 of the free e-book The Definitive Guide to E-mail Management and Security, written by Kevin Beaver.

This excerpt is from Chapter 3, Understanding and Preventing Spam, of the free e-book The Definitive Guide to E-mail Management and Security written by Kevin Beaver, published by and available at

What's the big deal about spam?

In a nutshell, spam costs organizations time, money and overall end user productivity. In addition, if spam isn't dealt with properly, your end users may lose confidence in the usefulness of e-mail. Although there is no simple fix for the spam problems we're having, spam cannot be ignored.

Scary spam statistics

Before we delve too far into this chapter, the following list highlights some of my favorite spam statistics that I think will get your attention:

  • Spam comprises 55.1 percent of all e-mails (Source: MessageLabs' May 2003 Monthly E-mail Security Report)
  • Microsoft claims that spam accounts for 80 percent of all Hotmail messages
  • 90 percent of all spam received by Internet users in North America and Europe is sent by less than 200 spam outfits (Source: Spamhaus Project)
  • According to a study performed by the Federal Trade Commission, two-thirds of spam contains false claims, 96 percent of spam offering business and investment opportunities contain false claims, and 48 percent of spam promoting health services or products contains false information.
  • One day in early 2003, AOL blocked 1 billion spam messages; its previous high was 780 million blocked spam messages in one day (Source: Direct Newsline)
  • 4.9 trillion spam messages are projected to be sent in 2003 (Source: Radacati Group)

Example estimated cost of spam

These statistics justify the war on spam. However, let's look at a real-world example of what spam could actually cost an individual organization. Say the average corporate user receives 50 e-mails per day (both legitimate e-mails and spam) Monday thru Friday and another 50 e-mails over each weekend for a total of 300 e-mails per week or 15,600 per year. These numbers are fairly conservative, and your spam numbers may vary. (Some reports state that as much as 70 percent or more of e-mail is spam, but I've seen numbers as low as 30 percent.) Let's take a good even number of 50 percent for this example. Given that on average, half of all e-mail is spam, we have a total of 7800 spam messages a year for the average user!

Next, consider how long each user takes to tend to individual spam messages -- let's say a very conservative two seconds to handle each one; thus, the user consumes 4.33 hours per year dealing with spam! If you conservatively estimate that the average user costs the organization $40 per hour with salary and benefits, the company is losing $173.33 per user per year (for the average user).

This amount might seem fairly harmless for smaller organizations that have 10 or so employees, but when you start thinking about organizations that have 100, 1,000 or 10,000+ employees, spam costs become a serious problem over time. These numbers add up to $173,333.33 in one year for a 1,000-employee organization.

Taking this estimate a step further, let's look at the computer hardware that's required to support these kinds of numbers. Let's assume that, based on my non-scientific research, the average spam message is around 5KB in size. Based on the average user receiving 7,800 spam messages a year, spam adds up to 38MB of clutter making its way to your e-mail server or the end user's local hard drive every year. Again, 38MB doesn't seem so bad for one or even 10 users, but scale it up to 1,000 or more and these organizations now have a serious storage issue on their hands -— 38GB of storage space for a 1000-user network over one year! There's also the issue of backup media space that's required and overall network bandwidth that's being wasted.

> Read the rest of this excerpt from Chapter 3, Understanding and Preventing Spam.

This was last published in July 2003

Dig Deeper on Network Monitoring

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.