The Challenge: Junk e-mail is becoming a big problem, as spammers clog inboxes with dubious offerings from weight-loss remedies to cheap Viagra. For institutions, the challenge is filtering out the fluff without deleting important correspondence.
Jeff Griffin hates spam. "Spam doesn't discriminate. It's a problem across every e-mail account," says the director of information technology at the Audax Group, a private equity firm with offices in Boston and New York.
Audax has about $1 billion in assets under management in private equity investing and mezzanine financing. Griffin says its 65 employees are "all on e-mail and heavily use BlackBerrys," a hand-held device coveted by many on Wall Street built by technology firm Research in Motion. "E-mail is the most important application here," he says, noting that "instantaneous communication is the key to our success. It's a high priority."
However, spam was starting to get in the way of that success and bogging down the firm's e-mail system, so a few years ago Griffin began using an internal-filter system to weed out unwanted missives.
It was installed on Audax's mail servers and had to be manually managed by its three-person IT shop.
The IT staff would constantly fine-tune the filters to capture and quarantine spam. While it was effective at reducing the amount of junk mail that got through, the problem was that maintaining the system and keeping the filters up to date with the latest spam tricks was "very labor intensive and difficult to do right."
That's because spammers are not static. Their tactics shift and their methods for deploying spam are in a constant state of flux. So the IT department was constantly tinkering with the filter configuration, which were based on words, phrases and e-mail addresses. As well, they would subscribe to publicly available real-time blackhole lists, which contain server IP from ISPs whose customers are sending out spam or IP addresses, or servers that have been highjacked for spam routing. While helpful, Griffin says that blacklists are "not 100 percent reliable."
Despite his IT team's best efforts, spam was still getting through and there was the constant concern of false positives, where an e-mail identified as spam is quarantined, but actually turns out to be an important message someone requires.
Moreover, it wasn't a "self-serve" system that end users could tweak, so the IT department was constantly called upon to help staff find messages and draw items down from quarantine. Griffin says it had become "unbearable for a lot of our users."
So Griffin set out to find another solution. He had read about some products that offered outsourcing services in industry publications and noticed that Redwood City, Calif.-based Postini, had consistently scored well. "One thing that caught my eye was that it had an ASP model. It wouldn't require me to buy a product and put it in here."
Postini is one of a growing number of firms that provide e-mail security and management services to help corporations deal with spam. Firms in this space which have an increasing presence within financial-services firms include New York City-based MessageLabs, San Francisco-based Brightmail and Redwood City, Calif.-based Tumbleweed Communications.
As the spam problem worsens, more financial institutions are looking for solutions.
The extent of the spam problem varies widely. The Radicati Group, a Palo Alto, Calif.-based research firm that tracks spam, estimates that 45 percent of all messages are currently spam. It expects that number to hit 70 percent by 2007.
However, some of the e-mail filtering companies have already seen spam surpass those numbers. In December, MessageLabs reported about 62.7 percent of the traffic over its systems was spam. Postini's recent figures suggest that 77.9 percent of e-mails are spam, while Brightmail reports that 58 percent of the e-mails it filtered were spam. That's up from 42 percent a year ago.
But it's not just spam that's a problem. A growing percentage of the e-mail traffic also contains viruses. In December 2003, MessageLabs found that one of 158 e-mails contained a virus. The ratio for financial services in the U.S. was one in 188.
Pornography is also a problem, with one in every 2,400 e-mails containing attachments with possible pornographic images.