Back to article

Spam Cleaning with the Big Boys

Surviving the Deluge

November 10, 2003

You think you've got spam problems with a hundred or so spam messages a day? Try being an ISP or a business where on a good day you don't get more than a one hundred thousand spam mails a day.

You can't believe it's that much. Think again. How bad is it? Ferris Research, a San Francisco- and London-based email and groupware analysis firm, says that 30% of inbound email is spam at ISPs, while at companies, spam accounts for 15% to 20% of inbound email. "In 2002," Ferris says, "the total cost of spam to corporate organizations in the United States was $8.9 billion."

Since that Ferris study, things have only gotten worse. According to ISP and business mail administrators I've spoken with, ISP inbound mail is now up to 50% junk mail, while corporations e-mail servers are up to a rather horrifying 30%. In addition, it's only going to get worse, the Coalition against Unsolicited Bulk Email, Australia, estimates that spam's volume is doubling every 4.5 months.

So what can you do, when your network bandwidth is eaten alive by spammers, your users are screaming for relief, and your mail server hard drives are always running close to their limit? What most ISPs and companies are doing is deploying gateway anti-spam programs.

Specifically, ISPs tend to deploy SpamAssassin, a powerful open source mail-filtering program, while businesses tend to use commercial programs like Brightmail Anti-Spam 5.1 or MailFrontier Anti-Spam Gateway 2.1.

You could, of course, install client-based programs like Norton AntiSpam 2004 or Qurb 2, but that's not a great idea for two reasons.

The first is simply that client-based approaches cost more, much more, per user than a server-based solution. The other, and really the more important reason, is that supporting them will cost you even more in terms of help desk time.

Thus, while client based solutions are fine for individual users or even small businesses, they simply don't scale well for ISPs or medium to big businesses.

Regardless of the gateway program, this kind of software always has some things in common. They must run on boxes of their own. You can't run them on the same box as the mail server no matter whether you're running Sendmail or Exchange 2000.

Next, you should take the memory requirements for any given program, and double it on your production machines. It's not that they won't run properly, they will. However, you'll need every KB of RAM you can get these programs to quickly weed out the bad mail. These processes take up a lot of RAM, and remember, the spam load is only going to get higher, much higher, in the coming year.

To only keep the mail moving in a timely fashion, you'll also need as fast a connection as you can get between your spam killer and your Internet gateway and e-mail server. If you've been thinking about moving to Gigabit Ethernet, well, beating spam is a better reason than most for the upgrade.